From sle-security-updates at lists.suse.com Tue Dec 2 10:04:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Dec 2014 18:04:42 +0100 (CET) Subject: SUSE-SU-2014:1541-1: moderate: Security update for java-1_6_0-ibm Message-ID: <20141202170442.31A3B3233B@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1541-1 Rating: moderate References: #901223 #901239 #904889 Cross-References: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: java-1_6_0-ibm was updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). Further information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove mber_2014 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2014-93 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.2-8.1 java-1_6_0-ibm-fonts-1.6.0_sr16.2-8.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.2-8.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.2-8.1 References: http://support.novell.com/security/cve/CVE-2014-3065.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-4288.html http://support.novell.com/security/cve/CVE-2014-6457.html http://support.novell.com/security/cve/CVE-2014-6458.html http://support.novell.com/security/cve/CVE-2014-6466.html http://support.novell.com/security/cve/CVE-2014-6492.html http://support.novell.com/security/cve/CVE-2014-6493.html http://support.novell.com/security/cve/CVE-2014-6502.html http://support.novell.com/security/cve/CVE-2014-6503.html http://support.novell.com/security/cve/CVE-2014-6506.html http://support.novell.com/security/cve/CVE-2014-6511.html http://support.novell.com/security/cve/CVE-2014-6512.html http://support.novell.com/security/cve/CVE-2014-6513.html http://support.novell.com/security/cve/CVE-2014-6515.html http://support.novell.com/security/cve/CVE-2014-6531.html http://support.novell.com/security/cve/CVE-2014-6532.html http://support.novell.com/security/cve/CVE-2014-6558.html https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901239 https://bugzilla.suse.com/show_bug.cgi?id=904889 From sle-security-updates at lists.suse.com Tue Dec 2 10:05:17 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Dec 2014 18:05:17 +0100 (CET) Subject: SUSE-SU-2014:1542-1: moderate: Security update for flash-player Message-ID: <20141202170517.F26AE3233B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1542-1 Rating: moderate References: #907257 Cross-References: CVE-2014-8439 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: flash-player was updated to fix one security issue. This security issue was fixed: - Hardening against a code execution flaw (CVE-2014-8439). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-91 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-91 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.424-15.1 flash-player-gnome-11.2.202.424-15.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.424-15.1 flash-player-gnome-11.2.202.424-15.1 References: http://support.novell.com/security/cve/CVE-2014-8439.html https://bugzilla.suse.com/show_bug.cgi?id=907257 From sle-security-updates at lists.suse.com Tue Dec 2 11:04:40 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Dec 2014 19:04:40 +0100 (CET) Subject: SUSE-SU-2014:1526-2: important: Security update for IBM Java Message-ID: <20141202180440.05F6B3233B@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1526-2 Rating: important References: #904889 Cross-References: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues have been fixed: * Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove mber_2014 Security Issues: * CVE-2014-3065 * CVE-2014-3566 * CVE-2014-6506 * CVE-2014-6511 * CVE-2014-6531 * CVE-2014-6512 * CVE-2014-6457 * CVE-2014-6502 * CVE-2014-6558 * CVE-2014-6513 * CVE-2014-6503 * CVE-2014-4288 * CVE-2014-6493 * CVE-2014-6532 * CVE-2014-6492 * CVE-2014-6458 * CVE-2014-6466 * CVE-2014-6515 * CVE-2014-6456 * CVE-2014-6476 * CVE-2014-6527 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-java-1_6_0-ibm-9994 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-3065.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-4288.html http://support.novell.com/security/cve/CVE-2014-6456.html http://support.novell.com/security/cve/CVE-2014-6457.html http://support.novell.com/security/cve/CVE-2014-6458.html http://support.novell.com/security/cve/CVE-2014-6466.html http://support.novell.com/security/cve/CVE-2014-6476.html http://support.novell.com/security/cve/CVE-2014-6492.html http://support.novell.com/security/cve/CVE-2014-6493.html http://support.novell.com/security/cve/CVE-2014-6502.html http://support.novell.com/security/cve/CVE-2014-6503.html http://support.novell.com/security/cve/CVE-2014-6506.html http://support.novell.com/security/cve/CVE-2014-6511.html http://support.novell.com/security/cve/CVE-2014-6512.html http://support.novell.com/security/cve/CVE-2014-6513.html http://support.novell.com/security/cve/CVE-2014-6515.html http://support.novell.com/security/cve/CVE-2014-6527.html http://support.novell.com/security/cve/CVE-2014-6531.html http://support.novell.com/security/cve/CVE-2014-6532.html http://support.novell.com/security/cve/CVE-2014-6558.html https://bugzilla.suse.com/show_bug.cgi?id=904889 http://download.suse.com/patch/finder/?keywords=556fa23b5756de780c455b083e882ed7 From sle-security-updates at lists.suse.com Tue Dec 2 11:04:54 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Dec 2014 19:04:54 +0100 (CET) Subject: SUSE-SU-2014:1544-1: moderate: Security update for LibreOffice Message-ID: <20141202180454.C558B3233B@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1544-1 Rating: moderate References: #900214 #900218 Cross-References: CVE-2014-3693 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: LibreOffice was updated to fix two security issues. These security issues have been fixed: * "Document as E-mail" vulnerability (bnc#900218). * Impress remote control use-after-free vulnerability (CVE-2014-3693). Security Issues: * CVE-2014-3693 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libreoffice-2014-11-19-10001 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libreoffice-2014-11-19-10001 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.10.2 libreoffice-base-4.0.3.3.26-0.10.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.10.2 libreoffice-base-extensions-4.0.3.3.26-0.10.2 libreoffice-calc-4.0.3.3.26-0.10.2 libreoffice-calc-extensions-4.0.3.3.26-0.10.2 libreoffice-draw-4.0.3.3.26-0.10.2 libreoffice-draw-extensions-4.0.3.3.26-0.10.2 libreoffice-filters-optional-4.0.3.3.26-0.10.2 libreoffice-gnome-4.0.3.3.26-0.10.2 libreoffice-impress-4.0.3.3.26-0.10.2 libreoffice-impress-extensions-4.0.3.3.26-0.10.2 libreoffice-kde-4.0.3.3.26-0.10.2 libreoffice-kde4-4.0.3.3.26-0.10.2 libreoffice-l10n-prebuilt-4.0.3.3.26-0.10.2 libreoffice-mailmerge-4.0.3.3.26-0.10.2 libreoffice-math-4.0.3.3.26-0.10.2 libreoffice-mono-4.0.3.3.26-0.10.2 libreoffice-officebean-4.0.3.3.26-0.10.2 libreoffice-pyuno-4.0.3.3.26-0.10.2 libreoffice-sdk-4.0.3.3.26-0.10.2 libreoffice-writer-4.0.3.3.26-0.10.2 libreoffice-writer-extensions-4.0.3.3.26-0.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-branding-upstream-4.0.3.3.26-0.10.1 libreoffice-help-cs-4.0.3.3.26-0.10.2 libreoffice-help-da-4.0.3.3.26-0.10.2 libreoffice-help-de-4.0.3.3.26-0.10.2 libreoffice-help-en-GB-4.0.3.3.26-0.10.2 libreoffice-help-en-US-4.0.3.3.26-0.10.2 libreoffice-help-es-4.0.3.3.26-0.10.2 libreoffice-help-fr-4.0.3.3.26-0.10.2 libreoffice-help-gu-IN-4.0.3.3.26-0.10.2 libreoffice-help-hi-IN-4.0.3.3.26-0.10.2 libreoffice-help-hu-4.0.3.3.26-0.10.2 libreoffice-help-it-4.0.3.3.26-0.10.2 libreoffice-help-ja-4.0.3.3.26-0.10.2 libreoffice-help-ko-4.0.3.3.26-0.10.2 libreoffice-help-nl-4.0.3.3.26-0.10.2 libreoffice-help-pl-4.0.3.3.26-0.10.2 libreoffice-help-pt-4.0.3.3.26-0.10.2 libreoffice-help-pt-BR-4.0.3.3.26-0.10.2 libreoffice-help-ru-4.0.3.3.26-0.10.2 libreoffice-help-sv-4.0.3.3.26-0.10.2 libreoffice-help-zh-CN-4.0.3.3.26-0.10.2 libreoffice-help-zh-TW-4.0.3.3.26-0.10.2 libreoffice-icon-themes-4.0.3.3.26-0.10.1 libreoffice-l10n-af-4.0.3.3.26-0.10.1 libreoffice-l10n-ar-4.0.3.3.26-0.10.1 libreoffice-l10n-ca-4.0.3.3.26-0.10.1 libreoffice-l10n-cs-4.0.3.3.26-0.10.1 libreoffice-l10n-da-4.0.3.3.26-0.10.1 libreoffice-l10n-de-4.0.3.3.26-0.10.1 libreoffice-l10n-el-4.0.3.3.26-0.10.1 libreoffice-l10n-en-GB-4.0.3.3.26-0.10.1 libreoffice-l10n-es-4.0.3.3.26-0.10.1 libreoffice-l10n-fi-4.0.3.3.26-0.10.1 libreoffice-l10n-fr-4.0.3.3.26-0.10.1 libreoffice-l10n-gu-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hi-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hu-4.0.3.3.26-0.10.1 libreoffice-l10n-it-4.0.3.3.26-0.10.1 libreoffice-l10n-ja-4.0.3.3.26-0.10.1 libreoffice-l10n-ko-4.0.3.3.26-0.10.1 libreoffice-l10n-nb-4.0.3.3.26-0.10.1 libreoffice-l10n-nl-4.0.3.3.26-0.10.1 libreoffice-l10n-nn-4.0.3.3.26-0.10.1 libreoffice-l10n-pl-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-BR-4.0.3.3.26-0.10.1 libreoffice-l10n-ru-4.0.3.3.26-0.10.1 libreoffice-l10n-sk-4.0.3.3.26-0.10.1 libreoffice-l10n-sv-4.0.3.3.26-0.10.1 libreoffice-l10n-xh-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-CN-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-TW-4.0.3.3.26-0.10.1 libreoffice-l10n-zu-4.0.3.3.26-0.10.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.10.2 libreoffice-base-4.0.3.3.26-0.10.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.10.2 libreoffice-base-extensions-4.0.3.3.26-0.10.2 libreoffice-calc-4.0.3.3.26-0.10.2 libreoffice-calc-extensions-4.0.3.3.26-0.10.2 libreoffice-draw-4.0.3.3.26-0.10.2 libreoffice-draw-extensions-4.0.3.3.26-0.10.2 libreoffice-filters-optional-4.0.3.3.26-0.10.2 libreoffice-gnome-4.0.3.3.26-0.10.2 libreoffice-impress-4.0.3.3.26-0.10.2 libreoffice-impress-extensions-4.0.3.3.26-0.10.2 libreoffice-kde-4.0.3.3.26-0.10.2 libreoffice-kde4-4.0.3.3.26-0.10.2 libreoffice-mailmerge-4.0.3.3.26-0.10.2 libreoffice-math-4.0.3.3.26-0.10.2 libreoffice-mono-4.0.3.3.26-0.10.2 libreoffice-officebean-4.0.3.3.26-0.10.2 libreoffice-pyuno-4.0.3.3.26-0.10.2 libreoffice-writer-4.0.3.3.26-0.10.2 libreoffice-writer-extensions-4.0.3.3.26-0.10.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-help-cs-4.0.3.3.26-0.10.2 libreoffice-help-da-4.0.3.3.26-0.10.2 libreoffice-help-de-4.0.3.3.26-0.10.2 libreoffice-help-en-GB-4.0.3.3.26-0.10.2 libreoffice-help-en-US-4.0.3.3.26-0.10.2 libreoffice-help-es-4.0.3.3.26-0.10.2 libreoffice-help-fr-4.0.3.3.26-0.10.2 libreoffice-help-gu-IN-4.0.3.3.26-0.10.2 libreoffice-help-hi-IN-4.0.3.3.26-0.10.2 libreoffice-help-hu-4.0.3.3.26-0.10.2 libreoffice-help-it-4.0.3.3.26-0.10.2 libreoffice-help-ja-4.0.3.3.26-0.10.2 libreoffice-help-ko-4.0.3.3.26-0.10.2 libreoffice-help-nl-4.0.3.3.26-0.10.2 libreoffice-help-pl-4.0.3.3.26-0.10.2 libreoffice-help-pt-4.0.3.3.26-0.10.2 libreoffice-help-pt-BR-4.0.3.3.26-0.10.2 libreoffice-help-ru-4.0.3.3.26-0.10.2 libreoffice-help-sv-4.0.3.3.26-0.10.2 libreoffice-help-zh-CN-4.0.3.3.26-0.10.2 libreoffice-help-zh-TW-4.0.3.3.26-0.10.2 libreoffice-icon-themes-4.0.3.3.26-0.10.1 libreoffice-l10n-af-4.0.3.3.26-0.10.1 libreoffice-l10n-ar-4.0.3.3.26-0.10.1 libreoffice-l10n-ca-4.0.3.3.26-0.10.1 libreoffice-l10n-cs-4.0.3.3.26-0.10.1 libreoffice-l10n-da-4.0.3.3.26-0.10.1 libreoffice-l10n-de-4.0.3.3.26-0.10.1 libreoffice-l10n-en-GB-4.0.3.3.26-0.10.1 libreoffice-l10n-es-4.0.3.3.26-0.10.1 libreoffice-l10n-fi-4.0.3.3.26-0.10.1 libreoffice-l10n-fr-4.0.3.3.26-0.10.1 libreoffice-l10n-gu-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hi-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hu-4.0.3.3.26-0.10.1 libreoffice-l10n-it-4.0.3.3.26-0.10.1 libreoffice-l10n-ja-4.0.3.3.26-0.10.1 libreoffice-l10n-ko-4.0.3.3.26-0.10.1 libreoffice-l10n-nb-4.0.3.3.26-0.10.1 libreoffice-l10n-nl-4.0.3.3.26-0.10.1 libreoffice-l10n-nn-4.0.3.3.26-0.10.1 libreoffice-l10n-pl-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-BR-4.0.3.3.26-0.10.1 libreoffice-l10n-ru-4.0.3.3.26-0.10.1 libreoffice-l10n-sk-4.0.3.3.26-0.10.1 libreoffice-l10n-sv-4.0.3.3.26-0.10.1 libreoffice-l10n-xh-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-CN-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-TW-4.0.3.3.26-0.10.1 libreoffice-l10n-zu-4.0.3.3.26-0.10.1 References: http://support.novell.com/security/cve/CVE-2014-3693.html https://bugzilla.suse.com/show_bug.cgi?id=900214 https://bugzilla.suse.com/show_bug.cgi?id=900218 http://download.suse.com/patch/finder/?keywords=db57231a4f71ea060e6ffd389c761b73 From sle-security-updates at lists.suse.com Tue Dec 2 17:04:44 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Dec 2014 01:04:44 +0100 (CET) Subject: SUSE-SU-2014:1545-1: important: Security update for flash-player Message-ID: <20141203000444.47D05322A4@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1545-1 Rating: important References: #907257 Cross-References: CVE-2014-8439 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following vulnerability is fixed with this update: * bnc#907257 hardening against a remote code execution flaw (APSB14-26) Security Issues: * CVE-2014-8439 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10023 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.424]: flash-player-11.2.202.424-0.3.1 flash-player-gnome-11.2.202.424-0.3.1 flash-player-kde4-11.2.202.424-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-8439.html https://bugzilla.suse.com/show_bug.cgi?id=907257 http://download.suse.com/patch/finder/?keywords=3982bdc1e32d85b48703af1cc342821b From sle-security-updates at lists.suse.com Wed Dec 3 09:04:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Dec 2014 17:04:42 +0100 (CET) Subject: SUSE-SU-2014:1549-1: important: Security update for java-1_7_1-ibm Message-ID: <20141203160442.90CF13233C@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1549-1 Rating: important References: #901223 #901239 #904889 Cross-References: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-95 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-95 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr2.0-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr2.0-4.1 java-1_7_1-ibm-jdbc-1.7.1_sr2.0-4.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr2.0-4.1 java-1_7_1-ibm-plugin-1.7.1_sr2.0-4.1 References: http://support.novell.com/security/cve/CVE-2014-3065.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-4288.html http://support.novell.com/security/cve/CVE-2014-6456.html http://support.novell.com/security/cve/CVE-2014-6457.html http://support.novell.com/security/cve/CVE-2014-6458.html http://support.novell.com/security/cve/CVE-2014-6466.html http://support.novell.com/security/cve/CVE-2014-6476.html http://support.novell.com/security/cve/CVE-2014-6492.html http://support.novell.com/security/cve/CVE-2014-6493.html http://support.novell.com/security/cve/CVE-2014-6502.html http://support.novell.com/security/cve/CVE-2014-6503.html http://support.novell.com/security/cve/CVE-2014-6506.html http://support.novell.com/security/cve/CVE-2014-6511.html http://support.novell.com/security/cve/CVE-2014-6512.html http://support.novell.com/security/cve/CVE-2014-6513.html http://support.novell.com/security/cve/CVE-2014-6515.html http://support.novell.com/security/cve/CVE-2014-6527.html http://support.novell.com/security/cve/CVE-2014-6531.html http://support.novell.com/security/cve/CVE-2014-6532.html http://support.novell.com/security/cve/CVE-2014-6558.html https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901239 https://bugzilla.suse.com/show_bug.cgi?id=904889 From sle-security-updates at lists.suse.com Thu Dec 4 07:04:45 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Dec 2014 15:04:45 +0100 (CET) Subject: SUSE-SU-2014:1555-1: moderate: Security update for file Message-ID: <20141204140445.39A7D32340@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1555-1 Rating: moderate References: #888308 #902367 Cross-References: CVE-2014-3710 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: file was updated to fix one security issue. This security issue was fixed: - Out-of-bounds read in elf note headers (CVE-2014-3710). This non-security issues was fixed: - Correctly identify GDBM files created by libgdbm4 (bnc#888308). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-97 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-97 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-97 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): file-debuginfo-5.19-5.2 file-debugsource-5.19-5.2 file-devel-5.19-5.2 python-magic-5.19-5.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): file-5.19-5.2 file-debuginfo-5.19-5.2 file-debugsource-5.19-5.2 file-magic-5.19-5.2 libmagic1-5.19-5.2 libmagic1-debuginfo-5.19-5.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmagic1-32bit-5.19-5.2 libmagic1-debuginfo-32bit-5.19-5.2 - SUSE Linux Enterprise Desktop 12 (x86_64): file-5.19-5.2 file-debuginfo-5.19-5.2 file-debugsource-5.19-5.2 file-magic-5.19-5.2 libmagic1-32bit-5.19-5.2 libmagic1-5.19-5.2 libmagic1-debuginfo-32bit-5.19-5.2 libmagic1-debuginfo-5.19-5.2 References: http://support.novell.com/security/cve/CVE-2014-3710.html https://bugzilla.suse.com/show_bug.cgi?id=888308 https://bugzilla.suse.com/show_bug.cgi?id=902367 From sle-security-updates at lists.suse.com Thu Dec 4 12:04:41 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Dec 2014 20:04:41 +0100 (CET) Subject: SUSE-SU-2014:1557-1: moderate: Security update for compat-openssl097g Message-ID: <20141204190441.798A532340@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1557-1 Rating: moderate References: #802184 #880891 #890764 #901223 #901277 #905106 Cross-References: CVE-2013-0166 CVE-2013-0169 CVE-2014-0224 CVE-2014-3470 CVE-2014-3508 CVE-2014-3566 CVE-2014-3568 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 * CVE-2013-0169 * CVE-2014-0224 * CVE-2014-3470 * CVE-2014-3508 * CVE-2014-3566 * CVE-2014-3568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g-10032 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.25.1 compat-openssl097g-32bit-0.9.7g-146.22.25.1 References: http://support.novell.com/security/cve/CVE-2013-0166.html http://support.novell.com/security/cve/CVE-2013-0169.html http://support.novell.com/security/cve/CVE-2014-0224.html http://support.novell.com/security/cve/CVE-2014-3470.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-3568.html https://bugzilla.suse.com/show_bug.cgi?id=802184 https://bugzilla.suse.com/show_bug.cgi?id=880891 https://bugzilla.suse.com/show_bug.cgi?id=890764 https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901277 https://bugzilla.suse.com/show_bug.cgi?id=905106 http://download.suse.com/patch/finder/?keywords=1d970165e44d09f727b7c89af11e885f From sle-security-updates at lists.suse.com Thu Dec 4 16:04:43 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Dec 2014 00:04:43 +0100 (CET) Subject: SUSE-SU-2014:1557-2: moderate: Security update for compat-openssl097g Message-ID: <20141204230443.E7A2432340@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1557-2 Rating: moderate References: #802184 #880891 #890764 #901223 #901277 #905106 Cross-References: CVE-2013-0166 CVE-2013-0169 CVE-2014-0224 CVE-2014-3470 CVE-2014-3508 CVE-2014-3566 CVE-2014-3568 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 * CVE-2013-0169 * CVE-2014-0224 * CVE-2014-3470 * CVE-2014-3508 * CVE-2014-3566 * CVE-2014-3568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-openssl097g-10033 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.25.1 References: http://support.novell.com/security/cve/CVE-2013-0166.html http://support.novell.com/security/cve/CVE-2013-0169.html http://support.novell.com/security/cve/CVE-2014-0224.html http://support.novell.com/security/cve/CVE-2014-3470.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-3568.html https://bugzilla.suse.com/show_bug.cgi?id=802184 https://bugzilla.suse.com/show_bug.cgi?id=880891 https://bugzilla.suse.com/show_bug.cgi?id=890764 https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901277 https://bugzilla.suse.com/show_bug.cgi?id=905106 http://download.suse.com/patch/finder/?keywords=a12966f5561ba5e3afba4dc35a37d352 From sle-security-updates at lists.suse.com Thu Dec 4 17:04:49 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Dec 2014 01:04:49 +0100 (CET) Subject: SUSE-SU-2014:1558-1: moderate: Security update for pure-ftpd Message-ID: <20141205000449.A7B9C3233D@maintenance.suse.de> SUSE Security Update: Security update for pure-ftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1558-1 Rating: moderate References: #828469 #856424 #902229 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: pure-ftpd was updated to fix one security issue and two non-security bugs: * SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE (CVE-2014-3566, bnc#902229). * Added the disable_ascii option (bnc#828469). * Fixed wait on TLS handshake (bnc#856424). Security Issues: * CVE-2014-3566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-pure-ftpd-10004 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-pure-ftpd-10004 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-pure-ftpd-10004 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): pure-ftpd-1.0.22-3.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): pure-ftpd-1.0.22-3.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): pure-ftpd-1.0.22-3.25.1 References: https://bugzilla.suse.com/show_bug.cgi?id=828469 https://bugzilla.suse.com/show_bug.cgi?id=856424 https://bugzilla.suse.com/show_bug.cgi?id=902229 http://download.suse.com/patch/finder/?keywords=05e51d386d4b3a9169d3b2bb5be13fc6 From sle-security-updates at lists.suse.com Fri Dec 5 11:04:44 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Dec 2014 19:04:44 +0100 (CET) Subject: SUSE-SU-2014:1571-1: important: Security update for clamav Message-ID: <20141205180444.81A2832340@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1571-1 Rating: important References: #899395 #903489 #903719 #904207 #906077 #906770 Cross-References: CVE-2013-6497 CVE-2014-9050 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. It includes one version update. Description: clamav was updated to version 0.98.5 to fix five security issues: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Fix heap corruption (CVE-2013-2020). * Fix overflow due to PDF key length computation (CVE-2013-2021). * Crash when using 'clamscan -a'. Several non-security issues have also been fixed, please refer to the package's change log for details. Security Issues: * CVE-2013-6497 * CVE-2014-9050 * CVE-2013-2021 * CVE-2013-2020 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-clamav-10015 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-clamav-10014 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6497.html http://support.novell.com/security/cve/CVE-2014-9050.html https://bugzilla.suse.com/show_bug.cgi?id=899395 https://bugzilla.suse.com/show_bug.cgi?id=903489 https://bugzilla.suse.com/show_bug.cgi?id=903719 https://bugzilla.suse.com/show_bug.cgi?id=904207 https://bugzilla.suse.com/show_bug.cgi?id=906077 https://bugzilla.suse.com/show_bug.cgi?id=906770 http://download.suse.com/patch/finder/?keywords=21beeab39cfa85199510367c32cbdd16 http://download.suse.com/patch/finder/?keywords=da1389754016c53659409dd9ebba9efc From sle-security-updates at lists.suse.com Fri Dec 5 11:05:50 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Dec 2014 19:05:50 +0100 (CET) Subject: SUSE-SU-2014:1572-1: moderate: Security update for apache2-mod_wsgi Message-ID: <20141205180550.0952D32342@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1572-1 Rating: moderate References: #903961 Cross-References: CVE-2014-8583 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: apache2-mod_wsgi was updated to fix one security issue: * Failure to handle errors when attempting to drop group privileges. (CVE-2014-8583) Security Issues: * CVE-2014-8583 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-apache2-mod_wsgi-10019 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-apache2-mod_wsgi-10020 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Cloud 3 (x86_64): apache2-mod_wsgi-3.3-5.7.1 References: http://support.novell.com/security/cve/CVE-2014-8583.html https://bugzilla.suse.com/show_bug.cgi?id=903961 http://download.suse.com/patch/finder/?keywords=774a655e97a0f4ea39b012023a08b5ce http://download.suse.com/patch/finder/?keywords=dfb6386f3e5bab137b2e20e861bcee09 From sle-security-updates at lists.suse.com Fri Dec 5 13:04:56 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Dec 2014 21:04:56 +0100 (CET) Subject: SUSE-SU-2014:1574-1: important: Security update for clamav Message-ID: <20141205200456.3BFB632342@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1574-1 Rating: important References: #903489 #903719 #904207 #906077 #906770 Cross-References: CVE-2013-6497 CVE-2014-9050 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. It includes one version update. Description: clamav was updated to version 0.98.5 to fix three security issues and several non-security issues. These security issues have been fixed: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Crash when using 'clamscan -a'. These non-security issues have been fixed: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. * Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). * Fix server socket setup code in clamd (bnc#903489). * Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). * Fix infinite loop in clamdscan when clamd is not running. * Fix buffer underruns when handling multi-part MIME email attachments. * Fix configuration of OpenSSL on various platforms. * Fix linking issues with libclamunrar. Security Issues: * CVE-2013-6497 * CVE-2014-9050 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-clamav-10016 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-clamav-10016 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-clamav-10016 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6497.html http://support.novell.com/security/cve/CVE-2014-9050.html https://bugzilla.suse.com/show_bug.cgi?id=903489 https://bugzilla.suse.com/show_bug.cgi?id=903719 https://bugzilla.suse.com/show_bug.cgi?id=904207 https://bugzilla.suse.com/show_bug.cgi?id=906077 https://bugzilla.suse.com/show_bug.cgi?id=906770 http://download.suse.com/patch/finder/?keywords=6c42e45ae40ed1ee02b8a321b52a6318 http://download.suse.com/patch/finder/?keywords=b71adb6b19097f47d8e0eb43a5efa4ef From sle-security-updates at lists.suse.com Fri Dec 5 23:04:38 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 6 Dec 2014 07:04:38 +0100 (CET) Subject: SUSE-SU-2014:1577-1: Security update for flac Message-ID: <20141206060438.5B22532342@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1577-1 Rating: low References: #906831 #907016 Cross-References: CVE-2014-8962 CVE-2014-9028 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flac was updated to fix two security issues: * Stack overflow may result in arbitrary code execution (CVE-2014-8962). * Heap overflow via specially crafted .flac files (CVE-2014-9028). Security Issues: * CVE-2014-8962 * CVE-2014-9028 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-flac-10029 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-flac-10029 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-flac-10029 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flac-10029 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): flac-devel-1.2.1-68.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libFLAC++6-32bit-1.2.1-68.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libFLAC++6-x86-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libFLAC++6-1.2.1-68.17.1 libFLAC8-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libFLAC8-32bit-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libFLAC++6-1.2.1-68.17.1 libFLAC8-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libFLAC8-32bit-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libFLAC8-x86-1.2.1-68.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libFLAC++6-1.2.1-68.17.1 libFLAC8-1.2.1-68.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libFLAC8-32bit-1.2.1-68.17.1 References: http://support.novell.com/security/cve/CVE-2014-8962.html http://support.novell.com/security/cve/CVE-2014-9028.html https://bugzilla.suse.com/show_bug.cgi?id=906831 https://bugzilla.suse.com/show_bug.cgi?id=907016 http://download.suse.com/patch/finder/?keywords=4d4757eada5e86ae5fc46fc89ef0f248 From sle-security-updates at lists.suse.com Mon Dec 8 09:06:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Dec 2014 17:06:14 +0100 (CET) Subject: SUSE-SU-2014:1592-1: moderate: Security update for tigervnc Message-ID: <20141208160614.40FD732345@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1592-1 Rating: moderate References: #900896 #906922 Cross-References: CVE-2014-8240 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tigervnc provides the following fixes: - Fixed integer overflow flaw, leading to a heap-based buffer overflow in screen size handling. (CVE-2014-8240) - Send correctly keys that don't type any characters, such as CTRL+Space. (bnc#906922) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-101 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-101 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tigervnc-1.3.0-22.3 tigervnc-debuginfo-1.3.0-22.3 tigervnc-debugsource-1.3.0-22.3 xorg-x11-Xvnc-1.3.0-22.3 xorg-x11-Xvnc-debuginfo-1.3.0-22.3 - SUSE Linux Enterprise Desktop 12 (x86_64): tigervnc-1.3.0-22.3 tigervnc-debuginfo-1.3.0-22.3 tigervnc-debugsource-1.3.0-22.3 xorg-x11-Xvnc-1.3.0-22.3 xorg-x11-Xvnc-debuginfo-1.3.0-22.3 References: http://support.novell.com/security/cve/CVE-2014-8240.html https://bugzilla.suse.com/show_bug.cgi?id=900896 https://bugzilla.suse.com/show_bug.cgi?id=906922 From sle-security-updates at lists.suse.com Mon Dec 8 09:07:07 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Dec 2014 17:07:07 +0100 (CET) Subject: SUSE-SU-2014:1595-1: moderate: Security update for ImageMagick Message-ID: <20141208160707.C776332345@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1595-1 Rating: moderate References: #903204 #903216 #903638 #905260 Cross-References: CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ImageMagick was updated to fix four security issues. These security issues were fixed: - Crafted JPEG file could lead to DOS (CVE-2014-8716). - Out-of-bounds memory access in PCX parser (CVE-2014-8355). - Out-of-bounds memory access in resize code (CVE-2014-8354). - Out-of-bounds memory error in DCM decode (CVE-2014-8562). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-102 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-102 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-102 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-102 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ImageMagick-6.8.8.1-8.2 ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 libMagick++-6_Q16-3-6.8.8.1-8.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-8.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-8.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-8.2 ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 ImageMagick-devel-6.8.8.1-8.2 libMagick++-6_Q16-3-6.8.8.1-8.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-8.2 libMagick++-devel-6.8.8.1-8.2 perl-PerlMagick-6.8.8.1-8.2 perl-PerlMagick-debuginfo-6.8.8.1-8.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 libMagickCore-6_Q16-1-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-8.2 libMagickWand-6_Q16-1-6.8.8.1-8.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-8.2 - SUSE Linux Enterprise Desktop 12 (x86_64): ImageMagick-6.8.8.1-8.2 ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 libMagick++-6_Q16-3-6.8.8.1-8.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-8.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-8.2 libMagickCore-6_Q16-1-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-8.2 libMagickWand-6_Q16-1-6.8.8.1-8.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-8.2 References: http://support.novell.com/security/cve/CVE-2014-8354.html http://support.novell.com/security/cve/CVE-2014-8355.html http://support.novell.com/security/cve/CVE-2014-8562.html http://support.novell.com/security/cve/CVE-2014-8716.html https://bugzilla.suse.com/show_bug.cgi?id=903204 https://bugzilla.suse.com/show_bug.cgi?id=903216 https://bugzilla.suse.com/show_bug.cgi?id=903638 https://bugzilla.suse.com/show_bug.cgi?id=905260 From sle-security-updates at lists.suse.com Mon Dec 8 11:04:58 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:04:58 +0100 (CET) Subject: SUSE-SU-2014:1598-1: Security update for crowbar-barclamp-nova_dashboard Message-ID: <20141208180458.4642132345@maintenance.suse.de> SUSE Security Update: Security update for crowbar-barclamp-nova_dashboard ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1598-1 Rating: low References: #897815 Cross-References: CVE-2014-3566 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crowbar-barclamp-nova_dashboard provides the following security fix from the upstream OpenStack project: * Disable SSLv2/v3 to avoid POODLE weakness (CVE-2014-3566) Security Issues: * CVE-2014-3566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-nova_dashboard-10050 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-nova_dashboard-1.8+git.1413540742.7fcd117-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3566.html https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=b99b4537d927009c370f944e9251546f From sle-security-updates at lists.suse.com Mon Dec 8 17:04:43 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1605-1: important: Security update for OpenVPN Message-ID: <20141209000443.5930732343@maintenance.suse.de> SUSE Security Update: Security update for OpenVPN ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1605-1 Rating: important References: #895882 #907764 Cross-References: CVE-2014-8104 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes a critical denial of service vulnerability in OpenVPN: * CVE-2014-8104: Critical denial of service vulnerability in OpenVPN servers that can be triggered by authenticated attackers. Also an incompatibility with OpenVPN and OpenSSL in FIPS mode has been fixed. (bnc#895882) Security Issues: * CVE-2014-8104 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openvpn-10061 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openvpn-10061 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openvpn-10061 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): openvpn-2.0.9-143.44.1 openvpn-auth-pam-plugin-2.0.9-143.44.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.44.1 openvpn-auth-pam-plugin-2.0.9-143.44.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): openvpn-2.0.9-143.44.1 References: http://support.novell.com/security/cve/CVE-2014-8104.html https://bugzilla.suse.com/show_bug.cgi?id=895882 https://bugzilla.suse.com/show_bug.cgi?id=907764 http://download.suse.com/patch/finder/?keywords=5352ff2473420ef0f67960593d5e6560 From sle-security-updates at lists.suse.com Mon Dec 8 17:05:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Dec 2014 01:05:10 +0100 (CET) Subject: SUSE-SU-2014:1572-2: moderate: Security update for apache2-mod_wsgi Message-ID: <20141209000510.1C43F32343@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1572-2 Rating: moderate References: #903961 Cross-References: CVE-2014-8583 Affected Products: SUSE Manager Server SUSE Manager Proxy 1.7 for SLE 11 SP2 SUSE Manager Proxy SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: apache2-mod_wsgi was updated to fix one security issue: * Failure to handle errors when attempting to drop group privileges. (CVE-2014-8583) Security Issues: * CVE-2014-8583 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-apache2-mod_wsgi-10022 - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-apache2-mod_wsgi-10021 - SUSE Manager Proxy: zypper in -t patch slemap21-apache2-mod_wsgi-10022 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-apache2-mod_wsgi-10021 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Manager Proxy (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): apache2-mod_wsgi-3.3-5.7.1 References: http://support.novell.com/security/cve/CVE-2014-8583.html https://bugzilla.suse.com/show_bug.cgi?id=903961 http://download.suse.com/patch/finder/?keywords=18fb10915eba9ec79498a8b73c43767b http://download.suse.com/patch/finder/?keywords=8c590da242c918acd79f4c49f1ec16e3 From sle-security-updates at lists.suse.com Tue Dec 9 17:04:43 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1609-1: Security update for rubygem-sprockets Message-ID: <20141210000443.4A28232345@maintenance.suse.de> SUSE Security Update: Security update for rubygem-sprockets ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1609-1 Rating: low References: #903658 Cross-References: CVE-2014-7819 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-sprockets-2_10 has been updated to fix one security issue: * Arbitrary file existence disclosure (CVE-2014-7819). Security Issues: * CVE-2014-7819 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-rubygem-sprockets-2_10-9963 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rubygem-sprockets-2_10-9964 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): rubygem-sprockets-2_10-2.10.1-0.11.1 - SUSE Cloud 3 (x86_64): rubygem-sprockets-2_10-2.10.1-0.13.1 References: http://support.novell.com/security/cve/CVE-2014-7819.html https://bugzilla.suse.com/show_bug.cgi?id=903658 http://download.suse.com/patch/finder/?keywords=719244544bcbaff9dcb59537b8c8d274 http://download.suse.com/patch/finder/?keywords=823a9471289b1711d9d9df3c17298d7d From sle-security-updates at lists.suse.com Wed Dec 10 09:04:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Dec 2014 17:04:42 +0100 (CET) Subject: SUSE-SU-2014:1615-1: moderate: Security update for pidgin Message-ID: <20141210160442.EF15D32358@maintenance.suse.de> SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1615-1 Rating: moderate References: #902408 #902409 #902410 Cross-References: CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This pidgin security update fixes the following issues: - bnc#902408: remote information leak via crafted XMPP message. (CVE-2014-3698) - bnc#902410: denial of service parsing Groupwise server message. (CVE-2014-3696) - bnc#902409: crash in MXit protocol plug-in. (CVE-2014-3695) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-107 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-107 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): finch-2.10.9-8.1 finch-debuginfo-2.10.9-8.1 libpurple-2.10.9-8.1 libpurple-debuginfo-2.10.9-8.1 libpurple-meanwhile-2.10.9-8.1 libpurple-meanwhile-debuginfo-2.10.9-8.1 libpurple-tcl-2.10.9-8.1 libpurple-tcl-debuginfo-2.10.9-8.1 pidgin-2.10.9-8.1 pidgin-debuginfo-2.10.9-8.1 pidgin-debugsource-2.10.9-8.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libpurple-lang-2.10.9-8.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): finch-devel-2.10.9-8.1 libpurple-2.10.9-8.1 libpurple-debuginfo-2.10.9-8.1 libpurple-devel-2.10.9-8.1 pidgin-debuginfo-2.10.9-8.1 pidgin-debugsource-2.10.9-8.1 pidgin-devel-2.10.9-8.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): libpurple-lang-2.10.9-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): finch-2.10.9-8.1 finch-debuginfo-2.10.9-8.1 libpurple-2.10.9-8.1 libpurple-debuginfo-2.10.9-8.1 libpurple-meanwhile-2.10.9-8.1 libpurple-meanwhile-debuginfo-2.10.9-8.1 libpurple-tcl-2.10.9-8.1 libpurple-tcl-debuginfo-2.10.9-8.1 pidgin-2.10.9-8.1 pidgin-debuginfo-2.10.9-8.1 pidgin-debugsource-2.10.9-8.1 - SUSE Linux Enterprise Desktop 12 (noarch): libpurple-lang-2.10.9-8.1 References: http://support.novell.com/security/cve/CVE-2014-3695.html http://support.novell.com/security/cve/CVE-2014-3696.html http://support.novell.com/security/cve/CVE-2014-3698.html https://bugzilla.suse.com/show_bug.cgi?id=902408 https://bugzilla.suse.com/show_bug.cgi?id=902409 https://bugzilla.suse.com/show_bug.cgi?id=902410 From sle-security-updates at lists.suse.com Thu Dec 11 11:04:39 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Dec 2014 19:04:39 +0100 (CET) Subject: SUSE-SU-2014:1619-1: important: Security update for shim Message-ID: <20141211180439.174EF32358@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1619-1 Rating: important References: #813448 #863205 #866690 #875385 #889332 #889765 Cross-References: CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. It includes two new package versions. Description: shim has been updated to fix three security issues: * OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675). * Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676). * Memory corruption when processing user provided MOK lists (CVE-2014-3677). Security Issues: * CVE-2014-3675 * CVE-2014-3676 * CVE-2014-3677 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-shim-2014-11-20-9997 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 3.0u]: gnu-efi-3.0u-0.7.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 0.7.318.81ee561d and 3.0u]: gnu-efi-3.0u-0.7.2 shim-0.7.318.81ee561d-0.9.2 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 0.7.318.81ee561d and 3.0u]: gnu-efi-3.0u-0.7.2 shim-0.7.318.81ee561d-0.9.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 0.7.318.81ee561d]: shim-0.7.318.81ee561d-0.9.2 References: http://support.novell.com/security/cve/CVE-2014-3675.html http://support.novell.com/security/cve/CVE-2014-3676.html http://support.novell.com/security/cve/CVE-2014-3677.html https://bugzilla.suse.com/show_bug.cgi?id=813448 https://bugzilla.suse.com/show_bug.cgi?id=863205 https://bugzilla.suse.com/show_bug.cgi?id=866690 https://bugzilla.suse.com/show_bug.cgi?id=875385 https://bugzilla.suse.com/show_bug.cgi?id=889332 https://bugzilla.suse.com/show_bug.cgi?id=889765 http://download.suse.com/patch/finder/?keywords=9aaff893726e6b56bde50850c3154ed1 From sle-security-updates at lists.suse.com Thu Dec 11 17:04:43 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1623-1: moderate: Security update for pidgin Message-ID: <20141212000443.BA31E32356@maintenance.suse.de> SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1623-1 Rating: moderate References: #902408 #902409 #902410 Cross-References: CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This pidgin update fixes the following security issues: * bnc#902408: remote information leak via crafted XMPP message (CVE-2014-3698) * bnc#902410: denial of service parsing Groupwise server message (CVE-2014-3696) * bnc#902409: crash in MXit protocol plug-in (CVE-2014-3695) Security Issues: * CVE-2014-3698 * CVE-2014-3696 * CVE-2014-3695 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-finch-10078 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-finch-10078 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.25.2 finch-devel-2.6.6-0.25.2 libpurple-2.6.6-0.25.2 libpurple-devel-2.6.6-0.25.2 libpurple-lang-2.6.6-0.25.2 pidgin-2.6.6-0.25.2 pidgin-devel-2.6.6-0.25.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): finch-2.6.6-0.25.2 libpurple-2.6.6-0.25.2 libpurple-lang-2.6.6-0.25.2 libpurple-meanwhile-2.6.6-0.25.2 libpurple-tcl-2.6.6-0.25.2 pidgin-2.6.6-0.25.2 References: http://support.novell.com/security/cve/CVE-2014-3695.html http://support.novell.com/security/cve/CVE-2014-3696.html http://support.novell.com/security/cve/CVE-2014-3698.html https://bugzilla.suse.com/show_bug.cgi?id=902408 https://bugzilla.suse.com/show_bug.cgi?id=902409 https://bugzilla.suse.com/show_bug.cgi?id=902410 http://download.suse.com/patch/finder/?keywords=b42c0aeceaaa9ff5f85df2d7207116a2 From sle-security-updates at lists.suse.com Thu Dec 11 19:05:12 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Dec 2014 03:05:12 +0100 (CET) Subject: SUSE-SU-2014:1624-1: important: Security update for Mozilla Firefox Message-ID: <20141212020512.DD04232356@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1624-1 Rating: important References: #908009 Cross-References: CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes one version update. Description: Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 * CVE-2014-1588 * CVE-2014-1589 * CVE-2014-1590 * CVE-2014-1591 * CVE-2014-1592 * CVE-2014-1593 * CVE-2014-1594 * CVE-2014-1595 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201412-10064 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201412-10064 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201412-10064 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201412-10065 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201412-10066 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201412-10064 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.3.0esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.8.1 MozillaFirefox-translations-31.3.0esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.8.1 MozillaFirefox-translations-31.3.0esr-0.8.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.3.1 MozillaFirefox-translations-31.3.0esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.3.1 MozillaFirefox-translations-31.3.0esr-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-31.3.0esr-0.5.1 MozillaFirefox-translations-31.3.0esr-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.8.1 MozillaFirefox-translations-31.3.0esr-0.8.1 References: http://support.novell.com/security/cve/CVE-2014-1587.html http://support.novell.com/security/cve/CVE-2014-1588.html http://support.novell.com/security/cve/CVE-2014-1589.html http://support.novell.com/security/cve/CVE-2014-1590.html http://support.novell.com/security/cve/CVE-2014-1591.html http://support.novell.com/security/cve/CVE-2014-1592.html http://support.novell.com/security/cve/CVE-2014-1593.html http://support.novell.com/security/cve/CVE-2014-1594.html http://support.novell.com/security/cve/CVE-2014-1595.html https://bugzilla.suse.com/show_bug.cgi?id=908009 http://download.suse.com/patch/finder/?keywords=0615641fb2f45aa54681190d0d635b57 http://download.suse.com/patch/finder/?keywords=4ffa3a796b6b4288bb70c145016dbfa4 http://download.suse.com/patch/finder/?keywords=a163293f68a3f574c56b72fa5f1dd8ef http://download.suse.com/patch/finder/?keywords=d622a076d6545627a78da4f5c5eb804c From sle-security-updates at lists.suse.com Fri Dec 12 05:04:45 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Dec 2014 13:04:45 +0100 (CET) Subject: SUSE-SU-2014:1628-1: moderate: Security update for gnutls Message-ID: <20141212120445.9EEDC3235A@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1628-1 Rating: moderate References: #904603 Cross-References: CVE-2014-8564 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: gnutls was updated to fix one security issue. - Fixed parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-109 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-109 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-109 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnutls-debuginfo-3.2.15-4.1 gnutls-debugsource-3.2.15-4.1 libgnutls-devel-3.2.15-4.1 libgnutls-openssl-devel-3.2.15-4.1 libgnutlsxx-devel-3.2.15-4.1 libgnutlsxx28-3.2.15-4.1 libgnutlsxx28-debuginfo-3.2.15-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnutls-3.2.15-4.1 gnutls-debuginfo-3.2.15-4.1 gnutls-debugsource-3.2.15-4.1 libgnutls-openssl27-3.2.15-4.1 libgnutls-openssl27-debuginfo-3.2.15-4.1 libgnutls28-3.2.15-4.1 libgnutls28-debuginfo-3.2.15-4.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgnutls28-32bit-3.2.15-4.1 libgnutls28-debuginfo-32bit-3.2.15-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnutls-3.2.15-4.1 gnutls-debuginfo-3.2.15-4.1 gnutls-debugsource-3.2.15-4.1 libgnutls28-3.2.15-4.1 libgnutls28-32bit-3.2.15-4.1 libgnutls28-debuginfo-3.2.15-4.1 libgnutls28-debuginfo-32bit-3.2.15-4.1 References: http://support.novell.com/security/cve/CVE-2014-8564.html https://bugzilla.suse.com/show_bug.cgi?id=904603 From sle-security-updates at lists.suse.com Fri Dec 12 22:04:40 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Dec 2014 06:04:40 +0100 (CET) Subject: SUSE-SU-2014:1631-1: moderate: Security update for Image Magick Message-ID: <20141213050440.BAC593235B@maintenance.suse.de> SUSE Security Update: Security update for Image Magick ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1631-1 Rating: moderate References: #903204 #903216 #903638 #905260 Cross-References: CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ImageMagick has been updated to fix four security issues: * Crafted jpeg file could have lead to a Denial of Service (CVE-2014-8716). * Out-of-bounds memory access in resize code (CVE-2014-8354) * Out-of-bounds memory access in PCX parser (CVE-2014-8355). * Out-of-bounds memory error in DCM decode (CVE-2014-8562). Security Issues: * CVE-2014-8716 * CVE-2014-8355 * CVE-2014-8354 * CVE-2014-8562 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ImageMagick-9976 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ImageMagick-9976 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ImageMagick-9976 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ImageMagick-9976 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.30.1 ImageMagick-devel-6.4.3.6-7.30.1 libMagick++-devel-6.4.3.6-7.30.1 libMagick++1-6.4.3.6-7.30.1 libMagickWand1-6.4.3.6-7.30.1 perl-PerlMagick-6.4.3.6-7.30.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libMagickCore1-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libMagickCore1-32bit-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ImageMagick-6.4.3.6-7.30.1 libMagick++1-6.4.3.6-7.30.1 libMagickCore1-6.4.3.6-7.30.1 libMagickWand1-6.4.3.6-7.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libMagickCore1-32bit-6.4.3.6-7.30.1 References: http://support.novell.com/security/cve/CVE-2014-8354.html http://support.novell.com/security/cve/CVE-2014-8355.html http://support.novell.com/security/cve/CVE-2014-8562.html http://support.novell.com/security/cve/CVE-2014-8716.html https://bugzilla.suse.com/show_bug.cgi?id=903204 https://bugzilla.suse.com/show_bug.cgi?id=903216 https://bugzilla.suse.com/show_bug.cgi?id=903638 https://bugzilla.suse.com/show_bug.cgi?id=905260 http://download.suse.com/patch/finder/?keywords=f5721a41b940c2f4a6fd787f4d563fcc From sle-security-updates at lists.suse.com Mon Dec 15 06:04:41 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Dec 2014 14:04:41 +0100 (CET) Subject: SUSE-SU-2014:1648-1: moderate: Security update for docker, sle2docker, go Message-ID: <20141215130441.6971A3235B@maintenance.suse.de> SUSE Security Update: Security update for docker, sle2docker, go ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1648-1 Rating: moderate References: #898901 #902289 #902413 #907012 #907014 Cross-References: CVE-2014-5277 CVE-2014-5282 CVE-2014-6407 CVE-2014-6408 CVE-2014-7189 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Docker was updated to version 1.3.2 to fix five security issues and several other bugs. - Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and bnc#907014 (CVE-2014-6408) - Fixed minor packaging issues. These security issues were fixed: - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry (CVE-2014-5277). - Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified. - Tagging image to ID can redirect images on subsequent pulls (CVE-2014-5282). - Fix tar breakout vulnerability (CVE-2014-6407) - Extractions are now sandboxed chroot (CVE-2014-6407) - Security options are no longer committed to images (CVE-2014-6408) These non-security issues were fixed: - Fix deadlock in `docker ps -f exited=1` - Fix a bug when `--volumes-from` references a container that failed to start - `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16 - Private registries whose IPs fall in the 127.0.0.0/8 range do no need the `--insecure-registry` flag - Skip the experimental registry v2 API when mirroring is enabled - Fix issue where volumes would not be shared - Fix issue with `--iptables=false` not automatically setting `--ip-masq=false` - Fix docker run output to non-TTY stdout - Fix escaping `$` for environment variables - Fix issue with lowercase `onbuild` Dockerfile instruction - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER` - docker `exec` allows you to run additional processes inside existing containers - docker `create` gives you the ability to create a container via the cli without executing a process - `--security-opts` options to allow user to customize container labels and apparmor profiles - docker `ps` filters - Wildcard support to copy/add - Move production urls to get.docker.com from get.docker.io - Allocate ip address on the bridge inside a valid cidr - Use drone.io for pr and ci testing - Ability to setup an official registry mirror - Ability to save multiple images with docker `save` go was updated to version 1.3.3 to fix one security issue and several other bugs. This security issue was fixed: - TLS client authentication issue (CVE-2014-7189). These non-security issues were fixed: - Avoid stripping debuginfo on arm, it fails (and is not necessary) - Revert the /usr/share/go/contrib symlink as it caused problems during update. Moved all go sources to /usr/share/go/contrib/src instead of /usr/share/go/contrib/src/pkg and created pkg and src symlinks in contrib to add it to GOPATH - Fixed %go_contribsrcdir value - Copy temporary macros.go as go.macros to avoid it to be built - Do not modify Source: files, because that makes the .src.rpm being tied to one specific arch. - Removed extra src folder in /usr/share/go/contrib: the goal is to transform this folder into a proper entry for GOPATH. This folder is now linked to %{_libdir}/go/contrib - go requires gcc to build sources using cgo - tools-packaging.patch: Allow building cover and vet tools in $GOROOT_TARGET/pkg/tool instead of $GOROOT/pkg/tool. This will allow building go tools as a separate package sle2docker was updated to version 0.2.2 to fix one bug: - Fix SLE12 urls (bnc#902289) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-111 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): docker-1.3.2-9.1 docker-debuginfo-1.3.2-9.1 docker-debugsource-1.3.2-9.1 ruby2.1-rubygem-sle2docker-0.2.3-5.1 sle2docker-0.2.3-5.1 References: http://support.novell.com/security/cve/CVE-2014-5277.html http://support.novell.com/security/cve/CVE-2014-5282.html http://support.novell.com/security/cve/CVE-2014-6407.html http://support.novell.com/security/cve/CVE-2014-6408.html http://support.novell.com/security/cve/CVE-2014-7189.html https://bugzilla.suse.com/show_bug.cgi?id=898901 https://bugzilla.suse.com/show_bug.cgi?id=902289 https://bugzilla.suse.com/show_bug.cgi?id=902413 https://bugzilla.suse.com/show_bug.cgi?id=907012 https://bugzilla.suse.com/show_bug.cgi?id=907014 From sle-security-updates at lists.suse.com Mon Dec 15 06:05:35 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Dec 2014 14:05:35 +0100 (CET) Subject: SUSE-SU-2014:1649-1: moderate: Security update for flash-player Message-ID: <20141215130535.5990E3235B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1649-1 Rating: moderate References: #909219 Cross-References: CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This flash-player security version update fixes the following issues: - Security update to 11.2.202.425 (bsc#909219): * APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-110 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-110 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.425-19.1 flash-player-gnome-11.2.202.425-19.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.425-19.1 flash-player-gnome-11.2.202.425-19.1 References: http://support.novell.com/security/cve/CVE-2014-0580.html http://support.novell.com/security/cve/CVE-2014-0587.html http://support.novell.com/security/cve/CVE-2014-8443.html http://support.novell.com/security/cve/CVE-2014-9162.html http://support.novell.com/security/cve/CVE-2014-9163.html http://support.novell.com/security/cve/CVE-2014-9164.html https://bugzilla.suse.com/show_bug.cgi?id=909219 From sle-security-updates at lists.suse.com Mon Dec 15 17:04:44 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Dec 2014 01:04:44 +0100 (CET) Subject: SUSE-SU-2014:1650-1: important: Security update for flash-player Message-ID: <20141216000444.052BC3235A@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1650-1 Rating: important References: #909219 Cross-References: CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: This flash-player security update fixes the following issues: * Security update to 11.2.202.425 (bnc#909219): o APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 Security Issues: * CVE-2014-0580 * CVE-2014-0587 * CVE-2014-8443 * CVE-2014-9162 * CVE-2014-9163 * CVE-2014-9164 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10090 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.425]: flash-player-11.2.202.425-0.3.1 flash-player-gnome-11.2.202.425-0.3.1 flash-player-kde4-11.2.202.425-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0580.html http://support.novell.com/security/cve/CVE-2014-0587.html http://support.novell.com/security/cve/CVE-2014-8443.html http://support.novell.com/security/cve/CVE-2014-9162.html http://support.novell.com/security/cve/CVE-2014-9163.html http://support.novell.com/security/cve/CVE-2014-9164.html https://bugzilla.suse.com/show_bug.cgi?id=909219 http://download.suse.com/patch/finder/?keywords=057ea7b242b47261313158ae660068aa From sle-security-updates at lists.suse.com Wed Dec 17 02:04:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Dec 2014 10:04:42 +0100 (CET) Subject: SUSE-SU-2014:1652-1: moderate: Security update for cpio Message-ID: <20141217090442.F266E3235F@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1652-1 Rating: moderate References: #658010 #907456 Cross-References: CVE-2014-9112 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This cpio security update fixes the following buffer overflow issue and two non security issues: - fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112) - prevent cpio from extracting over a symlink (bnc#658010) - fix a truncation check in mt Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-113 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-113 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpio-2.11-29.1 cpio-debuginfo-2.11-29.1 cpio-debugsource-2.11-29.1 - SUSE Linux Enterprise Server 12 (noarch): cpio-lang-2.11-29.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cpio-2.11-29.1 cpio-debuginfo-2.11-29.1 cpio-debugsource-2.11-29.1 - SUSE Linux Enterprise Desktop 12 (noarch): cpio-lang-2.11-29.1 References: http://support.novell.com/security/cve/CVE-2014-9112.html https://bugzilla.suse.com/show_bug.cgi?id=658010 https://bugzilla.suse.com/show_bug.cgi?id=907456 From sle-security-updates at lists.suse.com Thu Dec 18 02:04:41 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Dec 2014 10:04:41 +0100 (CET) Subject: SUSE-SU-2014:1658-1: moderate: Security update for mailx Message-ID: <20141218090441.0817E3235F@maintenance.suse.de> SUSE Security Update: Security update for mailx ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1658-1 Rating: moderate References: #909208 Cross-References: CVE-2004-2771 CVE-2014-7844 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This mailx update fixes the following security and non security issues: - bsc#909208: shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844) - Correct comment in spec file Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-114 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-114 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mailx-12.5-22.1 mailx-debuginfo-12.5-22.1 mailx-debugsource-12.5-22.1 - SUSE Linux Enterprise Desktop 12 (x86_64): mailx-12.5-22.1 mailx-debuginfo-12.5-22.1 mailx-debugsource-12.5-22.1 References: http://support.novell.com/security/cve/CVE-2004-2771.html http://support.novell.com/security/cve/CVE-2014-7844.html https://bugzilla.suse.com/show_bug.cgi?id=909208 From sle-security-updates at lists.suse.com Thu Dec 18 07:04:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Dec 2014 15:04:42 +0100 (CET) Subject: SUSE-SU-2014:1663-1: moderate: Security update for flac Message-ID: <20141218140442.461353235F@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1663-1 Rating: moderate References: #906831 #907016 Cross-References: CVE-2014-8962 CVE-2014-9028 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flac was updated to fix two security issues. These security issues were fixed: - Stack overflow may result in arbitrary code execution (CVE-2014-8962). - Heap overflow via specially crafted .flac files (CVE-2014-9028). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-115 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-115 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-115 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-6.1 flac-debugsource-1.3.0-6.1 flac-devel-1.3.0-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-6.1 flac-debugsource-1.3.0-6.1 libFLAC++6-1.3.0-6.1 libFLAC++6-debuginfo-1.3.0-6.1 libFLAC8-1.3.0-6.1 libFLAC8-debuginfo-1.3.0-6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libFLAC8-32bit-1.3.0-6.1 libFLAC8-debuginfo-32bit-1.3.0-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flac-debuginfo-1.3.0-6.1 flac-debugsource-1.3.0-6.1 libFLAC8-1.3.0-6.1 libFLAC8-32bit-1.3.0-6.1 libFLAC8-debuginfo-1.3.0-6.1 libFLAC8-debuginfo-32bit-1.3.0-6.1 References: http://support.novell.com/security/cve/CVE-2014-8962.html http://support.novell.com/security/cve/CVE-2014-9028.html https://bugzilla.suse.com/show_bug.cgi?id=906831 https://bugzilla.suse.com/show_bug.cgi?id=907016 From sle-security-updates at lists.suse.com Fri Dec 19 21:04:47 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 20 Dec 2014 05:04:47 +0100 (CET) Subject: SUSE-SU-2014:1675-1: moderate: Security update for cpio Message-ID: <20141220040447.1649E3235F@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1675-1 Rating: moderate References: #907456 Cross-References: CVE-2014-9112 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This cpio update fixes the following security issue: * bnc#907456: heap-based buffer overflow flaw in list_file() (CVE-2014-9112) Security Issues: * CVE-2014-9112 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cpio-10070 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cpio-10070 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cpio-10070 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cpio-2.9-75.78.1 cpio-lang-2.9-75.78.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): cpio-2.9-75.78.1 cpio-lang-2.9-75.78.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cpio-2.9-75.78.1 cpio-lang-2.9-75.78.1 References: http://support.novell.com/security/cve/CVE-2014-9112.html https://bugzilla.suse.com/show_bug.cgi?id=907456 http://download.suse.com/patch/finder/?keywords=a4487bcd3ff34f0442c1dfa5792cc9b0 From sle-security-updates at lists.suse.com Fri Dec 19 22:05:24 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 20 Dec 2014 06:05:24 +0100 (CET) Subject: SUSE-SU-2014:1676-1: Security update for libksba Message-ID: <20141220050524.401663235F@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1676-1 Rating: low References: #907074 Cross-References: CVE-2014-9087 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libksba update fixes the following security issue: * bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087) Security Issues: * CVE-2014-9087 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libksba-10087 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libksba-10087 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libksba-10087 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libksba-10087 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libksba-devel-1.0.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libksba-1.0.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libksba-1.0.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libksba-1.0.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2014-9087.html https://bugzilla.suse.com/show_bug.cgi?id=907074 http://download.suse.com/patch/finder/?keywords=91d1950430d0f82e1c891e6e8bbadf08 From sle-security-updates at lists.suse.com Mon Dec 22 13:04:46 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Dec 2014 21:04:46 +0100 (CET) Subject: SUSE-SU-2014:1686-1: critical: Security update for ntp Message-ID: <20141222200446.CA4013235F@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1686-1 Rating: critical References: #910764 Cross-References: CVE-2014-9295 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ntp update fixes the following critical security issue: * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879) Security Issues: * CVE-2014-9295 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ntp-10117 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ntp-10117 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-ntp-10118 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ntp-10117 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html https://bugzilla.suse.com/show_bug.cgi?id=910764 http://download.suse.com/patch/finder/?keywords=49ee0f538b0a3f58f2160d4c87450ab9 http://download.suse.com/patch/finder/?keywords=8082bb36619fe906d1390813bfcdf0b2 From sle-security-updates at lists.suse.com Tue Dec 23 10:05:00 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Dec 2014 18:05:00 +0100 (CET) Subject: SUSE-SU-2014:1690-1: critical: Security update for ntp Message-ID: <20141223170500.064D53235F@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1690-1 Rating: critical References: #910764 Cross-References: CVE-2014-9295 CVE-2014-9296 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The network timeservice ntp was updated to fix critical security issues (bnc#910764, CERT VU#852879) * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-118 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-118 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.6p5-31.1 ntp-debuginfo-4.2.6p5-31.1 ntp-debugsource-4.2.6p5-31.1 ntp-doc-4.2.6p5-31.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.6p5-31.1 ntp-debuginfo-4.2.6p5-31.1 ntp-debugsource-4.2.6p5-31.1 ntp-doc-4.2.6p5-31.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html http://support.novell.com/security/cve/CVE-2014-9296.html https://bugzilla.suse.com/show_bug.cgi?id=910764 From sle-security-updates at lists.suse.com Tue Dec 23 11:04:47 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Dec 2014 19:04:47 +0100 (CET) Subject: SUSE-SU-2014:1691-1: moderate: Security update for Xen Message-ID: <20141223180447.D106D3235F@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1691-1 Rating: moderate References: #880751 #895799 #903850 #903970 #905467 #906439 Cross-References: CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: Xen has been updated to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). Security Issues: * CVE-2014-8594 * CVE-2014-8595 * CVE-2014-9030 * CVE-2014-8866 * CVE-2014-8867 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.9.1 xen-devel-3.2.3_17040_46-0.9.1 xen-doc-html-3.2.3_17040_46-0.9.1 xen-doc-pdf-3.2.3_17040_46-0.9.1 xen-doc-ps-3.2.3_17040_46-0.9.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-libs-3.2.3_17040_46-0.9.1 xen-tools-3.2.3_17040_46-0.9.1 xen-tools-domU-3.2.3_17040_46-0.9.1 xen-tools-ioemu-3.2.3_17040_46-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 References: http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=880751 https://bugzilla.suse.com/show_bug.cgi?id=895799 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=2430903f7edca75f2ff542e854abf451 From sle-security-updates at lists.suse.com Tue Dec 23 11:05:55 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Dec 2014 19:05:55 +0100 (CET) Subject: SUSE-SU-2014:1692-1: Security update for tcpdump Message-ID: <20141223180555.871F33235F@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1692-1 Rating: low References: #905870 #905872 Cross-References: CVE-2014-8767 CVE-2014-8769 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: tcpdump has been updated to fix two security issues: * bnc#905872: Unreliable output using malformed AOVD payload (CVE-2014-8769). * bnc#905870: Denial of service in verbose mode using malformed OLSR payload (CVE-2014-8767). Security Issues: * CVE-2014-8769 * CVE-2014-8767 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-tcpdump-10093 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-tcpdump-10093 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-tcpdump-10093 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): tcpdump-3.9.8-1.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): tcpdump-3.9.8-1.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): tcpdump-3.9.8-1.23.1 References: http://support.novell.com/security/cve/CVE-2014-8767.html http://support.novell.com/security/cve/CVE-2014-8769.html https://bugzilla.suse.com/show_bug.cgi?id=905870 https://bugzilla.suse.com/show_bug.cgi?id=905872 http://download.suse.com/patch/finder/?keywords=f2c744b99b6865b54864e4810ad8e4ce From sle-security-updates at lists.suse.com Tue Dec 23 11:06:19 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Dec 2014 19:06:19 +0100 (CET) Subject: SUSE-SU-2014:1693-1: important: Security update for Linux kernel Message-ID: <20141223180619.6581E3235F@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1693-1 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8709 CVE-2014-8884 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Linux Kernel on x86 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-10037 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-10037 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-10037 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-10037 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-pae-3.0.101-0.42.1 kernel-pae-base-3.0.101-0.42.1 kernel-pae-devel-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-3.0.101-0.42.1 kernel-trace-base-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 kernel-xen-devel-3.0.101-0.42.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-ec2-3.0.101-0.42.1 kernel-ec2-base-3.0.101-0.42.1 kernel-ec2-devel-3.0.101-0.42.1 kernel-pae-3.0.101-0.42.1 kernel-pae-base-3.0.101-0.42.1 kernel-pae-devel-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-3.0.101-0.42.1 kernel-trace-base-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 kernel-xen-3.0.101-0.42.1 kernel-xen-base-3.0.101-0.42.1 kernel-xen-devel-3.0.101-0.42.1 xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2 xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-default-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-pae-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-trace-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-xen-1.4_3.0.101_0.42-2.27.115 gfs2-kmp-default-2_3.0.101_0.42-0.16.121 gfs2-kmp-pae-2_3.0.101_0.42-0.16.121 gfs2-kmp-trace-2_3.0.101_0.42-0.16.121 gfs2-kmp-xen-2_3.0.101_0.42-0.16.121 ocfs2-kmp-default-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-pae-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-trace-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-xen-1.6_3.0.101_0.42-0.20.115 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-default-extra-3.0.101-0.42.1 kernel-pae-3.0.101-0.42.1 kernel-pae-base-3.0.101-0.42.1 kernel-pae-devel-3.0.101-0.42.1 kernel-pae-extra-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 kernel-xen-3.0.101-0.42.1 kernel-xen-base-3.0.101-0.42.1 kernel-xen-devel-3.0.101-0.42.1 kernel-xen-extra-3.0.101-0.42.1 xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2 xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x): kernel-default-extra-3.0.101-0.42.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.42.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.42.1 kernel-xen-extra-3.0.101-0.42.1 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 http://download.suse.com/patch/finder/?keywords=2969b6fb6821f3c1c5779cb35e36252b http://download.suse.com/patch/finder/?keywords=9da207bd70d4d6642d94fe875803ac61 http://download.suse.com/patch/finder/?keywords=a2d767013b3d89848dc24f9f8e959d1b http://download.suse.com/patch/finder/?keywords=ac39209a595f41dfe7246b4c02e9fa0e http://download.suse.com/patch/finder/?keywords=d7fb7c9ea045657cf163753ab42e7d48 From sle-security-updates at lists.suse.com Tue Dec 23 12:04:45 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Dec 2014 20:04:45 +0100 (CET) Subject: SUSE-SU-2014:1694-1: important: Security update for openvpn Message-ID: <20141223190445.58D0F3235B@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1694-1 Rating: important References: #907764 Cross-References: CVE-2014-8104 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A remote denial of service attack against openvpn was fixed, where a authenticated client cloud stop the server by triggering a server-side ASSERT (CVE-2014-8104), Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-120 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-120 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openvpn-2.3.2-11.1 openvpn-auth-pam-plugin-2.3.2-11.1 openvpn-auth-pam-plugin-debuginfo-2.3.2-11.1 openvpn-debuginfo-2.3.2-11.1 openvpn-debugsource-2.3.2-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openvpn-2.3.2-11.1 openvpn-debuginfo-2.3.2-11.1 openvpn-debugsource-2.3.2-11.1 References: http://support.novell.com/security/cve/CVE-2014-8104.html https://bugzilla.suse.com/show_bug.cgi?id=907764 From sle-security-updates at lists.suse.com Tue Dec 23 12:05:01 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Dec 2014 20:05:01 +0100 (CET) Subject: SUSE-SU-2014:1695-1: important: Security update for Linux kernel Message-ID: <20141223190501.814033235F@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1695-1 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 #907818 #909077 #910251 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8133 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-10103 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-10103 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-10103 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-10103 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.46.1 kernel-default-3.0.101-0.46.1 kernel-default-base-3.0.101-0.46.1 kernel-default-devel-3.0.101-0.46.1 kernel-source-3.0.101-0.46.1 kernel-syms-3.0.101-0.46.1 kernel-trace-3.0.101-0.46.1 kernel-trace-base-3.0.101-0.46.1 kernel-trace-devel-3.0.101-0.46.1 kernel-xen-devel-3.0.101-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-3.0.101-0.46.1 kernel-bigsmp-base-3.0.101-0.46.1 kernel-bigsmp-devel-3.0.101-0.46.1 kernel-default-3.0.101-0.46.1 kernel-default-base-3.0.101-0.46.1 kernel-default-devel-3.0.101-0.46.1 kernel-ec2-3.0.101-0.46.1 kernel-ec2-base-3.0.101-0.46.1 kernel-ec2-devel-3.0.101-0.46.1 kernel-source-3.0.101-0.46.1 kernel-syms-3.0.101-0.46.1 kernel-trace-3.0.101-0.46.1 kernel-trace-base-3.0.101-0.46.1 kernel-trace-devel-3.0.101-0.46.1 kernel-xen-3.0.101-0.46.1 kernel-xen-base-3.0.101-0.46.1 kernel-xen-devel-3.0.101-0.46.1 xen-kmp-default-4.2.5_02_3.0.101_0.46-0.7.9 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64): cluster-network-kmp-bigsmp-1.4_3.0.101_0.46-2.27.120 cluster-network-kmp-default-1.4_3.0.101_0.46-2.27.120 cluster-network-kmp-trace-1.4_3.0.101_0.46-2.27.120 cluster-network-kmp-xen-1.4_3.0.101_0.46-2.27.120 gfs2-kmp-bigsmp-2_3.0.101_0.46-0.16.126 gfs2-kmp-default-2_3.0.101_0.46-0.16.126 gfs2-kmp-trace-2_3.0.101_0.46-0.16.126 gfs2-kmp-xen-2_3.0.101_0.46-0.16.126 ocfs2-kmp-bigsmp-1.6_3.0.101_0.46-0.20.120 ocfs2-kmp-default-1.6_3.0.101_0.46-0.20.120 ocfs2-kmp-trace-1.6_3.0.101_0.46-0.20.120 ocfs2-kmp-xen-1.6_3.0.101_0.46-0.20.120 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.46.1 kernel-default-3.0.101-0.46.1 kernel-default-base-3.0.101-0.46.1 kernel-default-devel-3.0.101-0.46.1 kernel-default-extra-3.0.101-0.46.1 kernel-source-3.0.101-0.46.1 kernel-syms-3.0.101-0.46.1 kernel-trace-devel-3.0.101-0.46.1 kernel-xen-3.0.101-0.46.1 kernel-xen-base-3.0.101-0.46.1 kernel-xen-devel-3.0.101-0.46.1 kernel-xen-extra-3.0.101-0.46.1 xen-kmp-default-4.2.5_02_3.0.101_0.46-0.7.9 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-bigsmp-extra-3.0.101-0.46.1 kernel-default-extra-3.0.101-0.46.1 kernel-xen-extra-3.0.101-0.46.1 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 http://download.suse.com/patch/finder/?keywords=862382a71da04b8618cfe4076b0bbe5e http://download.suse.com/patch/finder/?keywords=f5de0855dbf77afed3873613996e2a43 From sle-security-updates at lists.suse.com Wed Dec 24 00:04:41 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:04:41 +0100 (CET) Subject: SUSE-SU-2014:1696-1: moderate: Security update for mailx Message-ID: <20141224070441.91C1C3235F@maintenance.suse.de> SUSE Security Update: Security update for mailx ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1696-1 Rating: moderate References: #909208 Cross-References: CVE-2004-2771 CVE-2014-7844 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This mailx update fixes the following security issues: * bnc#909208: Shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844). Security Issues: * CVE-2004-2771 * CVE-2014-7844 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mailx-10096 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mailx-10096 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mailx-10096 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mailx-12.5-1.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mailx-12.5-1.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mailx-12.5-1.7.1 References: http://support.novell.com/security/cve/CVE-2004-2771.html http://support.novell.com/security/cve/CVE-2014-7844.html https://bugzilla.suse.com/show_bug.cgi?id=909208 http://download.suse.com/patch/finder/?keywords=4c55a9784f8c46ad7ff703097f1037ba From sle-security-updates at lists.suse.com Wed Dec 24 00:04:57 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:04:57 +0100 (CET) Subject: SUSE-SU-2014:1697-1: important: Security update for popt Message-ID: <20141224070457.6BAC13235F@maintenance.suse.de> SUSE Security Update: Security update for popt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1697-1 Rating: important References: #892431 #906803 #908128 Cross-References: CVE-2013-6435 CVE-2014-8118 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This rpm update fixes the following security and non security issues. * bnc#908128: check for bad invalid name sizes (CVE-2014-8118) * bnc#906803: create files with mode 0 (CVE-2013-6435) * bnc#892431: honor --noglob in install mode Security Issues: * CVE-2014-8118 * CVE-2013-6435 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-popt-10097 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-popt-10097 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-popt-10097 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-popt-10097 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): popt-devel-1.7-37.60.2 rpm-devel-4.4.2.3-37.60.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): rpm-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): popt-devel-32bit-1.7-37.60.2 rpm-devel-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): rpm-x86-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): popt-1.7-37.60.2 rpm-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): popt-32bit-1.7-37.60.2 rpm-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): popt-1.7-37.60.2 rpm-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): popt-32bit-1.7-37.60.2 rpm-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): popt-x86-1.7-37.60.2 rpm-x86-4.4.2.3-37.60.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): popt-1.7-37.60.2 rpm-4.4.2.3-37.60.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): popt-32bit-1.7-37.60.2 rpm-32bit-4.4.2.3-37.60.2 References: http://support.novell.com/security/cve/CVE-2013-6435.html http://support.novell.com/security/cve/CVE-2014-8118.html https://bugzilla.suse.com/show_bug.cgi?id=892431 https://bugzilla.suse.com/show_bug.cgi?id=906803 https://bugzilla.suse.com/show_bug.cgi?id=908128 http://download.suse.com/patch/finder/?keywords=25800fa95867098c22bbab2dce9ea93b From sle-security-updates at lists.suse.com Wed Dec 24 00:05:35 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:05:35 +0100 (CET) Subject: SUSE-SU-2014:1686-2: critical: Security update for xntp Message-ID: <20141224070535.6A23F3235B@maintenance.suse.de> SUSE Security Update: Security update for xntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1686-2 Rating: critical References: #910764 Cross-References: CVE-2014-9295 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ntp update fixes the following critical security issue: * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879) Security Issues: * CVE-2014-9295 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): xntp-4.2.4p3-48.25.1 xntp-doc-4.2.4p3-48.25.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html https://bugzilla.suse.com/show_bug.cgi?id=910764 http://download.suse.com/patch/finder/?keywords=f4d33535cb6a1f3819d1cd7bb928b58f From sle-security-updates at lists.suse.com Wed Dec 24 00:05:51 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:05:51 +0100 (CET) Subject: SUSE-SU-2014:1698-1: important: Security update for Linux kernel Message-ID: <20141224070551.B812A3235F@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1698-1 Rating: important References: #907818 #909077 #910251 Cross-References: CVE-2014-8133 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes two new package versions. Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed: * CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could have been used by local attackers to crash the machine or execute code. * CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1 -clock-tests test suite. * CVE-2014-8133: Insufficient validation of TLS register usage could have leaked information from the kernel stack to userspace. Security Issues: * CVE-2014-8133 * CVE-2014-9090 * CVE-2014-9322 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-kernel-10114 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-kernel-10109 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.27.1 kernel-default-base-3.0.101-0.7.27.1 kernel-default-devel-3.0.101-0.7.27.1 kernel-ec2-3.0.101-0.7.27.1 kernel-ec2-base-3.0.101-0.7.27.1 kernel-ec2-devel-3.0.101-0.7.27.1 kernel-source-3.0.101-0.7.27.1 kernel-syms-3.0.101-0.7.27.1 kernel-trace-3.0.101-0.7.27.1 kernel-trace-base-3.0.101-0.7.27.1 kernel-trace-devel-3.0.101-0.7.27.1 kernel-xen-3.0.101-0.7.27.1 kernel-xen-base-3.0.101-0.7.27.1 kernel-xen-devel-3.0.101-0.7.27.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.27-0.5.5 xen-kmp-trace-4.1.6_08_3.0.101_0.7.27-0.5.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (x86_64) [New Version: 2.6.32.59]: kernel-default-2.6.32.59-0.17.1 kernel-default-base-2.6.32.59-0.17.1 kernel-default-devel-2.6.32.59-0.17.1 kernel-ec2-2.6.32.59-0.17.1 kernel-ec2-base-2.6.32.59-0.17.1 kernel-ec2-devel-2.6.32.59-0.17.1 kernel-source-2.6.32.59-0.17.1 kernel-syms-2.6.32.59-0.17.1 kernel-trace-2.6.32.59-0.17.1 kernel-trace-base-2.6.32.59-0.17.1 kernel-trace-devel-2.6.32.59-0.17.1 kernel-xen-2.6.32.59-0.17.1 kernel-xen-base-2.6.32.59-0.17.1 kernel-xen-devel-2.6.32.59-0.17.1 xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.17-0.9.2 xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.17-0.9.2 - SLE 11 SERVER Unsupported Extras (x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.27-0.14.132 ext4-writeable-kmp-trace-0_3.0.101_0.7.27-0.14.132 ext4-writeable-kmp-xen-0_3.0.101_0.7.27-0.14.132 kernel-default-extra-2.6.32.59-0.17.1 kernel-default-extra-3.0.101-0.7.27.1 kernel-xen-extra-2.6.32.59-0.17.1 kernel-xen-extra-3.0.101-0.7.27.1 References: http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 http://download.suse.com/patch/finder/?keywords=17cbd241265ffb7301400d4f2497c986 http://download.suse.com/patch/finder/?keywords=ea18fe4b0ce01bc702a6120012e00755 http://download.suse.com/patch/finder/?keywords=eb83dad7b182df22a0ec3ccf37ff136d http://download.suse.com/patch/finder/?keywords=fd8795d7eb65884e7e60e637c1890c6f From sle-security-updates at lists.suse.com Wed Dec 24 00:06:28 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:06:28 +0100 (CET) Subject: SUSE-SU-2014:1699-1: moderate: Security update for libyaml-0-2 Message-ID: <20141224070628.3E96E3235F@maintenance.suse.de> SUSE Security Update: Security update for libyaml-0-2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1699-1 Rating: moderate References: #907809 Cross-References: CVE-2014-9130 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libyaml update fixes the following security issue: * assert failure when processing wrapped strings (bnc#907809, CVE-2014-9130) Security Issues: * CVE-2014-9130 Contraindications: Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-libyaml-0-2-10073 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-libyaml-0-2-10074 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): libyaml-0-2-0.1.3-0.10.16.1 - SUSE Cloud 3 (x86_64): libyaml-0-2-0.1.3-0.10.16.1 References: http://support.novell.com/security/cve/CVE-2014-9130.html https://bugzilla.suse.com/show_bug.cgi?id=907809 http://download.suse.com/patch/finder/?keywords=108a6d54e4f1e8edc3b51e53ac719241 http://download.suse.com/patch/finder/?keywords=bfad0248402abc2401664bec31151059 From sle-security-updates at lists.suse.com Wed Dec 24 00:06:42 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:06:42 +0100 (CET) Subject: SUSE-SU-2014:1700-1: moderate: Security update for Xen Message-ID: <20141224070642.4DAF23235F@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1700-1 Rating: moderate References: #866902 #882089 #896023 #901317 #903850 #903967 #903970 #905465 #905467 #906439 Cross-References: CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: Xen has been updated to version 4.2.5 with additional patches to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). These non-security issues have been fixed: * Xen save/restore of HVM guests cuts off disk and networking (bnc#866902). * Windows 2012 R2 fails to boot up with greater than 60 vcpus (bnc#882089). * Increase limit domUloader to 32MB (bnc#901317). * Adjust xentop column layout (bnc#896023). Security Issues: * CVE-2014-9030 * CVE-2014-8867 * CVE-2014-8866 * CVE-2014-8595 * CVE-2014-8594 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xen-11sp3-2014-11-26-10018 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xen-11sp3-2014-11-26-10018 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xen-11sp3-2014-11-26-10018 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): xen-devel-4.2.5_02-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-4.2.5_02-0.7.1 xen-doc-html-4.2.5_02-0.7.1 xen-doc-pdf-4.2.5_02-0.7.1 xen-kmp-default-4.2.5_02_3.0.101_0.40-0.7.1 xen-libs-32bit-4.2.5_02-0.7.1 xen-libs-4.2.5_02-0.7.1 xen-tools-4.2.5_02-0.7.1 xen-tools-domU-4.2.5_02-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-4.2.5_02-0.7.1 xen-doc-html-4.2.5_02-0.7.1 xen-doc-pdf-4.2.5_02-0.7.1 xen-kmp-default-4.2.5_02_3.0.101_0.40-0.7.1 xen-libs-32bit-4.2.5_02-0.7.1 xen-libs-4.2.5_02-0.7.1 xen-tools-4.2.5_02-0.7.1 xen-tools-domU-4.2.5_02-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=866902 https://bugzilla.suse.com/show_bug.cgi?id=882089 https://bugzilla.suse.com/show_bug.cgi?id=896023 https://bugzilla.suse.com/show_bug.cgi?id=901317 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905465 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=b64990dee077b443be24ed84558ed00b From sle-security-updates at lists.suse.com Wed Dec 24 00:08:45 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:08:45 +0100 (CET) Subject: SUSE-SU-2014:1693-2: important: Security update for Linux kernel Message-ID: <20141224070845.AF3DA3235F@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1693-2 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8709 CVE-2014-8884 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Linux Kernel on s390x architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-10038 slessp3-kernel-10039 slessp3-kernel-10040 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-10038 slehasp3-kernel-10039 slehasp3-kernel-10040 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (ia64 ppc64 s390x) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-3.0.101-0.42.1 kernel-trace-base-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.42.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.42.1 kernel-ppc64-base-3.0.101-0.42.1 kernel-ppc64-devel-3.0.101-0.42.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ia64 ppc64 s390x): cluster-network-kmp-default-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-trace-1.4_3.0.101_0.42-2.27.115 gfs2-kmp-default-2_3.0.101_0.42-0.16.121 gfs2-kmp-trace-2_3.0.101_0.42-0.16.121 ocfs2-kmp-default-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-trace-1.6_3.0.101_0.42-0.20.115 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.42-2.27.115 gfs2-kmp-ppc64-2_3.0.101_0.42-0.16.121 ocfs2-kmp-ppc64-1.6_3.0.101_0.42-0.20.115 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 http://download.suse.com/patch/finder/?keywords=759bd5232756bc1601d59154022f3e0a http://download.suse.com/patch/finder/?keywords=7c8bcdf8aeebe75105e56721788b47f9 http://download.suse.com/patch/finder/?keywords=ccd0e8b5f2fdf4059ed078e5d1f571b3 From sle-security-updates at lists.suse.com Wed Dec 24 11:04:40 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 19:04:40 +0100 (CET) Subject: SUSE-SU-2014:1686-3: critical: Security update for ntp Message-ID: <20141224180440.45DBF3235F@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1686-3 Rating: critical References: #910764 Cross-References: CVE-2014-9295 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ntp update fixes the following critical security issue: * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879) Security Issues: * CVE-2014-9295 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-ntp-10119 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html https://bugzilla.suse.com/show_bug.cgi?id=910764 http://download.suse.com/patch/finder/?keywords=847d35fe22b8284a157febdb511ea747 From sle-security-updates at lists.suse.com Wed Dec 24 11:04:58 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Dec 2014 19:04:58 +0100 (CET) Subject: SUSE-SU-2014:1710-1: moderate: Security update for xen Message-ID: <20141224180458.71BC03235F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1710-1 Rating: moderate References: #826717 #867910 #875668 #880751 #895798 #895799 #895802 #897657 #901317 #903850 #903967 #903970 #905465 #905467 #906439 Cross-References: CVE-2013-3495 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves 13 vulnerabilities and has two fixes is now available. Description: xen was updated to fix 14 security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). * Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts (CVE-2013-3495). * Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156). * Race condition in HVMOP_track_dirty_vram (CVE-2014-7154). * Improper MSR range used for x2APIC emulation (CVE-2014-7188). * HVMOP_set_mem_type allows invalid P2M entries to be created (CVE-2014-3124). * HVMOP_set_mem_access is not preemptible (CVE-2014-2599). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). This non-security bug was fixed: * Increase limit domUloader to 32MB (bnc#901317). Security Issues: * CVE-2014-9030 * CVE-2014-8867 * CVE-2014-7155 * CVE-2014-4021 * CVE-2014-8595 * CVE-2014-8594 * CVE-2013-3495 * CVE-2014-7156 * CVE-2014-7154 * CVE-2014-7188 * CVE-2014-3124 * CVE-2014-2599 * CVE-2014-8866 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-xen-11sp2-20141204-10081 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): xen-devel-4.1.6_08-0.5.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.23-0.5.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.23-0.5.1 xen-libs-4.1.6_08-0.5.1 xen-tools-domU-4.1.6_08-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (x86_64): xen-4.1.6_08-0.5.1 xen-doc-html-4.1.6_08-0.5.1 xen-doc-pdf-4.1.6_08-0.5.1 xen-libs-32bit-4.1.6_08-0.5.1 xen-tools-4.1.6_08-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.23-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3495.html http://support.novell.com/security/cve/CVE-2014-2599.html http://support.novell.com/security/cve/CVE-2014-3124.html http://support.novell.com/security/cve/CVE-2014-4021.html http://support.novell.com/security/cve/CVE-2014-7154.html http://support.novell.com/security/cve/CVE-2014-7155.html http://support.novell.com/security/cve/CVE-2014-7156.html http://support.novell.com/security/cve/CVE-2014-7188.html http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=826717 https://bugzilla.suse.com/show_bug.cgi?id=867910 https://bugzilla.suse.com/show_bug.cgi?id=875668 https://bugzilla.suse.com/show_bug.cgi?id=880751 https://bugzilla.suse.com/show_bug.cgi?id=895798 https://bugzilla.suse.com/show_bug.cgi?id=895799 https://bugzilla.suse.com/show_bug.cgi?id=895802 https://bugzilla.suse.com/show_bug.cgi?id=897657 https://bugzilla.suse.com/show_bug.cgi?id=901317 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905465 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=c3ad0fd02909cf041596ac8a665c5844 From sle-security-updates at lists.suse.com Mon Dec 29 03:04:47 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Dec 2014 11:04:47 +0100 (CET) Subject: SUSE-SU-2014:1723-1: moderate: Security update for tcpdump Message-ID: <20141229100447.778C33235D@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1723-1 Rating: moderate References: #905870 #905871 #905872 Cross-References: CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This tcpdump update fixes the following security issues: - fix CVE-2014-8767 (bnc#905870) * denial of service in verbose mode using malformed OLSR payload - fix CVE-2014-8768 (bnc#905871) * denial of service in verbose mode using malformed Geonet payload - fix CVE-2014-8769 (bnc#905872) * unreliable output using malformed AOVD payload Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-122 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-122 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tcpdump-4.5.1-4.1 tcpdump-debuginfo-4.5.1-4.1 tcpdump-debugsource-4.5.1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): tcpdump-4.5.1-4.1 tcpdump-debuginfo-4.5.1-4.1 tcpdump-debugsource-4.5.1-4.1 References: http://support.novell.com/security/cve/CVE-2014-8767.html http://support.novell.com/security/cve/CVE-2014-8768.html http://support.novell.com/security/cve/CVE-2014-8769.html https://bugzilla.suse.com/show_bug.cgi?id=905870 https://bugzilla.suse.com/show_bug.cgi?id=905871 https://bugzilla.suse.com/show_bug.cgi?id=905872 From sle-security-updates at lists.suse.com Mon Dec 29 03:05:29 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Dec 2014 11:05:29 +0100 (CET) Subject: SUSE-SU-2014:1724-1: moderate: Security update for dbus-1 Message-ID: <20141229100529.D06983235F@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1724-1 Rating: moderate References: #904017 Cross-References: CVE-2014-3636 CVE-2014-7824 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: dbus-1 was updated to version 1.8.12 to fix one security issue. This security issue was fixed: - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the file descriptors of the system bus (CVE-2014-7824). Note: This already includes the fix for the regression that was introduced by the first fix for CVE-2014-7824 in 1.8.10. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: 5000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-121 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-121 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-121 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dbus-1-debugsource-1.8.12-6.1 dbus-1-devel-1.8.12-6.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): dbus-1-devel-doc-1.8.12-6.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dbus-1-1.8.12-6.5 dbus-1-debuginfo-1.8.12-6.5 dbus-1-debugsource-1.8.12-6.1 dbus-1-x11-1.8.12-6.5 dbus-1-x11-debuginfo-1.8.12-6.5 dbus-1-x11-debugsource-1.8.12-6.5 libdbus-1-3-1.8.12-6.1 libdbus-1-3-debuginfo-1.8.12-6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdbus-1-3-32bit-1.8.12-6.1 libdbus-1-3-debuginfo-32bit-1.8.12-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dbus-1-1.8.12-6.5 dbus-1-debuginfo-1.8.12-6.5 dbus-1-debugsource-1.8.12-6.1 dbus-1-x11-1.8.12-6.5 dbus-1-x11-debuginfo-1.8.12-6.5 dbus-1-x11-debugsource-1.8.12-6.5 libdbus-1-3-1.8.12-6.1 libdbus-1-3-32bit-1.8.12-6.1 libdbus-1-3-debuginfo-1.8.12-6.1 libdbus-1-3-debuginfo-32bit-1.8.12-6.1 References: http://support.novell.com/security/cve/CVE-2014-3636.html http://support.novell.com/security/cve/CVE-2014-7824.html https://bugzilla.suse.com/show_bug.cgi?id=904017 From sle-security-updates at lists.suse.com Tue Dec 30 06:05:27 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Dec 2014 14:05:27 +0100 (CET) Subject: SUSE-SU-2014:1729-1: moderate: Security update for libreoffice Message-ID: <20141230130527.8A10D3235F@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1729-1 Rating: moderate References: #884942 #907636 Cross-References: CVE-2014-9093 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This libreoffice update fixes the following security and non security issues: - Version bump to 4.3.5 release: * Various small fixes * Fix for CVE-2014-9093 bnc#907636 - Remove dangling symlinks from previous versions bnc#884942 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-125 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-125 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2014-125 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libreoffice-4.3.5.2-10.1 libreoffice-base-4.3.5.2-10.1 libreoffice-base-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-mysql-4.3.5.2-10.1 libreoffice-base-drivers-mysql-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-debuginfo-4.3.5.2-10.1 libreoffice-calc-4.3.5.2-10.1 libreoffice-calc-debuginfo-4.3.5.2-10.1 libreoffice-calc-extensions-4.3.5.2-10.1 libreoffice-debuginfo-4.3.5.2-10.1 libreoffice-debugsource-4.3.5.2-10.1 libreoffice-draw-4.3.5.2-10.1 libreoffice-draw-debuginfo-4.3.5.2-10.1 libreoffice-filters-optional-4.3.5.2-10.1 libreoffice-gnome-4.3.5.2-10.1 libreoffice-gnome-debuginfo-4.3.5.2-10.1 libreoffice-impress-4.3.5.2-10.1 libreoffice-impress-debuginfo-4.3.5.2-10.1 libreoffice-mailmerge-4.3.5.2-10.1 libreoffice-math-4.3.5.2-10.1 libreoffice-math-debuginfo-4.3.5.2-10.1 libreoffice-officebean-4.3.5.2-10.1 libreoffice-officebean-debuginfo-4.3.5.2-10.1 libreoffice-pyuno-4.3.5.2-10.1 libreoffice-pyuno-debuginfo-4.3.5.2-10.1 libreoffice-writer-4.3.5.2-10.1 libreoffice-writer-debuginfo-4.3.5.2-10.1 libreoffice-writer-extensions-4.3.5.2-10.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libreoffice-icon-theme-tango-4.3.5.2-10.1 libreoffice-l10n-af-4.3.5.2-10.1 libreoffice-l10n-ar-4.3.5.2-10.1 libreoffice-l10n-ca-4.3.5.2-10.1 libreoffice-l10n-cs-4.3.5.2-10.1 libreoffice-l10n-da-4.3.5.2-10.1 libreoffice-l10n-de-4.3.5.2-10.1 libreoffice-l10n-en-4.3.5.2-10.1 libreoffice-l10n-es-4.3.5.2-10.1 libreoffice-l10n-fi-4.3.5.2-10.1 libreoffice-l10n-fr-4.3.5.2-10.1 libreoffice-l10n-gu-4.3.5.2-10.1 libreoffice-l10n-hi-4.3.5.2-10.1 libreoffice-l10n-hu-4.3.5.2-10.1 libreoffice-l10n-it-4.3.5.2-10.1 libreoffice-l10n-ja-4.3.5.2-10.1 libreoffice-l10n-ko-4.3.5.2-10.1 libreoffice-l10n-nb-4.3.5.2-10.1 libreoffice-l10n-nl-4.3.5.2-10.1 libreoffice-l10n-nn-4.3.5.2-10.1 libreoffice-l10n-pl-4.3.5.2-10.1 libreoffice-l10n-pt-BR-4.3.5.2-10.1 libreoffice-l10n-pt-PT-4.3.5.2-10.1 libreoffice-l10n-ru-4.3.5.2-10.1 libreoffice-l10n-sk-4.3.5.2-10.1 libreoffice-l10n-sv-4.3.5.2-10.1 libreoffice-l10n-xh-4.3.5.2-10.1 libreoffice-l10n-zh-Hans-4.3.5.2-10.1 libreoffice-l10n-zh-Hant-4.3.5.2-10.1 libreoffice-l10n-zu-4.3.5.2-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libreoffice-4.3.5.2-10.1 libreoffice-base-4.3.5.2-10.1 libreoffice-base-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-mysql-4.3.5.2-10.1 libreoffice-base-drivers-mysql-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-debuginfo-4.3.5.2-10.1 libreoffice-calc-4.3.5.2-10.1 libreoffice-calc-debuginfo-4.3.5.2-10.1 libreoffice-calc-extensions-4.3.5.2-10.1 libreoffice-debuginfo-4.3.5.2-10.1 libreoffice-debugsource-4.3.5.2-10.1 libreoffice-draw-4.3.5.2-10.1 libreoffice-draw-debuginfo-4.3.5.2-10.1 libreoffice-filters-optional-4.3.5.2-10.1 libreoffice-gnome-4.3.5.2-10.1 libreoffice-gnome-debuginfo-4.3.5.2-10.1 libreoffice-impress-4.3.5.2-10.1 libreoffice-impress-debuginfo-4.3.5.2-10.1 libreoffice-mailmerge-4.3.5.2-10.1 libreoffice-math-4.3.5.2-10.1 libreoffice-math-debuginfo-4.3.5.2-10.1 libreoffice-officebean-4.3.5.2-10.1 libreoffice-officebean-debuginfo-4.3.5.2-10.1 libreoffice-pyuno-4.3.5.2-10.1 libreoffice-pyuno-debuginfo-4.3.5.2-10.1 libreoffice-writer-4.3.5.2-10.1 libreoffice-writer-debuginfo-4.3.5.2-10.1 libreoffice-writer-extensions-4.3.5.2-10.1 - SUSE Linux Enterprise Desktop 12 (noarch): libreoffice-icon-theme-tango-4.3.5.2-10.1 libreoffice-l10n-af-4.3.5.2-10.1 libreoffice-l10n-ar-4.3.5.2-10.1 libreoffice-l10n-ca-4.3.5.2-10.1 libreoffice-l10n-cs-4.3.5.2-10.1 libreoffice-l10n-da-4.3.5.2-10.1 libreoffice-l10n-de-4.3.5.2-10.1 libreoffice-l10n-en-4.3.5.2-10.1 libreoffice-l10n-es-4.3.5.2-10.1 libreoffice-l10n-fi-4.3.5.2-10.1 libreoffice-l10n-fr-4.3.5.2-10.1 libreoffice-l10n-gu-4.3.5.2-10.1 libreoffice-l10n-hi-4.3.5.2-10.1 libreoffice-l10n-hu-4.3.5.2-10.1 libreoffice-l10n-it-4.3.5.2-10.1 libreoffice-l10n-ja-4.3.5.2-10.1 libreoffice-l10n-ko-4.3.5.2-10.1 libreoffice-l10n-nb-4.3.5.2-10.1 libreoffice-l10n-nl-4.3.5.2-10.1 libreoffice-l10n-nn-4.3.5.2-10.1 libreoffice-l10n-pl-4.3.5.2-10.1 libreoffice-l10n-pt-BR-4.3.5.2-10.1 libreoffice-l10n-pt-PT-4.3.5.2-10.1 libreoffice-l10n-ru-4.3.5.2-10.1 libreoffice-l10n-sk-4.3.5.2-10.1 libreoffice-l10n-sv-4.3.5.2-10.1 libreoffice-l10n-xh-4.3.5.2-10.1 libreoffice-l10n-zh-Hans-4.3.5.2-10.1 libreoffice-l10n-zh-Hant-4.3.5.2-10.1 libreoffice-l10n-zu-4.3.5.2-10.1 - SUSE Linux Enterprise Build System Kit 12 (x86_64): libreoffice-debuginfo-4.3.5.2-10.1 libreoffice-debugsource-4.3.5.2-10.1 libreoffice-sdk-4.3.5.2-10.1 libreoffice-sdk-debuginfo-4.3.5.2-10.1 References: http://support.novell.com/security/cve/CVE-2014-9093.html https://bugzilla.suse.com/show_bug.cgi?id=884942 https://bugzilla.suse.com/show_bug.cgi?id=907636 From sle-security-updates at lists.suse.com Tue Dec 30 06:05:58 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Dec 2014 14:05:58 +0100 (CET) Subject: SUSE-SU-2014:1730-1: moderate: Security update for file Message-ID: <20141230130558.0E6703235F@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1730-1 Rating: moderate References: #910252 #910253 Cross-References: CVE-2014-8116 CVE-2014-8117 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This file update fixes the following security issues: - bsc#910252: multiple denial of service issues (resource consumption) (CVE-2014-8116) - bsc#910253: denial of service issue (resource consumption) (CVE-2014-8117) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-126 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-126 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-126 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): file-debuginfo-5.19-9.1 file-debugsource-5.19-9.1 file-devel-5.19-9.1 python-magic-5.19-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): file-5.19-9.1 file-debuginfo-5.19-9.1 file-debugsource-5.19-9.1 file-magic-5.19-9.1 libmagic1-5.19-9.1 libmagic1-debuginfo-5.19-9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmagic1-32bit-5.19-9.1 libmagic1-debuginfo-32bit-5.19-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): file-5.19-9.1 file-debuginfo-5.19-9.1 file-debugsource-5.19-9.1 file-magic-5.19-9.1 libmagic1-32bit-5.19-9.1 libmagic1-5.19-9.1 libmagic1-debuginfo-32bit-5.19-9.1 libmagic1-debuginfo-5.19-9.1 References: http://support.novell.com/security/cve/CVE-2014-8116.html http://support.novell.com/security/cve/CVE-2014-8117.html https://bugzilla.suse.com/show_bug.cgi?id=910252 https://bugzilla.suse.com/show_bug.cgi?id=910253 From sle-security-updates at lists.suse.com Tue Dec 30 06:06:26 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Dec 2014 14:06:26 +0100 (CET) Subject: SUSE-SU-2014:1731-1: moderate: Security update for libssh Message-ID: <20141230130626.4862E3235F@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1731-1 Rating: moderate References: #910790 Cross-References: CVE-2014-8132 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libssh update fixes the following security issue: - bsc#910790: Double free on dangling pointers in initial key exchange packet (CVE-2014-8132). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-124 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-124 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-124 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libssh-debugsource-0.6.3-4.1 libssh4-0.6.3-4.1 libssh4-debuginfo-0.6.3-4.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libssh-debugsource-0.6.3-4.1 libssh-devel-0.6.3-4.1 libssh-devel-doc-0.6.3-4.1 libssh4-0.6.3-4.1 libssh4-debuginfo-0.6.3-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libssh-debugsource-0.6.3-4.1 libssh4-0.6.3-4.1 libssh4-debuginfo-0.6.3-4.1 References: http://support.novell.com/security/cve/CVE-2014-8132.html https://bugzilla.suse.com/show_bug.cgi?id=910790 From sle-security-updates at lists.suse.com Tue Dec 30 12:04:45 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Dec 2014 20:04:45 +0100 (CET) Subject: SUSE-SU-2014:1732-1: moderate: Security update for xen Message-ID: <20141230190445.364823235D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1732-1 Rating: moderate References: #826717 #880751 #895798 #895799 #895802 #903967 #903970 #905467 #906439 Cross-References: CVE-2013-3495 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-8594 CVE-2014-8595 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: xen was updated to fix 10 security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). * Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts (CVE-2013-3495). * Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156). * Race condition in HVMOP_track_dirty_vram (CVE-2014-7154). Security Issues: * CVE-2014-9030 * CVE-2014-8867 * CVE-2014-8595 * CVE-2014-7155 * CVE-2014-4021 * CVE-2014-8595 * CVE-2014-8594 * CVE-2013-3495 * CVE-2014-7156 * CVE-2014-7154 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-xen-10080 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): xen-4.0.3_21548_18-0.9.1 xen-doc-html-4.0.3_21548_18-0.9.1 xen-doc-pdf-4.0.3_21548_18-0.9.1 xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.15-0.9.1 xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.15-0.9.1 xen-libs-4.0.3_21548_18-0.9.1 xen-tools-4.0.3_21548_18-0.9.1 xen-tools-domU-4.0.3_21548_18-0.9.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.15-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-3495.html http://support.novell.com/security/cve/CVE-2014-4021.html http://support.novell.com/security/cve/CVE-2014-7154.html http://support.novell.com/security/cve/CVE-2014-7155.html http://support.novell.com/security/cve/CVE-2014-7156.html http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=826717 https://bugzilla.suse.com/show_bug.cgi?id=880751 https://bugzilla.suse.com/show_bug.cgi?id=895798 https://bugzilla.suse.com/show_bug.cgi?id=895799 https://bugzilla.suse.com/show_bug.cgi?id=895802 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=39575907259e980068f0caf772c05144