From sle-security-updates at lists.suse.com Fri Aug 1 17:04:19 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 2 Aug 2014 01:04:19 +0200 (CEST) Subject: SUSE-SU-2014:0960-1: important: Security update for Mozilla Firefox Message-ID: <20140801230419.3DA693209B@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0960-1 Rating: important References: #887746 Cross-References: CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release: * CVE-2014-1544 - https://www.mozilla.org/security/announce/2014/mfsa2014-63.html * CVE-2014-1548 - https://www.mozilla.org/security/announce/2014/mfsa2014-56.html * CVE-2014-1549 - https://www.mozilla.org/security/announce/2014/mfsa2014-57.html * CVE-2014-1550 - https://www.mozilla.org/security/announce/2014/mfsa2014-58.html * CVE-2014-1551 - https://www.mozilla.org/security/announce/2014/mfsa2014-59.html * CVE-2014-1552 - https://www.mozilla.org/security/announce/2014/mfsa2014-66.html * CVE-2014-1555 - https://www.mozilla.org/security/announce/2014/mfsa2014-61.html * CVE-2014-1556 - https://www.mozilla.org/security/announce/2014/mfsa2014-62.html * CVE-2014-1557 - https://www.mozilla.org/security/announce/2014/mfsa2014-64.html * CVE-2014-1558, CVE-2014-1559, CVE-2014-1560 - https://www.mozilla.org/security/announce/2014/mfsa2014-65.html * CVE-2014-1561 - https://www.mozilla.org/security/announce/2014/mfsa2014-60.html Security Issues: * CVE-2014-1557 * CVE-2014-1547 * CVE-2014-1548 * CVE-2014-1556 * CVE-2014-1544 * CVE-2014-1555 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201407-9569 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201407-9569 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201407-9569 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201407-9555 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201407-9554 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201407-9569 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.2]: MozillaFirefox-devel-24.7.0esr-0.8.2 mozilla-nss-devel-3.16.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.7.0esr and 3.16.2]: MozillaFirefox-24.7.0esr-0.8.2 MozillaFirefox-translations-24.7.0esr-0.8.2 libfreebl3-3.16.2-0.8.1 libsoftokn3-3.16.2-0.8.1 mozilla-nss-3.16.2-0.8.1 mozilla-nss-tools-3.16.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.16.2]: libfreebl3-32bit-3.16.2-0.8.1 libsoftokn3-32bit-3.16.2-0.8.1 mozilla-nss-32bit-3.16.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.7.0esr and 3.16.2]: MozillaFirefox-24.7.0esr-0.8.2 MozillaFirefox-translations-24.7.0esr-0.8.2 libfreebl3-3.16.2-0.8.1 libsoftokn3-3.16.2-0.8.1 mozilla-nss-3.16.2-0.8.1 mozilla-nss-tools-3.16.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.16.2]: libfreebl3-32bit-3.16.2-0.8.1 libsoftokn3-32bit-3.16.2-0.8.1 mozilla-nss-32bit-3.16.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.16.2]: libfreebl3-x86-3.16.2-0.8.1 libsoftokn3-x86-3.16.2-0.8.1 mozilla-nss-x86-3.16.2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 24.7.0esr and 3.16.2]: MozillaFirefox-24.7.0esr-0.3.1 MozillaFirefox-translations-24.7.0esr-0.3.1 libfreebl3-3.16.2-0.3.1 mozilla-nss-3.16.2-0.3.1 mozilla-nss-devel-3.16.2-0.3.1 mozilla-nss-tools-3.16.2-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.16.2]: libfreebl3-32bit-3.16.2-0.3.1 mozilla-nss-32bit-3.16.2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 24.7.0esr and 3.16.2]: MozillaFirefox-24.7.0esr-0.3.1 MozillaFirefox-translations-24.7.0esr-0.3.1 libfreebl3-3.16.2-0.3.1 mozilla-nss-3.16.2-0.3.1 mozilla-nss-tools-3.16.2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16.2]: libfreebl3-32bit-3.16.2-0.3.1 mozilla-nss-32bit-3.16.2-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.16.2]: mozilla-nss-3.16.2-0.5.1 mozilla-nss-devel-3.16.2-0.5.1 mozilla-nss-tools-3.16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.16.2]: mozilla-nss-32bit-3.16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-24.7.0esr-0.5.1 MozillaFirefox-translations-24.7.0esr-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.16.2]: mozilla-nss-3.16.2-0.5.1 mozilla-nss-devel-3.16.2-0.5.1 mozilla-nss-tools-3.16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.16.2]: mozilla-nss-32bit-3.16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x): MozillaFirefox-24.7.0esr-0.5.1 MozillaFirefox-translations-24.7.0esr-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.7.0esr and 3.16.2]: MozillaFirefox-24.7.0esr-0.8.2 MozillaFirefox-translations-24.7.0esr-0.8.2 libfreebl3-3.16.2-0.8.1 libsoftokn3-3.16.2-0.8.1 mozilla-nss-3.16.2-0.8.1 mozilla-nss-tools-3.16.2-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.16.2]: libfreebl3-32bit-3.16.2-0.8.1 libsoftokn3-32bit-3.16.2-0.8.1 mozilla-nss-32bit-3.16.2-0.8.1 References: http://support.novell.com/security/cve/CVE-2014-1544.html http://support.novell.com/security/cve/CVE-2014-1547.html http://support.novell.com/security/cve/CVE-2014-1548.html http://support.novell.com/security/cve/CVE-2014-1555.html http://support.novell.com/security/cve/CVE-2014-1556.html http://support.novell.com/security/cve/CVE-2014-1557.html https://bugzilla.novell.com/887746 http://download.suse.com/patch/finder/?keywords=196914b4be33c9d122303fc5b0d25025 http://download.suse.com/patch/finder/?keywords=2d6344b3abcf62e1e68e8c9dda3fd4c4 http://download.suse.com/patch/finder/?keywords=a771192da5dca3c7e01bde7b62b1e0fd http://download.suse.com/patch/finder/?keywords=aeabea2b6efdbb9fcccb116e66006d7c http://download.suse.com/patch/finder/?keywords=f2f8ae117761a6715e1f6766fd35660f From sle-security-updates at lists.suse.com Mon Aug 4 11:04:19 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 4 Aug 2014 19:04:19 +0200 (CEST) Subject: SUSE-SU-2014:0961-1: important: Security update for openjdk Message-ID: <20140804170420.00F90320B7@maintenance.suse.de> SUSE Security Update: Security update for openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0961-1 Rating: important References: #887530 Cross-References: CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4247 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 CVE-2014-4268 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. It includes one version update. Description: This Critical Patch Update contains 20 new security fixes for Oracle Java SE. All of these vulnerabilities could have been remotely exploitable without authentication, i.e., could be exploited over a network without the need for a username and password. Security Issues: * CVE-2014-4227 * CVE-2014-4219 * CVE-2014-2490 * CVE-2014-4216 * CVE-2014-4247 * CVE-2014-2483 * CVE-2014-4223 * CVE-2014-4262 * CVE-2014-4209 * CVE-2014-4265 * CVE-2014-4220 * CVE-2014-4218 * CVE-2014-4252 * CVE-2014-4266 * CVE-2014-4268 * CVE-2014-4264 * CVE-2014-4221 * CVE-2014-4244 * CVE-2014-4263 * CVE-2014-4208 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-9543 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.7.0.65]: java-1_7_0-openjdk-1.7.0.65-0.7.4 java-1_7_0-openjdk-demo-1.7.0.65-0.7.4 java-1_7_0-openjdk-devel-1.7.0.65-0.7.4 References: http://support.novell.com/security/cve/CVE-2014-2483.html http://support.novell.com/security/cve/CVE-2014-2490.html http://support.novell.com/security/cve/CVE-2014-4208.html http://support.novell.com/security/cve/CVE-2014-4209.html http://support.novell.com/security/cve/CVE-2014-4216.html http://support.novell.com/security/cve/CVE-2014-4218.html http://support.novell.com/security/cve/CVE-2014-4219.html http://support.novell.com/security/cve/CVE-2014-4220.html http://support.novell.com/security/cve/CVE-2014-4221.html http://support.novell.com/security/cve/CVE-2014-4223.html http://support.novell.com/security/cve/CVE-2014-4227.html http://support.novell.com/security/cve/CVE-2014-4244.html http://support.novell.com/security/cve/CVE-2014-4247.html http://support.novell.com/security/cve/CVE-2014-4252.html http://support.novell.com/security/cve/CVE-2014-4262.html http://support.novell.com/security/cve/CVE-2014-4263.html http://support.novell.com/security/cve/CVE-2014-4264.html http://support.novell.com/security/cve/CVE-2014-4265.html http://support.novell.com/security/cve/CVE-2014-4266.html http://support.novell.com/security/cve/CVE-2014-4268.html https://bugzilla.novell.com/887530 http://download.suse.com/patch/finder/?keywords=74138caa13d284bb5cbd73e4f768e2e8 From sle-security-updates at lists.suse.com Wed Aug 6 17:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Aug 2014 01:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0967-1: important: Security update for the Apache Web Server Message-ID: <20140806230414.73823320B9@maintenance.suse.de> SUSE Security Update: Security update for the Apache Web Server ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0967-1 Rating: important References: #859916 #869105 #869106 #887765 #887768 Cross-References: CVE-2013-6438 CVE-2014-0098 CVE-2014-0226 CVE-2014-0231 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Apache Web Server provides the following fixes: * Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226) * Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438) * Correction to parsing of cookie content; this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098) * ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect prevent request workers to be eaten until starvation if cgi programs do not send output back to the server within the timeout set by CGIDScriptTimeout. (bnc#887768, CVE-2014-0231) Security Issues references: * CVE-2014-0226 * CVE-2013-6438 * CVE-2014-0098 * CVE-2014-0231 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-9542 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-9542 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-9542 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.46.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-2.2.12-1.46.1 apache2-doc-2.2.12-1.46.1 apache2-example-pages-2.2.12-1.46.1 apache2-prefork-2.2.12-1.46.1 apache2-utils-2.2.12-1.46.1 apache2-worker-2.2.12-1.46.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-2.2.12-1.46.1 apache2-doc-2.2.12-1.46.1 apache2-example-pages-2.2.12-1.46.1 apache2-prefork-2.2.12-1.46.1 apache2-utils-2.2.12-1.46.1 apache2-worker-2.2.12-1.46.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.46.1 apache2-doc-2.2.12-1.46.1 apache2-example-pages-2.2.12-1.46.1 apache2-prefork-2.2.12-1.46.1 apache2-utils-2.2.12-1.46.1 apache2-worker-2.2.12-1.46.1 References: http://support.novell.com/security/cve/CVE-2013-6438.html http://support.novell.com/security/cve/CVE-2014-0098.html http://support.novell.com/security/cve/CVE-2014-0226.html http://support.novell.com/security/cve/CVE-2014-0231.html https://bugzilla.novell.com/859916 https://bugzilla.novell.com/869105 https://bugzilla.novell.com/869106 https://bugzilla.novell.com/887765 https://bugzilla.novell.com/887768 http://download.suse.com/patch/finder/?keywords=829ba0775cf41b675d6b37e956e1fda6 From sle-security-updates at lists.suse.com Fri Aug 8 11:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 8 Aug 2014 19:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0972-1: moderate: Security update for apache2-mod_security2 Message-ID: <20140808170414.13A5F320BC@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0972-1 Rating: moderate References: #871309 Cross-References: CVE-2013-5705 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This apache2-mod_security2 update fixes the following security issue: * bnc#871309: bypass of intended rules via chunked requests (CVE-2013-5705) Security Issues: * CVE-2013-5705 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_security2-9585 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_security2-9585 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_security2-2.7.1-0.2.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_security2-2.7.1-0.2.18.1 References: http://support.novell.com/security/cve/CVE-2013-5705.html https://bugzilla.novell.com/871309 http://download.suse.com/patch/finder/?keywords=99a5035c2783430758850ba4494fa2a6 From sle-security-updates at lists.suse.com Mon Aug 11 11:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 11 Aug 2014 19:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0988-1: moderate: Security update for openstack-keystone Message-ID: <20140811170414.1EA0432195@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0988-1 Rating: moderate References: #885798 Cross-References: CVE-2014-3520 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update for openstack-keystone includes the following fixes: * Ensure that in v2 auth tenant_id matches trust. (bnc#885798, CVE-2014-352) Security Issues: * CVE-2014-3520 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-keystone-9513 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.4.dev6.g96d9bcf]: openstack-keystone-2013.2.4.dev6.g96d9bcf-0.7.1 python-keystone-2013.2.4.dev6.g96d9bcf-0.7.1 - SUSE Cloud 3 (noarch) [New Version: 2013.2.4.dev6.g96d9bcf]: openstack-keystone-doc-2013.2.4.dev6.g96d9bcf-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3520.html https://bugzilla.novell.com/885798 http://download.suse.com/patch/finder/?keywords=e7353fd44c2f1f2d24e594febb27d44f From sle-security-updates at lists.suse.com Mon Aug 11 11:04:29 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 11 Aug 2014 19:04:29 +0200 (CEST) Subject: SUSE-SU-2014:0989-1: moderate: Security update for krb5 Message-ID: <20140811170429.110DC32195@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0989-1 Rating: moderate References: #886016 #888697 Cross-References: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The following security issues have been fixed in kerberos 5: * CVE-2014-4341, CVE-2014-4342: Two denial of service flaws when handling RFC 1964 tokens. * CVE-2014-4343, CVE-2014-4344: Multiple flaws in SPNEGO. Security Issues: * CVE-2014-4341 * CVE-2014-4342 * CVE-2014-4343 * CVE-2014-4344 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-krb5-9564 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-krb5-9564 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-krb5-9564 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-krb5-9564 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.60.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.60.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): krb5-server-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): krb5-1.6.3-133.49.60.1 krb5-apps-clients-1.6.3-133.49.60.1 krb5-apps-servers-1.6.3-133.49.60.1 krb5-client-1.6.3-133.49.60.1 krb5-plugin-kdb-ldap-1.6.3-133.49.60.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.60.1 krb5-server-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): krb5-32bit-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): krb5-doc-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.60.1 krb5-apps-clients-1.6.3-133.49.60.1 krb5-apps-servers-1.6.3-133.49.60.1 krb5-client-1.6.3-133.49.60.1 krb5-plugin-kdb-ldap-1.6.3-133.49.60.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.60.1 krb5-server-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): krb5-doc-1.6.3-133.49.60.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): krb5-x86-1.6.3-133.49.60.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): krb5-1.6.3-133.49.60.1 krb5-client-1.6.3-133.49.60.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): krb5-32bit-1.6.3-133.49.60.1 References: http://support.novell.com/security/cve/CVE-2014-4341.html http://support.novell.com/security/cve/CVE-2014-4342.html http://support.novell.com/security/cve/CVE-2014-4343.html http://support.novell.com/security/cve/CVE-2014-4344.html https://bugzilla.novell.com/886016 https://bugzilla.novell.com/888697 http://download.suse.com/patch/finder/?keywords=2e70ab20e66d9d98f150b323082a1ad8 From sle-security-updates at lists.suse.com Tue Aug 12 17:04:48 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 01:04:48 +0200 (CEST) Subject: SUSE-SU-2014:0993-1: moderate: Security update for oracle-update Message-ID: <20140812230448.9504A32194@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0993-1 Rating: moderate References: #887569 Cross-References: CVE-2013-3751 CVE-2013-3774 CVE-2014-4236 CVE-2014-4237 CVE-2014-4245 Affected Products: SUSE Manager Server SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This critical patch update contains 5 security fixes for the Oracle Database Server. One of the vulnerabilities could have been exploited over the network without a valid username and password. Security Issues: * CVE-2013-3751 * CVE-2013-3774 * CVE-2014-4236 * CVE-2014-4237 * CVE-2014-4245 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-oracle-update-9527 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-oracle-update-9526 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64): oracle-update-1.7-0.27.3 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): oracle-update-1.7-0.27.1 References: http://support.novell.com/security/cve/CVE-2013-3751.html http://support.novell.com/security/cve/CVE-2013-3774.html http://support.novell.com/security/cve/CVE-2014-4236.html http://support.novell.com/security/cve/CVE-2014-4237.html http://support.novell.com/security/cve/CVE-2014-4245.html https://bugzilla.novell.com/887569 http://download.suse.com/patch/finder/?keywords=088373f58bac47df3488d15a3ee58d2f http://download.suse.com/patch/finder/?keywords=62ab2041714cf67cc34ef0ee1c6ff211 From sle-security-updates at lists.suse.com Tue Aug 12 17:05:06 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 01:05:06 +0200 (CEST) Subject: SUSE-SU-2014:0994-1: moderate: Security update for rubygem-activerecord-2_3 Message-ID: <20140812230506.6B0CC32194@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0994-1 Rating: moderate References: #885636 Cross-References: CVE-2014-3482 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activerecord-2_3 fixes the following security issue: * The PostgreSQL adapter for Active Record in Ruby on Rails 2.x allowed remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. (CVE-2014-3482) Security Issue references: * CVE-2014-3482 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rubygem-activerecord-2_3-9529 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): rubygem-activerecord-2_3-2.3.17-0.15.1 References: http://support.novell.com/security/cve/CVE-2014-3482.html https://bugzilla.novell.com/885636 http://download.suse.com/patch/finder/?keywords=1eb2a68f415a0a8df5775b6aa2f7bfcb From sle-security-updates at lists.suse.com Tue Aug 12 19:04:15 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 03:04:15 +0200 (CEST) Subject: SUSE-SU-2014:0996-1: moderate: Security update for python-Jinja2 Message-ID: <20140813010415.B746732195@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0996-1 Rating: moderate References: #858239 Cross-References: CVE-2014-1402 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue has been fixed: * #858239: CVE-2014-1402: python-Jinja2: arbitrary code execution vulnerability Security Issues: * CVE-2014-1402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-python-Jinja2-9544 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): python-Jinja2-2.6-2.14.1 References: http://support.novell.com/security/cve/CVE-2014-1402.html https://bugzilla.novell.com/858239 http://download.suse.com/patch/finder/?keywords=fdb6f29d73cd72c6e94f0df350346622 From sle-security-updates at lists.suse.com Tue Aug 12 20:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 04:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0997-1: moderate: Security update for Python Message-ID: <20140813020414.19F6E3219A@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0997-1 Rating: moderate References: #827982 #834601 #847135 #856836 #859068 #863741 #872848 #885882 Cross-References: CVE-2013-1752 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. It includes one version update. Description: Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues: * SSL Root Certificate validation is now enabled by default. (bnc#827982) * Fixed a overflow in socket.recvfrom_into where incorrect python programs could have been exploited remotely via a buffer overrun. (CVE-2014-1912) * Multiple unbound readline() DoS flaws in python stdlib have been fixed. (CVE-2013-1752) * Handling of embedded \0 in SSL certificate fields has been fixed. (CVE-2013-4238) * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters has been fixed. (CVE-2014-4650) Additionally, the following non-security issues have been fixed: * Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. (bnc#859068) * Fix usage of MD5 in hmac module when the cipher is not available in FIPS mode. (bnc#847135) * Update 'urlparse' module to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2013-4238 * CVE-2014-1912 * CVE-2013-1752 * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-python-201408-9580 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-python-201408-9578 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 References: http://support.novell.com/security/cve/CVE-2013-1752.html http://support.novell.com/security/cve/CVE-2013-4238.html http://support.novell.com/security/cve/CVE-2014-1912.html http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/827982 https://bugzilla.novell.com/834601 https://bugzilla.novell.com/847135 https://bugzilla.novell.com/856836 https://bugzilla.novell.com/859068 https://bugzilla.novell.com/863741 https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=3734a6c4dfebe291c8b56ac4755caac3 http://download.suse.com/patch/finder/?keywords=faa004881aeeffec0fab415382594ba8 From sle-security-updates at lists.suse.com Tue Aug 12 21:04:20 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 05:04:20 +0200 (CEST) Subject: SUSE-SU-2014:0998-1: moderate: Security update for Python Message-ID: <20140813030420.9E36E321A1@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0998-1 Rating: moderate References: #872848 #885882 Cross-References: CVE-2014-4650 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-201408-9581 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: python-devel-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.6.9]: python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 2.6.9]: python-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 2.6.9]: libpython2_6-1_0-x86-2.6.9-0.31.1 python-base-x86-2.6.9-0.31.1 python-x86-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 References: http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=a25e8571f7c3786aa6e0a05c8459a0dd From sle-security-updates at lists.suse.com Tue Aug 12 22:04:39 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 06:04:39 +0200 (CEST) Subject: SUSE-SU-2014:0999-1: Security update for pulseaudio Message-ID: <20140813040439.2076E321A1@maintenance.suse.de> SUSE Security Update: Security update for pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0999-1 Rating: low References: #881524 Cross-References: CVE-2014-3970 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpulse-browse0-9568 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-devel-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpulse0-x86-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-bluetooth-0.9.23-0.15.1 pulseaudio-module-gconf-0.9.23-0.15.1 pulseaudio-module-jack-0.9.23-0.15.1 pulseaudio-module-lirc-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpulse0-32bit-0.9.23-0.15.1 References: http://support.novell.com/security/cve/CVE-2014-3970.html https://bugzilla.novell.com/881524 http://download.suse.com/patch/finder/?keywords=3e53e4386106a97356ffe0050c757578 From sle-security-updates at lists.suse.com Wed Aug 13 06:41:06 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:41:06 +0200 (CEST) Subject: SUSE-SU-2014:1001-1: Security update for pulseaudio Message-ID: <20140813124106.CBE2D321AF@maintenance.suse.de> SUSE Security Update: Security update for pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1001-1 Rating: low References: #881524 Cross-References: CVE-2014-3970 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpulse-browse0-9568 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-devel-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpulse0-x86-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-bluetooth-0.9.23-0.15.1 pulseaudio-module-gconf-0.9.23-0.15.1 pulseaudio-module-jack-0.9.23-0.15.1 pulseaudio-module-lirc-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpulse0-32bit-0.9.23-0.15.1 References: http://support.novell.com/security/cve/CVE-2014-3970.html https://bugzilla.novell.com/881524 http://download.suse.com/patch/finder/?keywords=3e53e4386106a97356ffe0050c757578 From sle-security-updates at lists.suse.com Wed Aug 13 06:43:46 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:43:46 +0200 (CEST) Subject: SUSE-SU-2014:1003-1: Security update for pulseaudio Message-ID: <20140813124346.51CC5321A5@maintenance.suse.de> SUSE Security Update: Security update for pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1003-1 Rating: low References: #881524 Cross-References: CVE-2014-3970 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpulse-browse0-9568 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-devel-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpulse0-x86-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-bluetooth-0.9.23-0.15.1 pulseaudio-module-gconf-0.9.23-0.15.1 pulseaudio-module-jack-0.9.23-0.15.1 pulseaudio-module-lirc-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpulse0-32bit-0.9.23-0.15.1 References: http://support.novell.com/security/cve/CVE-2014-3970.html https://bugzilla.novell.com/881524 http://download.suse.com/patch/finder/?keywords=3e53e4386106a97356ffe0050c757578 From sle-security-updates at lists.suse.com Wed Aug 13 06:44:18 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:44:18 +0200 (CEST) Subject: SUSE-SU-2014:1005-1: moderate: Security update for Python Message-ID: <20140813124418.4A11D321A5@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1005-1 Rating: moderate References: #872848 #885882 Cross-References: CVE-2014-4650 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-201408-9581 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: python-devel-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.6.9]: python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 2.6.9]: python-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 2.6.9]: libpython2_6-1_0-x86-2.6.9-0.31.1 python-base-x86-2.6.9-0.31.1 python-x86-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 References: http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=a25e8571f7c3786aa6e0a05c8459a0dd From sle-security-updates at lists.suse.com Wed Aug 13 06:45:01 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:45:01 +0200 (CEST) Subject: SUSE-SU-2014:1006-1: moderate: Security update for Python Message-ID: <20140813124501.F2345321A4@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1006-1 Rating: moderate References: #827982 #834601 #847135 #856836 #859068 #863741 #872848 #885882 Cross-References: CVE-2013-1752 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. It includes one version update. Description: Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues: * SSL Root Certificate validation is now enabled by default. (bnc#827982) * Fixed a overflow in socket.recvfrom_into where incorrect python programs could have been exploited remotely via a buffer overrun. (CVE-2014-1912) * Multiple unbound readline() DoS flaws in python stdlib have been fixed. (CVE-2013-1752) * Handling of embedded \0 in SSL certificate fields has been fixed. (CVE-2013-4238) * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters has been fixed. (CVE-2014-4650) Additionally, the following non-security issues have been fixed: * Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. (bnc#859068) * Fix usage of MD5 in hmac module when the cipher is not available in FIPS mode. (bnc#847135) * Update 'urlparse' module to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2013-4238 * CVE-2014-1912 * CVE-2013-1752 * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-python-201408-9580 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-python-201408-9578 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 References: http://support.novell.com/security/cve/CVE-2013-1752.html http://support.novell.com/security/cve/CVE-2013-4238.html http://support.novell.com/security/cve/CVE-2014-1912.html http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/827982 https://bugzilla.novell.com/834601 https://bugzilla.novell.com/847135 https://bugzilla.novell.com/856836 https://bugzilla.novell.com/859068 https://bugzilla.novell.com/863741 https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=3734a6c4dfebe291c8b56ac4755caac3 http://download.suse.com/patch/finder/?keywords=faa004881aeeffec0fab415382594ba8 From sle-security-updates at lists.suse.com Wed Aug 13 06:46:25 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:46:25 +0200 (CEST) Subject: SUSE-SU-2014:1007-1: Security update for pulseaudio Message-ID: <20140813124625.1C48B321A2@maintenance.suse.de> SUSE Security Update: Security update for pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1007-1 Rating: low References: #881524 Cross-References: CVE-2014-3970 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpulse-browse0-9568 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-devel-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpulse0-x86-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-bluetooth-0.9.23-0.15.1 pulseaudio-module-gconf-0.9.23-0.15.1 pulseaudio-module-jack-0.9.23-0.15.1 pulseaudio-module-lirc-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpulse0-32bit-0.9.23-0.15.1 References: http://support.novell.com/security/cve/CVE-2014-3970.html https://bugzilla.novell.com/881524 http://download.suse.com/patch/finder/?keywords=3e53e4386106a97356ffe0050c757578 From sle-security-updates at lists.suse.com Wed Aug 13 06:47:33 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:47:33 +0200 (CEST) Subject: SUSE-SU-2014:1009-1: moderate: Security update for Python Message-ID: <20140813124733.D9B45321A2@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1009-1 Rating: moderate References: #872848 #885882 Cross-References: CVE-2014-4650 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-201408-9581 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: python-devel-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.6.9]: python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 2.6.9]: python-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 2.6.9]: libpython2_6-1_0-x86-2.6.9-0.31.1 python-base-x86-2.6.9-0.31.1 python-x86-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 References: http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=a25e8571f7c3786aa6e0a05c8459a0dd From sle-security-updates at lists.suse.com Wed Aug 13 06:53:24 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:53:24 +0200 (CEST) Subject: SUSE-SU-2014:1010-1: moderate: Security update for python-Jinja2 Message-ID: <20140813125324.A64213218E@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1010-1 Rating: moderate References: #858239 Cross-References: CVE-2014-1402 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue has been fixed: * #858239: CVE-2014-1402: python-Jinja2: arbitrary code execution vulnerability Security Issues: * CVE-2014-1402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-python-Jinja2-9544 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): python-Jinja2-2.6-2.14.1 References: http://support.novell.com/security/cve/CVE-2014-1402.html https://bugzilla.novell.com/858239 http://download.suse.com/patch/finder/?keywords=fdb6f29d73cd72c6e94f0df350346622 From sle-security-updates at lists.suse.com Wed Aug 13 06:53:43 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:53:43 +0200 (CEST) Subject: SUSE-SU-2014:1011-1: moderate: Security update for Python Message-ID: <20140813125343.17FE23218E@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1011-1 Rating: moderate References: #872848 #885882 Cross-References: CVE-2014-4650 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-201408-9581 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-201408-9581 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: python-devel-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.6.9]: python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 2.6.9]: python-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 2.6.9]: libpython2_6-1_0-x86-2.6.9-0.31.1 python-base-x86-2.6.9-0.31.1 python-x86-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 References: http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=a25e8571f7c3786aa6e0a05c8459a0dd From sle-security-updates at lists.suse.com Wed Aug 13 06:54:12 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 14:54:12 +0200 (CEST) Subject: SUSE-SU-2014:1012-1: moderate: Security update for Python Message-ID: <20140813125412.2136B3218E@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1012-1 Rating: moderate References: #827982 #834601 #847135 #856836 #859068 #863741 #872848 #885882 Cross-References: CVE-2013-1752 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. It includes one version update. Description: Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues: * SSL Root Certificate validation is now enabled by default. (bnc#827982) * Fixed a overflow in socket.recvfrom_into where incorrect python programs could have been exploited remotely via a buffer overrun. (CVE-2014-1912) * Multiple unbound readline() DoS flaws in python stdlib have been fixed. (CVE-2013-1752) * Handling of embedded \0 in SSL certificate fields has been fixed. (CVE-2013-4238) * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters has been fixed. (CVE-2014-4650) Additionally, the following non-security issues have been fixed: * Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. (bnc#859068) * Fix usage of MD5 in hmac module when the cipher is not available in FIPS mode. (bnc#847135) * Update 'urlparse' module to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2013-4238 * CVE-2014-1912 * CVE-2013-1752 * CVE-2014-4650 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-python-201408-9580 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-python-201408-9578 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.31.1 python-2.6.9-0.31.1 python-base-2.6.9-0.31.1 python-curses-2.6.9-0.31.1 python-demo-2.6.9-0.31.1 python-devel-2.6.9-0.31.1 python-gdbm-2.6.9-0.31.1 python-idle-2.6.9-0.31.1 python-tk-2.6.9-0.31.1 python-xml-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.31.1 python-32bit-2.6.9-0.31.1 python-base-32bit-2.6.9-0.31.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch): python-doc-2.6-8.31.1 python-doc-pdf-2.6-8.31.1 References: http://support.novell.com/security/cve/CVE-2013-1752.html http://support.novell.com/security/cve/CVE-2013-4238.html http://support.novell.com/security/cve/CVE-2014-1912.html http://support.novell.com/security/cve/CVE-2014-4650.html https://bugzilla.novell.com/827982 https://bugzilla.novell.com/834601 https://bugzilla.novell.com/847135 https://bugzilla.novell.com/856836 https://bugzilla.novell.com/859068 https://bugzilla.novell.com/863741 https://bugzilla.novell.com/872848 https://bugzilla.novell.com/885882 http://download.suse.com/patch/finder/?keywords=3734a6c4dfebe291c8b56ac4755caac3 http://download.suse.com/patch/finder/?keywords=faa004881aeeffec0fab415382594ba8 From sle-security-updates at lists.suse.com Wed Aug 13 07:04:12 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 15:04:12 +0200 (CEST) Subject: SUSE-SU-2014:1013-1: Security update for pulseaudio Message-ID: <20140813130412.43BB43218D@maintenance.suse.de> SUSE Security Update: Security update for pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1013-1 Rating: low References: #881524 Cross-References: CVE-2014-3970 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpulse-browse0-9568 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpulse-browse0-9568 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-devel-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpulse0-32bit-0.9.23-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpulse0-x86-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpulse-browse0-0.9.23-0.15.1 libpulse-mainloop-glib0-0.9.23-0.15.1 libpulse0-0.9.23-0.15.1 pulseaudio-0.9.23-0.15.1 pulseaudio-esound-compat-0.9.23-0.15.1 pulseaudio-gdm-hooks-0.9.23-0.15.1 pulseaudio-lang-0.9.23-0.15.1 pulseaudio-module-bluetooth-0.9.23-0.15.1 pulseaudio-module-gconf-0.9.23-0.15.1 pulseaudio-module-jack-0.9.23-0.15.1 pulseaudio-module-lirc-0.9.23-0.15.1 pulseaudio-module-x11-0.9.23-0.15.1 pulseaudio-module-zeroconf-0.9.23-0.15.1 pulseaudio-utils-0.9.23-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpulse0-32bit-0.9.23-0.15.1 References: http://support.novell.com/security/cve/CVE-2014-3970.html https://bugzilla.novell.com/881524 http://download.suse.com/patch/finder/?keywords=3e53e4386106a97356ffe0050c757578 From sle-security-updates at lists.suse.com Wed Aug 13 11:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 19:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1015-1: moderate: Security update for tomcat6 Message-ID: <20140813170414.42EE9321A2@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1015-1 Rating: moderate References: #844689 #865746 #880346 #880347 #880348 #881700 Cross-References: CVE-2012-3544 CVE-2013-4322 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. It includes two new package versions. Description: Tomcat has been updated to version 6.0.41, which brings security and bug fixes. The following security fixes have been fixed: * CVE-2014-0096: A XXE vulnerability via user supplied XSLTs. * CVE-2014-0099: Request smuggling via malicious content length header. * CVE-2014-0119: A XML parser hijack by malicious web application. Bugs fixed: * Socket bind fails on tomcat startup when using apr (IPV6) (bnc#881700) * classpath for org/apache/juli/logging/LogFactory (bnc#844689) Security Issues: * CVE-2013-4322 * CVE-2012-3544 * CVE-2014-0099 * CVE-2014-0096 * CVE-2014-0119 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-tomcat6-201407-9487 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-tomcat6-201407-9487 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.3.3]: libtcnative-1-0-1.3.3-12.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 6.0.41]: tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps-6.0.41-0.43.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.3.3]: libtcnative-1-0-1.3.3-12.2.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 6.0.41]: tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps-6.0.41-0.43.1 References: http://support.novell.com/security/cve/CVE-2012-3544.html http://support.novell.com/security/cve/CVE-2013-4322.html http://support.novell.com/security/cve/CVE-2014-0096.html http://support.novell.com/security/cve/CVE-2014-0099.html http://support.novell.com/security/cve/CVE-2014-0119.html https://bugzilla.novell.com/844689 https://bugzilla.novell.com/865746 https://bugzilla.novell.com/880346 https://bugzilla.novell.com/880347 https://bugzilla.novell.com/880348 https://bugzilla.novell.com/881700 http://download.suse.com/patch/finder/?keywords=51ab03c9eb3160df8b474d58f755825c From sle-security-updates at lists.suse.com Wed Aug 13 15:04:13 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Aug 2014 23:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1017-1: moderate: Security update for augeas Message-ID: <20140813210413.5E7BE321A2@maintenance.suse.de> SUSE Security Update: Security update for augeas ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1017-1 Rating: moderate References: #853044 #871323 #876044 #885003 Cross-References: CVE-2012-0786 CVE-2013-6412 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: Augeas has been updated to fix a symlink overwrite problem (CVE-2012-0786, CVE-2013-6412). Also a bug has been fixed where "augtool -s set was failing" (bnc#876044) Additionally parsing the multipath configuration has been fixed. bnc#871323 Security Issues: * CVE-2012-0786 * CVE-2013-6412 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-augeas-9574 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-augeas-9574 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-augeas-9574 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-augeas-9574 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): augeas-devel-0.9.0-3.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): augeas-0.9.0-3.15.1 augeas-lenses-0.9.0-3.15.1 libaugeas0-0.9.0-3.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): augeas-0.9.0-3.15.1 augeas-lenses-0.9.0-3.15.1 libaugeas0-0.9.0-3.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libaugeas0-0.9.0-3.15.1 References: http://support.novell.com/security/cve/CVE-2012-0786.html http://support.novell.com/security/cve/CVE-2013-6412.html https://bugzilla.novell.com/853044 https://bugzilla.novell.com/871323 https://bugzilla.novell.com/876044 https://bugzilla.novell.com/885003 http://download.suse.com/patch/finder/?keywords=106ec01bfdf9d6744262858fc5103f7b From sle-security-updates at lists.suse.com Thu Aug 14 17:04:15 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Aug 2014 01:04:15 +0200 (CEST) Subject: SUSE-SU-2014:1022-1: Security update for CUPS Message-ID: <20140814230415.B8B69321A1@maintenance.suse.de> SUSE Security Update: Security update for CUPS ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1022-1 Rating: low References: #887240 Cross-References: CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes various issues in CUPS. * CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could have lead to privilege escalation from the lp user to root. Security Issues: * CVE-2014-3537 * CVE-2014-5029 * CVE-2014-5030 * CVE-2014-5031 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cups-9561 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cups-9561 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cups-9561 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cups-9561 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): cups-devel-1.3.9-8.46.52.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cups-1.3.9-8.46.52.2 cups-client-1.3.9-8.46.52.2 cups-libs-1.3.9-8.46.52.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): cups-libs-32bit-1.3.9-8.46.52.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): cups-1.3.9-8.46.52.2 cups-client-1.3.9-8.46.52.2 cups-libs-1.3.9-8.46.52.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.52.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): cups-libs-x86-1.3.9-8.46.52.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cups-1.3.9-8.46.52.2 cups-client-1.3.9-8.46.52.2 cups-libs-1.3.9-8.46.52.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): cups-libs-32bit-1.3.9-8.46.52.2 References: http://support.novell.com/security/cve/CVE-2014-3537.html http://support.novell.com/security/cve/CVE-2014-5029.html http://support.novell.com/security/cve/CVE-2014-5030.html http://support.novell.com/security/cve/CVE-2014-5031.html https://bugzilla.novell.com/887240 http://download.suse.com/patch/finder/?keywords=fa7cdc0f2ddd300c47dbfe3a29f13b51 From sle-security-updates at lists.suse.com Thu Aug 14 17:04:39 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Aug 2014 01:04:39 +0200 (CEST) Subject: SUSE-SU-2014:1023-1: Security update for CUPS Message-ID: <20140814230439.B7863321A1@maintenance.suse.de> SUSE Security Update: Security update for CUPS ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1023-1 Rating: low References: #789566 #802408 #827109 #887240 Cross-References: CVE-2014-3537 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update fixes various issues in CUPS. * CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could lead to privilege escalation from the lp user to root. * Similar to that, this update hardens various permissions of CUPS, which could have been used by users allowed to administrate the CUPS Server to escalate privileges to "root". * CVE-2012-5519: The patch adds better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes The new ConfigurationChangeRestriction cupsd.conf directive specifies the level of restriction for cupsd.conf changes that happen via HTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or via the cupsctl command). By default certain cupsd.conf directives that deal with filenames, paths, and users can no longer be changed via requests to the running cupsd but only by manual editing the cupsd.conf file and its default file permissions permit only root to write the cupsd.conf file. Those directives are: ConfigurationChangeRestriction, AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin, ServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup, SystemGroupAuthKey, TempDir, User. The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to 'root' only. Additional bugfixes: * A trailing "@REALM" is stripped from the username for Kerberos authentication (CUPS STR#3972 bnc#827109). * The hardcoded printing delay of 5 seconds for the "socket" backend conditional only on Mac OS X which is the only platform that needs it (CUPS STR#3495 bnc#802408). Security Issues: * CVE-2014-3537 * CVE-2012-5519 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-cups-9560 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): cups-1.3.9-8.46.52.2 cups-client-1.3.9-8.46.52.2 cups-libs-1.3.9-8.46.52.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): cups-libs-32bit-1.3.9-8.46.52.2 References: http://support.novell.com/security/cve/CVE-2014-3537.html https://bugzilla.novell.com/789566 https://bugzilla.novell.com/802408 https://bugzilla.novell.com/827109 https://bugzilla.novell.com/887240 http://download.suse.com/patch/finder/?keywords=9fa4ff390778044cbd28b976bb279a78 From sle-security-updates at lists.suse.com Fri Aug 15 14:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Aug 2014 22:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1027-1: moderate: Security update for glibc Message-ID: <20140815200414.CF157321A5@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1027-1 Rating: moderate References: #882028 #886416 #887022 Cross-References: CVE-2014-0475 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This glibc update contains one security and two non security fixes: * bnc#887022: directory traversal in LC_* locale handling (CVE-2014-0475) * bnc#882028: nscd gets activated upon upgrade * bnc#886416: iconv command inserts a extra control code "0F" Security Issues: * CVE-2014-0475 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc-9587 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc-9587 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc-9587 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc-9587 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.68.1 glibc-info-2.11.3-17.68.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.68.1 glibc-devel-2.11.3-17.68.1 glibc-html-2.11.3-17.68.1 glibc-i18ndata-2.11.3-17.68.1 glibc-info-2.11.3-17.68.1 glibc-locale-2.11.3-17.68.1 glibc-profile-2.11.3-17.68.1 nscd-2.11.3-17.68.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.68.1 glibc-devel-32bit-2.11.3-17.68.1 glibc-locale-32bit-2.11.3-17.68.1 glibc-profile-32bit-2.11.3-17.68.1 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.68.1 glibc-devel-2.11.3-17.68.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.68.1 glibc-i18ndata-2.11.3-17.68.1 glibc-info-2.11.3-17.68.1 glibc-locale-2.11.3-17.68.1 glibc-profile-2.11.3-17.68.1 nscd-2.11.3-17.68.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.68.1 glibc-devel-32bit-2.11.3-17.68.1 glibc-locale-32bit-2.11.3-17.68.1 glibc-profile-32bit-2.11.3-17.68.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.68.1 glibc-profile-x86-2.11.3-17.68.1 glibc-x86-2.11.3-17.68.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.68.1 glibc-devel-2.11.3-17.68.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.68.1 glibc-locale-2.11.3-17.68.1 nscd-2.11.3-17.68.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.68.1 glibc-devel-32bit-2.11.3-17.68.1 glibc-locale-32bit-2.11.3-17.68.1 References: http://support.novell.com/security/cve/CVE-2014-0475.html https://bugzilla.novell.com/882028 https://bugzilla.novell.com/886416 https://bugzilla.novell.com/887022 http://download.suse.com/patch/finder/?keywords=ba7c8e7c417922fd7283df2106f9e011 From sle-security-updates at lists.suse.com Fri Aug 15 17:04:17 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 16 Aug 2014 01:04:17 +0200 (CEST) Subject: SUSE-SU-2014:1028-1: important: Security update for krb5 Message-ID: <20140815230417.7345F321A4@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1028-1 Rating: important References: #891082 Cross-References: CVE-2014-4345 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This MIT krb5 update fixes a buffer overrun problem in kadmind: * bnc#891082: buffer overrun in kadmind with LDAP back end (MITKRB5-SA-2014-001) (CVE-2014-4345) MIT krb5 Security Advisory 2014-001 * http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt Security Issues: * CVE-2014-4345 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-krb5-9606 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-krb5-9606 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-krb5-9606 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-krb5-9606 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.62.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.62.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): krb5-server-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): krb5-1.6.3-133.49.62.1 krb5-apps-clients-1.6.3-133.49.62.1 krb5-apps-servers-1.6.3-133.49.62.1 krb5-client-1.6.3-133.49.62.1 krb5-plugin-kdb-ldap-1.6.3-133.49.62.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.62.1 krb5-server-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): krb5-32bit-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): krb5-doc-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.62.1 krb5-apps-clients-1.6.3-133.49.62.1 krb5-apps-servers-1.6.3-133.49.62.1 krb5-client-1.6.3-133.49.62.1 krb5-plugin-kdb-ldap-1.6.3-133.49.62.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.62.1 krb5-server-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): krb5-doc-1.6.3-133.49.62.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): krb5-x86-1.6.3-133.49.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): krb5-1.6.3-133.49.62.1 krb5-client-1.6.3-133.49.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): krb5-32bit-1.6.3-133.49.62.1 References: http://support.novell.com/security/cve/CVE-2014-4345.html https://bugzilla.novell.com/891082 http://download.suse.com/patch/finder/?keywords=6d08c2f838c570a86cddae30d26cc867 From sle-security-updates at lists.suse.com Mon Aug 18 16:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Aug 2014 00:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1033-1: moderate: Security update for openssl1 Message-ID: <20140818220414.0DA01321AF@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1033-1 Rating: moderate References: #889812 #890764 #890767 #890768 #890769 #890770 Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This openssl update fixes the following security issues: * bnc#890764: Information leak in pretty printing functions (CVE-2014-3508) * bnc#890767: Double Free when processing DTLS packets (CVE-2014-3505) * bnc#890768: DTLS memory exhaustion (CVE-2014-3506) * bnc#890769: DTLS memory leak from zero-length fragments (CVE-2014-3507) * bnc#890770: DTLS anonymous EC(DH) denial of service (CVE-2014-3510) README.SuSE has been updated to give some initial development guidance on how to use and compile with OpenSSL 1.0.1. Security Issues: * CVE-2014-5139 * CVE-2014-3505 * CVE-2014-3506 * CVE-2014-3507 * CVE-2014-3508 * CVE-2014-3509 * CVE-2014-3510 * CVE-2014-3511 * CVE-2014-3512 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel-9599 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.20.1 libopenssl1_0_0-1.0.1g-0.20.1 openssl1-1.0.1g-0.20.1 openssl1-doc-1.0.1g-0.20.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.20.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.20.1 References: http://support.novell.com/security/cve/CVE-2014-3505.html http://support.novell.com/security/cve/CVE-2014-3506.html http://support.novell.com/security/cve/CVE-2014-3507.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3509.html http://support.novell.com/security/cve/CVE-2014-3510.html http://support.novell.com/security/cve/CVE-2014-3511.html http://support.novell.com/security/cve/CVE-2014-3512.html http://support.novell.com/security/cve/CVE-2014-5139.html https://bugzilla.novell.com/889812 https://bugzilla.novell.com/890764 https://bugzilla.novell.com/890767 https://bugzilla.novell.com/890768 https://bugzilla.novell.com/890769 https://bugzilla.novell.com/890770 http://download.suse.com/patch/finder/?keywords=f511564183b6f13c2dc78cf5451408d0 From sle-security-updates at lists.suse.com Mon Aug 18 17:04:21 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Aug 2014 01:04:21 +0200 (CEST) Subject: SUSE-SU-2014:1034-1: moderate: Security update for openstack-neutron Message-ID: <20140818230421.EDBF0321A4@maintenance.suse.de> SUSE Security Update: Security update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1034-1 Rating: moderate References: #887348 Cross-References: CVE-2014-3555 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: OpenStack Neutron has been updated to fix bugs and security issues: Security issue fixed: * CVE-2014-3555: openstack-neutron: Denial of Service in Neutron allowed address pair Bug Fixes and Enhancements: * Fixed dhcp & gateway ip conflict in PLUMgrid plug-in * Updated from global requirements * Ensure routing key is specified in the address for a direct producer * Improve handling of security group updates * Ensure that session is rolled back on bulk creates * Allow multiple DNS forwarders for dnsmasq * Fix get_vif_port_by_id to only return relevant ports * Remove explicit dependency on amqplib * LBaaS add missing rootwrap filter for route * NVP plugin:fix delete sec group when backend is out of sync * Kill 'Skipping unknown group key: firewall_driver' log trace * Added missing plugin .ini files to setup.cfg * OVS lib defer apply doesn't handle concurrency * Fixed floating IP logic in PLUMgrid plug-in * tests/unit: Initialize core plugin in TestL3GwModeMixin * Install SNAT rules for ipv4 only * Optionally delete name spaces when they are no longer needed * l2-population : send flooding entries when the last port goes down * l2-population/lb/vxlan : ip neigh add command failed * Fixes the Hyper-V agent individual ports metrics * Call policy.init() once per API request * Call _destroy_metadata_proxy from _destroy_router_name spaces * ml2: gre, vxlan type driver can leak segment_id Security Issues: * CVE-2014-3555 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-neutron-9567 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.4.dev93.gf569afd]: openstack-neutron-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-dhcp-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-ha-tool-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-l3-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-lbaas-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-linuxbridge-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-metadata-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-metering-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-mlnx-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-nec-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-openvswitch-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-plugin-cisco-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-ryu-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-server-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-vmware-agent-2013.2.4.dev93.gf569afd-0.7.1 openstack-neutron-vpn-agent-2013.2.4.dev93.gf569afd-0.7.1 python-neutron-2013.2.4.dev93.gf569afd-0.7.1 - SUSE Cloud 3 (noarch) [New Version: 2013.2.4.dev93.gf569afd]: openstack-neutron-doc-2013.2.4.dev93.gf569afd-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3555.html https://bugzilla.novell.com/887348 http://download.suse.com/patch/finder/?keywords=82fb0da16541b6f979190147212a9a2f From sle-security-updates at lists.suse.com Mon Aug 18 17:04:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Aug 2014 01:04:42 +0200 (CEST) Subject: SUSE-SU-2014:1035-1: important: Security update for flash-player Message-ID: <20140818230442.32E2F32195@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1035-1 Rating: important References: #891688 Cross-References: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: This flash-player update fixes the following security issues: * These updates resolve memory leakage vulnerabilities that could have been used to bypass memory address randomization (CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545). * These updates resolve a security bypass vulnerability (CVE-2014-0541). * These updates resolve a use-after-free vulnerability that could have lead to code execution (CVE-2014-0538). Find more details under http://helpx.adobe.com/security/products/flash-player/apsb14-18.html Security Issues: * CVE-2014-0538 * CVE-2014-0540 * CVE-2014-0541 * CVE-2014-0542 * CVE-2014-0543 * CVE-2014-0544 * CVE-2014-0545 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-9612 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.400]: flash-player-11.2.202.400-0.3.1 flash-player-gnome-11.2.202.400-0.3.1 flash-player-kde4-11.2.202.400-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0538.html http://support.novell.com/security/cve/CVE-2014-0540.html http://support.novell.com/security/cve/CVE-2014-0541.html http://support.novell.com/security/cve/CVE-2014-0542.html http://support.novell.com/security/cve/CVE-2014-0543.html http://support.novell.com/security/cve/CVE-2014-0544.html http://support.novell.com/security/cve/CVE-2014-0545.html https://bugzilla.novell.com/891688 http://download.suse.com/patch/finder/?keywords=45b3cfc443642a9e3f85e156ff8996b7 From sle-security-updates at lists.suse.com Tue Aug 19 16:04:15 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Aug 2014 00:04:15 +0200 (CEST) Subject: SUSE-SU-2014:1037-1: moderate: Security update for IBM Java 1.7.0 Message-ID: <20140819220415.6CC5E321B7@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.7.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1037-1 Rating: moderate References: #891701 Cross-References: CVE-2014-4208 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 CVE-2014-4266 CVE-2014-4268 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Java 11 SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: IBM Java 1.7.0 has been updated to fix 14 security issues. Security Issues: * CVE-2014-4227 * CVE-2014-4262 * CVE-2014-4219 * CVE-2014-4209 * CVE-2014-4220 * CVE-2014-4268 * CVE-2014-4218 * CVE-2014-4252 * CVE-2014-4266 * CVE-2014-4265 * CVE-2014-4221 * CVE-2014-4263 * CVE-2014-4244 * CVE-2014-4208 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-9616 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_7_0-ibm-9616 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_7_0-ibm-9616 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_7_0-ibm-9616 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr7.1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-alsa-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr7.1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr7.1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr7.1-0.5.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-devel-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr7.1-0.5.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr7.1-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr7.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-4208.html http://support.novell.com/security/cve/CVE-2014-4209.html http://support.novell.com/security/cve/CVE-2014-4218.html http://support.novell.com/security/cve/CVE-2014-4219.html http://support.novell.com/security/cve/CVE-2014-4220.html http://support.novell.com/security/cve/CVE-2014-4221.html http://support.novell.com/security/cve/CVE-2014-4227.html http://support.novell.com/security/cve/CVE-2014-4244.html http://support.novell.com/security/cve/CVE-2014-4252.html http://support.novell.com/security/cve/CVE-2014-4262.html http://support.novell.com/security/cve/CVE-2014-4263.html http://support.novell.com/security/cve/CVE-2014-4265.html http://support.novell.com/security/cve/CVE-2014-4266.html http://support.novell.com/security/cve/CVE-2014-4268.html https://bugzilla.novell.com/891701 http://download.suse.com/patch/finder/?keywords=39767f436d50cb197ecce17413b1ad0c From sle-security-updates at lists.suse.com Wed Aug 20 17:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Aug 2014 01:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1049-1: moderate: Security update for OpenSSL Message-ID: <20140820230414.A3ADB321B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1049-1 Rating: moderate References: #890764 #890767 #890768 #890769 #890770 Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This OpenSSL update fixes the following security issue: * bnc#890764: Information leak in pretty printing functions (CVE-2014-3508) * bnc#890767: Double Free when processing DTLS packets (CVE-2014-3505) * bnc#890768: DTLS memory exhaustion (CVE-2014-3506) * bnc#890769: DTLS memory leak from zero-length fragments (CVE-2014-3507) * bnc#890770: DTLS anonymous EC(DH) denial of service (CVE-2014-3510) Security Issues: * CVE-2014-3508 * CVE-2014-3505 * CVE-2014-3506 * CVE-2014-3507 * CVE-2014-3510 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel-9598 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel-9598 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel-9598 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel-9598 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.62.1 libopenssl0_9_8-hmac-0.9.8j-0.62.1 openssl-0.9.8j-0.62.1 openssl-doc-0.9.8j-0.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.62.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.62.1 libopenssl0_9_8-hmac-0.9.8j-0.62.1 openssl-0.9.8j-0.62.1 openssl-doc-0.9.8j-0.62.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.62.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.62.1 openssl-0.9.8j-0.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.62.1 References: http://support.novell.com/security/cve/CVE-2014-3505.html http://support.novell.com/security/cve/CVE-2014-3506.html http://support.novell.com/security/cve/CVE-2014-3507.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3510.html https://bugzilla.novell.com/890764 https://bugzilla.novell.com/890767 https://bugzilla.novell.com/890768 https://bugzilla.novell.com/890769 https://bugzilla.novell.com/890770 http://download.suse.com/patch/finder/?keywords=30032dcfaed48d7e5c0c3457c07419da From sle-security-updates at lists.suse.com Thu Aug 21 16:04:48 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Aug 2014 00:04:48 +0200 (CEST) Subject: SUSE-SU-2014:1055-1: moderate: Security update for IBM Java Message-ID: <20140821220448.91D83321C0@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1055-1 Rating: moderate References: #891700 Cross-References: CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 CVE-2014-4268 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: java-1_6_0-ibm has been updated to fix ten security issues. Security Issues: * CVE-2014-4227 * CVE-2014-4262 * CVE-2014-4219 * CVE-2014-4209 * CVE-2014-4268 * CVE-2014-4218 * CVE-2014-4252 * CVE-2014-4265 * CVE-2014-4263 * CVE-2014-4244 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-9615 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm-9615 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm-9615 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr16.1-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.1-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr16.1-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.1-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.1-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.1-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.1-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-4209.html http://support.novell.com/security/cve/CVE-2014-4218.html http://support.novell.com/security/cve/CVE-2014-4219.html http://support.novell.com/security/cve/CVE-2014-4227.html http://support.novell.com/security/cve/CVE-2014-4244.html http://support.novell.com/security/cve/CVE-2014-4252.html http://support.novell.com/security/cve/CVE-2014-4262.html http://support.novell.com/security/cve/CVE-2014-4263.html http://support.novell.com/security/cve/CVE-2014-4265.html http://support.novell.com/security/cve/CVE-2014-4268.html https://bugzilla.novell.com/891700 http://download.suse.com/patch/finder/?keywords=de91c30b9678a8b41a29b3124d9a2b83 From sle-security-updates at lists.suse.com Fri Aug 22 17:04:15 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 23 Aug 2014 01:04:15 +0200 (CEST) Subject: SUSE-SU-2014:1055-2: moderate: Security update for IBM Java Message-ID: <20140822230415.BE0C1321B9@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1055-2 Rating: moderate References: #891700 Cross-References: CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 CVE-2014-4268 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: java-1_6_0-ibm has been updated to fix ten security issues. Security Issues: * CVE-2014-4227 * CVE-2014-4262 * CVE-2014-4219 * CVE-2014-4209 * CVE-2014-4268 * CVE-2014-4218 * CVE-2014-4252 * CVE-2014-4265 * CVE-2014-4263 * CVE-2014-4244 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-java-1_6_0-ibm-9614 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): java-1_6_0-ibm-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.1-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr16.1-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-4209.html http://support.novell.com/security/cve/CVE-2014-4218.html http://support.novell.com/security/cve/CVE-2014-4219.html http://support.novell.com/security/cve/CVE-2014-4227.html http://support.novell.com/security/cve/CVE-2014-4244.html http://support.novell.com/security/cve/CVE-2014-4252.html http://support.novell.com/security/cve/CVE-2014-4262.html http://support.novell.com/security/cve/CVE-2014-4263.html http://support.novell.com/security/cve/CVE-2014-4265.html http://support.novell.com/security/cve/CVE-2014-4268.html https://bugzilla.novell.com/891700 http://download.suse.com/patch/finder/?keywords=7a61b835a32429a85d3cce40a1b17ad6 From sle-security-updates at lists.suse.com Thu Aug 28 06:05:03 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Aug 2014 14:05:03 +0200 (CEST) Subject: SUSE-SU-2014:1010-2: moderate: Security update for python-Jinja2 Message-ID: <20140828120503.57F48321CE@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1010-2 Rating: moderate References: #858239 Cross-References: CVE-2014-1402 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following security issue: * The default configuration for bccache.FileSystemBytecodeCache in Jinja2 did not properly create temporary files, which allowed local users to gain privileges via a crafted .cache file in /tmp. (CVE-2014-1402) Security Issues: * CVE-2014-1402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-python-Jinja2-9602 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): python-Jinja2-2.6-2.14.4 References: http://support.novell.com/security/cve/CVE-2014-1402.html https://bugzilla.novell.com/858239 http://download.suse.com/patch/finder/?keywords=acf4cc9b1f52498ef1fda68ec4ea15f8 From sle-security-updates at lists.suse.com Thu Aug 28 11:04:12 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Aug 2014 19:04:12 +0200 (CEST) Subject: SUSE-SU-2014:1071-1: moderate: Security update for subversion Message-ID: <20140828170412.933A4321CE@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1071-1 Rating: moderate References: #889849 Cross-References: CVE-2014-3528 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: subversion has been updated to fix one security problem: * bnc#889849: Reveal authentication information through an md5 collision attack on authentication realm (CVE-2014-3528) Security Issues: * CVE-2014-3528 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-9626 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.29.1 subversion-devel-1.6.17-1.29.1 subversion-perl-1.6.17-1.29.1 subversion-python-1.6.17-1.29.1 subversion-server-1.6.17-1.29.1 subversion-tools-1.6.17-1.29.1 References: http://support.novell.com/security/cve/CVE-2014-3528.html https://bugzilla.novell.com/889849 http://download.suse.com/patch/finder/?keywords=1e78bd128a83d62383fff69c071a2768 From sle-security-updates at lists.suse.com Thu Aug 28 11:04:35 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Aug 2014 19:04:35 +0200 (CEST) Subject: SUSE-SU-2014:1072-1: important: Security update for MySQL Message-ID: <20140828170435.CF4BD321CE@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1072-1 Rating: important References: #887580 Cross-References: CVE-2014-2484 CVE-2014-2494 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. It includes one version update. Description: This MySQL update provides the following: * upgrade to version 5.5.39, [bnc#887580] * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243 See also: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Security Issues: * CVE-2014-2484 * CVE-2014-4258 * CVE-2014-4260 * CVE-2014-2494 * CVE-2014-4238 * CVE-2014-4207 * CVE-2014-4233 * CVE-2014-4240 * CVE-2014-4214 * CVE-2014-4243 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmysql55client18-9624 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmysql55client18-9624 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmysql55client18-9624 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmysql55client18-9624 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.39-0.7.1 libmysqlclient_r15-32bit-5.0.96-0.6.13 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libmysql55client_r18-x86-5.5.39-0.7.1 libmysqlclient_r15-x86-5.0.96-0.6.13 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.39]: libmysql55client18-5.5.39-0.7.1 libmysql55client_r18-5.5.39-0.7.1 libmysqlclient15-5.0.96-0.6.13 libmysqlclient_r15-5.0.96-0.6.13 mysql-5.5.39-0.7.1 mysql-client-5.5.39-0.7.1 mysql-tools-5.5.39-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.39]: libmysql55client18-32bit-5.5.39-0.7.1 libmysqlclient15-32bit-5.0.96-0.6.13 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.39]: libmysql55client18-5.5.39-0.7.1 libmysql55client_r18-5.5.39-0.7.1 libmysqlclient15-5.0.96-0.6.13 libmysqlclient_r15-5.0.96-0.6.13 mysql-5.5.39-0.7.1 mysql-client-5.5.39-0.7.1 mysql-tools-5.5.39-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.39]: libmysql55client18-32bit-5.5.39-0.7.1 libmysqlclient15-32bit-5.0.96-0.6.13 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.39]: libmysql55client18-x86-5.5.39-0.7.1 libmysqlclient15-x86-5.0.96-0.6.13 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.39]: libmysql55client18-5.5.39-0.7.1 libmysql55client_r18-5.5.39-0.7.1 libmysqlclient15-5.0.96-0.6.13 libmysqlclient_r15-5.0.96-0.6.13 mysql-5.5.39-0.7.1 mysql-client-5.5.39-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.39]: libmysql55client18-32bit-5.5.39-0.7.1 libmysql55client_r18-32bit-5.5.39-0.7.1 libmysqlclient15-32bit-5.0.96-0.6.13 libmysqlclient_r15-32bit-5.0.96-0.6.13 References: http://support.novell.com/security/cve/CVE-2014-2484.html http://support.novell.com/security/cve/CVE-2014-2494.html http://support.novell.com/security/cve/CVE-2014-4207.html http://support.novell.com/security/cve/CVE-2014-4214.html http://support.novell.com/security/cve/CVE-2014-4233.html http://support.novell.com/security/cve/CVE-2014-4238.html http://support.novell.com/security/cve/CVE-2014-4240.html http://support.novell.com/security/cve/CVE-2014-4243.html http://support.novell.com/security/cve/CVE-2014-4258.html http://support.novell.com/security/cve/CVE-2014-4260.html https://bugzilla.novell.com/887580 http://download.suse.com/patch/finder/?keywords=8b3fd18dd93c87bd6dd0292986f6e140 From sle-security-updates at lists.suse.com Thu Aug 28 11:04:55 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Aug 2014 19:04:55 +0200 (CEST) Subject: SUSE-SU-2014:0994-2: moderate: Security update for rubygem-activerecord-2_3 Message-ID: <20140828170455.7707A321CC@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0994-2 Rating: moderate References: #885636 Cross-References: CVE-2014-3482 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activerecord-2_3 fixes the following security issue: * The PostgreSQL adapter for Active Record in Ruby on Rails 2.x allowed remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. (CVE-2014-3482) Security Issues: * CVE-2014-3482 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-rubygem-activerecord-2_3-9603 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): rubygem-activerecord-2_3-2.3.17-0.15.3 References: http://support.novell.com/security/cve/CVE-2014-3482.html https://bugzilla.novell.com/885636 http://download.suse.com/patch/finder/?keywords=fdaefdb6bac0fffb18127a0158c4a52a From sle-security-updates at lists.suse.com Thu Aug 28 21:04:13 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 29 Aug 2014 05:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1073-1: moderate: Security update for gpgme Message-ID: <20140829030413.DF474321CE@maintenance.suse.de> SUSE Security Update: Security update for gpgme ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1073-1 Rating: moderate References: #890123 Cross-References: CVE-2014-3564 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This gpgme update fixes the following security issue: * bnc#890123: Fix possible overflow in gpgsm and uiserver engines (CVE-2014-3564) Security Issues: * CVE-2014-3564 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gpgme-9644 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gpgme-9644 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gpgme-9644 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gpgme-9644 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgpgme-devel-1.1.6-25.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libgpgme11-32bit-1.1.6-25.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libgpgme11-x86-1.1.6-25.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gpgme-1.1.6-25.32.1 libgpgme11-1.1.6-25.32.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gpgme-1.1.6-25.32.1 libgpgme11-1.1.6-25.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gpgme-1.1.6-25.32.1 libgpgme11-1.1.6-25.32.1 References: http://support.novell.com/security/cve/CVE-2014-3564.html https://bugzilla.novell.com/890123 http://download.suse.com/patch/finder/?keywords=baf4cccd2cf599d38b8f37ee948b2f83 From sle-security-updates at lists.suse.com Fri Aug 29 17:04:22 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 30 Aug 2014 01:04:22 +0200 (CEST) Subject: SUSE-SU-2014:1071-2: moderate: Security update for subversion Message-ID: <20140829230422.67509320DB@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1071-2 Rating: moderate References: #889849 Cross-References: CVE-2014-3528 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Subversion has been updated to fix a security problem: * bnc#889849: Reveal authentication information through an md5 collision attack on authentication realm (CVE-2014-3528) Security Issues: * CVE-2014-3528 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-9625 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.29.1 References: http://support.novell.com/security/cve/CVE-2014-3528.html https://bugzilla.novell.com/889849 http://download.suse.com/patch/finder/?keywords=84be0a1a7272f75ebbfdb78d911a6f73