From sle-security-updates at lists.suse.com Mon Aug 3 03:09:00 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Aug 2015 11:09:00 +0200 (CEST) Subject: SUSE-SU-2015:1334-1: moderate: Security update for xorg-x11-libX11 Message-ID: <20150803090900.54B95320B7@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1334-1 Rating: moderate References: #927220 Cross-References: CVE-2013-7439 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xorg-x11-libX11-12014=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-libX11-12014=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): xorg-x11-libX11-x86-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): xorg-x11-libX11-7.4-5.11.15.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): xorg-x11-libX11-32bit-7.4-5.11.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.15.1 xorg-x11-libX11-debugsource-7.4-5.11.15.1 References: https://www.suse.com/security/cve/CVE-2013-7439.html https://bugzilla.suse.com/927220 From sle-security-updates at lists.suse.com Mon Aug 3 04:08:58 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Aug 2015 12:08:58 +0200 (CEST) Subject: SUSE-SU-2015:1336-1: moderate: Security update for python-Jinja2 Message-ID: <20150803100858.297B4320B7@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1336-1 Rating: moderate References: #858239 Cross-References: CVE-2014-0012 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The python-Jinja2 package was updated to version 2.7.3 to fix a security issues and some build problems. The following vulnerabilities were fixed: - Update to 2.7.3 (bnc#858239, CVE-2014-0012) - Security issue: Corrected the security fix for the cache folder. This fix was provided by RedHat. The following build issues were fixed: - run testsuite during build - adjust dependency to use up to date package name for python-MarkupSafe - fix package build (file selection missing) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-363=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-363=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-Jinja2-2.7.3-4.1 - SUSE Enterprise Storage 1.0 (noarch): python-Jinja2-2.7.3-4.1 References: https://www.suse.com/security/cve/CVE-2014-0012.html https://bugzilla.suse.com/858239 From sle-security-updates at lists.suse.com Mon Aug 3 07:08:37 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Aug 2015 15:08:37 +0200 (CEST) Subject: SUSE-SU-2015:1337-1: moderate: Security update for tomcat6 Message-ID: <20150803130837.41768320B6@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1337-1 Rating: moderate References: #906152 #917127 #918195 #926762 #931442 #932698 Cross-References: CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. It includes one version update. Description: This update fixes the following security issues: * CVE-2014-7810: security manager bypass via EL expressions (bnc#931442) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass security manager protections. * CVE-2014-0227: Limited DoS in chunked transfer encoding input filter (bnc#917127) It was discovered that the ChunkedInputFilter implementation did not fail subsequent attempts to read input early enough. A remote attacker could have used this flaw to perform a denial of service attack, by streaming an unlimited quantity of data, leading to consumption of server resources. * CVE-2014-0230: non-persistent DoS attack by feeding data by aborting an upload It was possible for a remote attacker to trigger a non-persistent DoS attack by feeding data by aborting an upload. Security Issues: * CVE-2014-7810 * CVE-2014-0227 * CVE-2014-0230 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-tomcat6=10813 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-tomcat6=10813 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 6.0.41]: tomcat6-6.0.41-0.45.1 tomcat6-admin-webapps-6.0.41-0.45.1 tomcat6-docs-webapp-6.0.41-0.45.1 tomcat6-javadoc-6.0.41-0.45.1 tomcat6-jsp-2_1-api-6.0.41-0.45.1 tomcat6-lib-6.0.41-0.45.1 tomcat6-servlet-2_5-api-6.0.41-0.45.1 tomcat6-webapps-6.0.41-0.45.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 6.0.41]: tomcat6-6.0.41-0.45.1 tomcat6-admin-webapps-6.0.41-0.45.1 tomcat6-docs-webapp-6.0.41-0.45.1 tomcat6-javadoc-6.0.41-0.45.1 tomcat6-jsp-2_1-api-6.0.41-0.45.1 tomcat6-lib-6.0.41-0.45.1 tomcat6-servlet-2_5-api-6.0.41-0.45.1 tomcat6-webapps-6.0.41-0.45.1 References: https://www.suse.com/security/cve/CVE-2014-0227.html https://www.suse.com/security/cve/CVE-2014-0230.html https://www.suse.com/security/cve/CVE-2014-7810.html https://bugzilla.suse.com/906152 https://bugzilla.suse.com/917127 https://bugzilla.suse.com/918195 https://bugzilla.suse.com/926762 https://bugzilla.suse.com/931442 https://bugzilla.suse.com/932698 https://download.suse.com/patch/finder/?keywords=e3b7d8f79615cd84f9166a063091e91d From sle-security-updates at lists.suse.com Tue Aug 4 02:09:24 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Aug 2015 10:09:24 +0200 (CEST) Subject: SUSE-SU-2015:1341-1: Security update for e2fsprogs Message-ID: <20150804080924.0D75B320B4@maintenance.suse.de> SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1341-1 Rating: low References: #915402 #918346 Cross-References: CVE-2015-0247 CVE-2015-1572 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Two security issues were fixed in e2fsprogs: Security issues fixed: * CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image...). * CVE-2015-1572: Fixed a potential buffer overflow in closefs() (bsc#918346 ) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-366=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-366=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-366=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): e2fsprogs-debuginfo-1.42.11-7.1 e2fsprogs-debugsource-1.42.11-7.1 e2fsprogs-devel-1.42.11-7.1 libcom_err-devel-1.42.11-7.1 libext2fs-devel-1.42.11-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): e2fsprogs-1.42.11-7.1 e2fsprogs-debuginfo-1.42.11-7.1 e2fsprogs-debugsource-1.42.11-7.1 libcom_err2-1.42.11-7.1 libcom_err2-debuginfo-1.42.11-7.1 libext2fs2-1.42.11-7.1 libext2fs2-debuginfo-1.42.11-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): e2fsprogs-debuginfo-32bit-1.42.11-7.1 libcom_err2-32bit-1.42.11-7.1 libcom_err2-debuginfo-32bit-1.42.11-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): e2fsprogs-1.42.11-7.1 e2fsprogs-debuginfo-1.42.11-7.1 e2fsprogs-debuginfo-32bit-1.42.11-7.1 e2fsprogs-debugsource-1.42.11-7.1 libcom_err2-1.42.11-7.1 libcom_err2-32bit-1.42.11-7.1 libcom_err2-debuginfo-1.42.11-7.1 libcom_err2-debuginfo-32bit-1.42.11-7.1 libext2fs2-1.42.11-7.1 libext2fs2-debuginfo-1.42.11-7.1 References: https://www.suse.com/security/cve/CVE-2015-0247.html https://www.suse.com/security/cve/CVE-2015-1572.html https://bugzilla.suse.com/915402 https://bugzilla.suse.com/918346 From sle-security-updates at lists.suse.com Tue Aug 4 07:09:06 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Aug 2015 15:09:06 +0200 (CEST) Subject: SUSE-SU-2015:1344-1: moderate: Security update for python Message-ID: <20150804130906.7084E320B9@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1344-1 Rating: moderate References: #898572 #901715 #924312 #935856 Cross-References: CVE-2013-1752 CVE-2013-1753 CVE-2014-4650 CVE-2014-7185 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update to python 2.7.9 fixes the following issues: * python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9: * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch * dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 * libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well * python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl * skip test_thread in qemu_linux_user mode From the version update to 2.7.8: * fixes CVE-2014-4650 directory traversal in CGIHTTPServer * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() Also the DH parameters were increased to 2048 bit to fix logjam security issue (bsc#935856) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-367=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-367=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-367=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-367=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): python-base-debuginfo-2.7.9-14.1 python-base-debugsource-2.7.9-14.1 python-devel-2.7.9-14.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): python-base-debuginfo-2.7.9-14.1 python-base-debugsource-2.7.9-14.1 python-devel-2.7.9-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpython2_7-1_0-2.7.9-14.1 libpython2_7-1_0-debuginfo-2.7.9-14.1 python-2.7.9-14.1 python-base-2.7.9-14.1 python-base-debuginfo-2.7.9-14.1 python-base-debugsource-2.7.9-14.1 python-curses-2.7.9-14.1 python-curses-debuginfo-2.7.9-14.1 python-debuginfo-2.7.9-14.1 python-debugsource-2.7.9-14.1 python-demo-2.7.9-14.1 python-gdbm-2.7.9-14.1 python-gdbm-debuginfo-2.7.9-14.1 python-idle-2.7.9-14.1 python-tk-2.7.9-14.1 python-tk-debuginfo-2.7.9-14.1 python-xml-2.7.9-14.1 python-xml-debuginfo-2.7.9-14.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpython2_7-1_0-32bit-2.7.9-14.1 libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1 python-32bit-2.7.9-14.1 python-base-32bit-2.7.9-14.1 python-base-debuginfo-32bit-2.7.9-14.1 python-debuginfo-32bit-2.7.9-14.1 - SUSE Linux Enterprise Server 12 (noarch): python-doc-2.7.9-14.3 python-doc-pdf-2.7.9-14.3 - SUSE Linux Enterprise Desktop 12 (x86_64): libpython2_7-1_0-2.7.9-14.1 libpython2_7-1_0-32bit-2.7.9-14.1 libpython2_7-1_0-debuginfo-2.7.9-14.1 libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1 python-2.7.9-14.1 python-base-2.7.9-14.1 python-base-debuginfo-2.7.9-14.1 python-base-debuginfo-32bit-2.7.9-14.1 python-base-debugsource-2.7.9-14.1 python-curses-2.7.9-14.1 python-curses-debuginfo-2.7.9-14.1 python-debuginfo-2.7.9-14.1 python-debugsource-2.7.9-14.1 python-devel-2.7.9-14.1 python-tk-2.7.9-14.1 python-tk-debuginfo-2.7.9-14.1 python-xml-2.7.9-14.1 python-xml-debuginfo-2.7.9-14.1 References: https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-1753.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7185.html https://bugzilla.suse.com/898572 https://bugzilla.suse.com/901715 https://bugzilla.suse.com/924312 https://bugzilla.suse.com/935856 From sle-security-updates at lists.suse.com Wed Aug 5 03:08:48 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Aug 2015 11:08:48 +0200 (CEST) Subject: SUSE-SU-2015:1345-1: important: Security update for java-1_6_0-ibm Message-ID: <20150805090848.DF3D8320BA@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1345-1 Rating: important References: #935540 #936844 #938895 Cross-References: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: IBM Java was updated to 6.0-16.7 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The following non-security bugs were fixed: * bsc#936844: misconfigured update-alternative entries Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-369=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.7-22.2 java-1_6_0-ibm-fonts-1.6.0_sr16.7-22.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.7-22.2 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.7-22.2 References: https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/936844 https://bugzilla.suse.com/938895 From sle-security-updates at lists.suse.com Thu Aug 6 06:33:01 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Aug 2015 14:33:01 +0200 (CEST) Subject: SUSE-SU-2015:1353-1: important: Security update for oracle-update Message-ID: <20150806123301.B4B5B320D7@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1353-1 Rating: important References: #938160 Cross-References: CVE-2015-0468 CVE-2015-2599 CVE-2015-2629 CVE-2015-2646 CVE-2015-2647 CVE-2015-4735 CVE-2015-4740 CVE-2015-4753 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: oracle-update was updated to fix eight security issues. These security issues were fixed: - CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution (bsc#938160). - CVE-2015-2599: Vulnerability in the RDBMS Scheduler component of Oracle Database Server. This vulnerability requires Alter Session privileges for a successful attack. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Scheduler accessible data (bsc#938160). - CVE-2015-4735: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: RAC Management). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Oracle Database accessible data (bsc#938160). - CVE-2015-4740: Vulnerability in the RDBMS Partitioning component of Oracle Database Server. This vulnerability requires Create Session, Create Any Index, Index object privilege on a Table privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Partitioning possibly including arbitrary code execution within the RDBMS Partitioning (bsc#938160). - CVE-2015-4753: Vulnerability in the RDBMS Support Tools component of Oracle Database Server. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Support Tools accessible data (bsc#938160). - CVE-2015-0468: Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Analyze Any or Create Materialized View privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS (bsc#938160). - CVE-2015-2647: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager for Oracle Database accessible data as well as read access to all Enterprise Manager for Oracle Database accessible data (bsc#938160). - CVE-2015-2646: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data (bsc#938160). For more details please see http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947 .html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-oracle-update-12017=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (x86_64): oracle-update-1.7-0.34.1 References: https://www.suse.com/security/cve/CVE-2015-0468.html https://www.suse.com/security/cve/CVE-2015-2599.html https://www.suse.com/security/cve/CVE-2015-2629.html https://www.suse.com/security/cve/CVE-2015-2646.html https://www.suse.com/security/cve/CVE-2015-2647.html https://www.suse.com/security/cve/CVE-2015-4735.html https://www.suse.com/security/cve/CVE-2015-4740.html https://www.suse.com/security/cve/CVE-2015-4753.html https://bugzilla.suse.com/938160 From sle-security-updates at lists.suse.com Fri Aug 7 03:10:40 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Aug 2015 11:10:40 +0200 (CEST) Subject: SUSE-SU-2015:1359-1: moderate: Security update for libqt4 Message-ID: <20150807091040.92854320D7@maintenance.suse.de> SUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1359-1 Rating: moderate References: #847880 #921999 #927806 #927807 #927808 #929688 Cross-References: CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: The libqt4 library was updated to fix several security and non security issues. The following vulnerabilities were fixed: - bsc#921999: CVE-2015-0295: division by zero when processing malformed BMP files - bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling - bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt Image Format Handling - bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt Image Format Handling The following non-secuirty issues were fixed: - bsc#929688: Critical Problem in Qt Network Stack - bsc#847880: kde/qt rendering error in qemu cirrus i586 - Update use-freetype-default.diff to use same method as with libqt5-qtbase package: Qt itself already does runtime check whether subpixel rendering is available, but only when FT_CONFIG_OPTION_SUBPIXEL_RENDERING is defined. Thus it is enough to only remove that condition - The -devel subpackage requires Mesa-devel, not only at build time - Fixed compilation on SLE_11_SP3 by making it build against Mesa-devel on that system - Replace patch l-qclipboard_fix_recursive.patch with qtcore-4.8.5-qeventdispatcher-recursive.patch. The later one seems to work better and really resolves the issue in LibreOffice - Added kde4_qt_plugin_path.patch, so kde4 plugins are magically found/known outside kde4 enviroment/session - added _constraints. building took up to 7GB of disk space on s390x, and more than 6GB on x86_64 - Add 3 patches for Qt bugs to make LibreOffice KDE4 file picker work properly again: * Add glib-honor-ExcludeSocketNotifiers-flag.diff (QTBUG-37380) * Add l-qclipboard_fix_recursive.patch (QTBUG-34614) * Add l-qclipboard_delay.patch (QTBUG-38585) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-380=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-380=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-380=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-380=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libqt4-debuginfo-32bit-4.8.6-4.2 libqt4-sql-mysql-32bit-4.8.6-4.1 libqt4-sql-postgresql-32bit-4.8.6-4.1 libqt4-sql-postgresql-4.8.6-4.1 libqt4-sql-sqlite-32bit-4.8.6-4.2 libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2 libqt4-sql-unixODBC-32bit-4.8.6-4.1 libqt4-sql-unixODBC-4.8.6-4.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libqt4-debuginfo-4.8.6-4.2 libqt4-debugsource-4.8.6-4.2 libqt4-devel-4.8.6-4.2 libqt4-devel-debuginfo-4.8.6-4.2 libqt4-devel-doc-4.8.6-4.6 libqt4-devel-doc-debuginfo-4.8.6-4.6 libqt4-devel-doc-debugsource-4.8.6-4.6 libqt4-linguist-4.8.6-4.2 libqt4-linguist-debuginfo-4.8.6-4.2 libqt4-private-headers-devel-4.8.6-4.2 libqt4-sql-postgresql-4.8.6-4.1 libqt4-sql-unixODBC-4.8.6-4.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): libqt4-sql-postgresql-32bit-4.8.6-4.1 libqt4-sql-unixODBC-32bit-4.8.6-4.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): libqt4-devel-doc-data-4.8.6-4.6 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libqt4-4.8.6-4.2 libqt4-debuginfo-4.8.6-4.2 libqt4-debugsource-4.8.6-4.2 libqt4-devel-doc-debuginfo-4.8.6-4.6 libqt4-devel-doc-debugsource-4.8.6-4.6 libqt4-qt3support-4.8.6-4.2 libqt4-qt3support-debuginfo-4.8.6-4.2 libqt4-sql-4.8.6-4.2 libqt4-sql-debuginfo-4.8.6-4.2 libqt4-sql-mysql-4.8.6-4.1 libqt4-sql-sqlite-4.8.6-4.2 libqt4-sql-sqlite-debuginfo-4.8.6-4.2 libqt4-x11-4.8.6-4.2 libqt4-x11-debuginfo-4.8.6-4.2 qt4-x11-tools-4.8.6-4.6 qt4-x11-tools-debuginfo-4.8.6-4.6 - SUSE Linux Enterprise Server 12 (s390x x86_64): libqt4-32bit-4.8.6-4.2 libqt4-debuginfo-32bit-4.8.6-4.2 libqt4-qt3support-32bit-4.8.6-4.2 libqt4-qt3support-debuginfo-32bit-4.8.6-4.2 libqt4-sql-32bit-4.8.6-4.2 libqt4-sql-debuginfo-32bit-4.8.6-4.2 libqt4-x11-32bit-4.8.6-4.2 libqt4-x11-debuginfo-32bit-4.8.6-4.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libqt4-32bit-4.8.6-4.2 libqt4-4.8.6-4.2 libqt4-debuginfo-32bit-4.8.6-4.2 libqt4-debuginfo-4.8.6-4.2 libqt4-debugsource-4.8.6-4.2 libqt4-qt3support-32bit-4.8.6-4.2 libqt4-qt3support-4.8.6-4.2 libqt4-qt3support-debuginfo-32bit-4.8.6-4.2 libqt4-qt3support-debuginfo-4.8.6-4.2 libqt4-sql-32bit-4.8.6-4.2 libqt4-sql-4.8.6-4.2 libqt4-sql-debuginfo-32bit-4.8.6-4.2 libqt4-sql-debuginfo-4.8.6-4.2 libqt4-sql-mysql-32bit-4.8.6-4.1 libqt4-sql-mysql-4.8.6-4.1 libqt4-sql-postgresql-32bit-4.8.6-4.1 libqt4-sql-postgresql-4.8.6-4.1 libqt4-sql-sqlite-32bit-4.8.6-4.2 libqt4-sql-sqlite-4.8.6-4.2 libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2 libqt4-sql-sqlite-debuginfo-4.8.6-4.2 libqt4-sql-unixODBC-32bit-4.8.6-4.1 libqt4-sql-unixODBC-4.8.6-4.1 libqt4-x11-32bit-4.8.6-4.2 libqt4-x11-4.8.6-4.2 libqt4-x11-debuginfo-32bit-4.8.6-4.2 libqt4-x11-debuginfo-4.8.6-4.2 References: https://www.suse.com/security/cve/CVE-2015-0295.html https://www.suse.com/security/cve/CVE-2015-1858.html https://www.suse.com/security/cve/CVE-2015-1859.html https://www.suse.com/security/cve/CVE-2015-1860.html https://bugzilla.suse.com/847880 https://bugzilla.suse.com/921999 https://bugzilla.suse.com/927806 https://bugzilla.suse.com/927807 https://bugzilla.suse.com/927808 https://bugzilla.suse.com/929688 From sle-security-updates at lists.suse.com Fri Aug 7 06:10:24 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Aug 2015 14:10:24 +0200 (CEST) Subject: SUSE-SU-2015:1361-1: Security update for osc Message-ID: <20150807121024.2B075320D8@maintenance.suse.de> SUSE Security Update: Security update for osc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1361-1 Rating: low References: #901643 #936939 Cross-References: CVE-2015-0778 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update provides osc 0.152.0 with various fixes and improvements. This security issue was fixed: - CVE-2015-0778: Shell command injection via crafted _service files. (bsc#901643) For a comprehensive list of changes, please refer to the package's change log. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-osc-12020=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-osc-12020=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): osc-0.152.0-6.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): osc-0.152.0-6.2 References: https://www.suse.com/security/cve/CVE-2015-0778.html https://bugzilla.suse.com/901643 https://bugzilla.suse.com/936939 From sle-security-updates at lists.suse.com Fri Aug 7 13:13:03 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Aug 2015 21:13:03 +0200 (CEST) Subject: SUSE-SU-2015:1364-1: Security update for e2fsprogs Message-ID: <20150807191303.49447320D7@maintenance.suse.de> SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1364-1 Rating: low References: #915402 #918346 #932539 Cross-References: CVE-2015-0247 CVE-2015-1572 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: Two security issues were fixed in e2fsprogs: * CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image). * CVE-2015-1572: Fixed a potential buffer overflow in closefs(). (bsc#918346) Additionally, badblocks was enhanced to work with very large partitions. (bsc#932539) Security Issues: * CVE-2015-0247 * CVE-2015-1572 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-e2fsprogs=10815 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-e2fsprogs=10815 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-e2fsprogs=10815 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-e2fsprogs=10815 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): e2fsprogs-devel-1.41.9-2.10.11.1 libblkid-devel-2.19.1-6.62.7 libcom_err-devel-1.41.9-2.10.11.1 libext2fs-devel-1.41.9-2.10.11.1 libuuid-devel-2.19.1-6.62.7 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libblkid-devel-32bit-2.19.1-6.62.7 libcom_err-devel-32bit-1.41.9-2.10.11.1 libext2fs-devel-32bit-1.41.9-2.10.11.1 libext2fs2-32bit-1.41.9-2.10.11.1 libuuid-devel-32bit-2.19.1-6.62.7 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libext2fs2-x86-1.41.9-2.10.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): e2fsprogs-1.41.9-2.10.11.1 libblkid1-2.19.1-6.62.7 libcom_err2-1.41.9-2.10.11.1 libext2fs2-1.41.9-2.10.11.1 libuuid1-2.19.1-6.62.7 uuid-runtime-2.19.1-6.62.7 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libblkid1-32bit-2.19.1-6.62.7 libcom_err2-32bit-1.41.9-2.10.11.1 libuuid1-32bit-2.19.1-6.62.7 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): e2fsprogs-1.41.9-2.10.11.1 libblkid1-2.19.1-6.62.7 libcom_err2-1.41.9-2.10.11.1 libext2fs2-1.41.9-2.10.11.1 libuuid1-2.19.1-6.62.7 uuid-runtime-2.19.1-6.62.7 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libblkid1-32bit-2.19.1-6.62.7 libcom_err2-32bit-1.41.9-2.10.11.1 libuuid1-32bit-2.19.1-6.62.7 - SUSE Linux Enterprise Server 11 SP3 (ia64): libblkid1-x86-2.19.1-6.62.7 libcom_err2-x86-1.41.9-2.10.11.1 libuuid1-x86-2.19.1-6.62.7 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): e2fsprogs-1.41.9-2.10.11.1 libblkid1-2.19.1-6.62.7 libcom_err2-1.41.9-2.10.11.1 libext2fs2-1.41.9-2.10.11.1 libuuid-devel-2.19.1-6.62.7 libuuid1-2.19.1-6.62.7 uuid-runtime-2.19.1-6.62.7 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libblkid1-32bit-2.19.1-6.62.7 libcom_err2-32bit-1.41.9-2.10.11.1 libuuid1-32bit-2.19.1-6.62.7 References: https://www.suse.com/security/cve/CVE-2015-0247.html https://www.suse.com/security/cve/CVE-2015-1572.html https://bugzilla.suse.com/915402 https://bugzilla.suse.com/918346 https://bugzilla.suse.com/932539 https://download.suse.com/patch/finder/?keywords=a254cd00853332b1cda2f6baabd9427e From sle-security-updates at lists.suse.com Tue Aug 11 09:09:33 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Aug 2015 17:09:33 +0200 (CEST) Subject: SUSE-SU-2015:1367-1: moderate: Security update for ipsec-tools Message-ID: <20150811150933.B4C04320E8@maintenance.suse.de> SUSE Security Update: Security update for ipsec-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1367-1 Rating: moderate References: #931989 #939810 Cross-References: CVE-2015-4047 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: ipsec-tools was updated to fix one security issue and a bug. This security issue was fixed: - CVE-2015-4047: racoon/gssapi.c in ipsec-tools allowed remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests (bsc#931989). Due to a packaging error, the racoonf.conf config file was symlinked to /usr/share/doc/packages/ipsec-tools/examples/racoon/samples/racoon.conf on some processor platforms, edits might have happened only in this example file. Before upgrading, please check if /etc/racoon/racoon.conf is a symlink to this example file and backup the content. (bsc#939810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-ipsec-tools-12024=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ipsec-tools-12024=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-ipsec-tools-12024=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ipsec-tools-12024=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): ipsec-tools-0.7.3-1.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ipsec-tools-0.7.3-1.13.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): ipsec-tools-0.7.3-1.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): ipsec-tools-debuginfo-0.7.3-1.13.1 ipsec-tools-debugsource-0.7.3-1.13.1 References: https://www.suse.com/security/cve/CVE-2015-4047.html https://bugzilla.suse.com/931989 https://bugzilla.suse.com/939810 From sle-security-updates at lists.suse.com Wed Aug 12 08:09:32 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Aug 2015 16:09:32 +0200 (CEST) Subject: SUSE-SU-2015:1373-1: critical: Security update for flash-player Message-ID: <20150812140932.5359B320E8@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1373-1 Rating: critical References: #941239 Cross-References: CVE-2015-3107 CVE-2015-5124 CVE-2015-5125 CVE-2015-5127 CVE-2015-5128 CVE-2015-5129 CVE-2015-5130 CVE-2015-5131 CVE-2015-5132 CVE-2015-5133 CVE-2015-5134 CVE-2015-5539 CVE-2015-5540 CVE-2015-5541 CVE-2015-5544 CVE-2015-5545 CVE-2015-5546 CVE-2015-5547 CVE-2015-5548 CVE-2015-5549 CVE-2015-5550 CVE-2015-5551 CVE-2015-5552 CVE-2015-5553 CVE-2015-5554 CVE-2015-5555 CVE-2015-5556 CVE-2015-5557 CVE-2015-5558 CVE-2015-5559 CVE-2015-5560 CVE-2015-5561 CVE-2015-5562 CVE-2015-5563 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: This security update to 11.2.202.508 (bsc#941239) fixes the following issues: * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12025=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12025=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.508-0.14.1 flash-player-gnome-11.2.202.508-0.14.1 flash-player-kde4-11.2.202.508-0.14.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.508-0.14.1 flash-player-gnome-11.2.202.508-0.14.1 flash-player-kde4-11.2.202.508-0.14.1 References: https://www.suse.com/security/cve/CVE-2015-3107.html https://www.suse.com/security/cve/CVE-2015-5124.html https://www.suse.com/security/cve/CVE-2015-5125.html https://www.suse.com/security/cve/CVE-2015-5127.html https://www.suse.com/security/cve/CVE-2015-5128.html https://www.suse.com/security/cve/CVE-2015-5129.html https://www.suse.com/security/cve/CVE-2015-5130.html https://www.suse.com/security/cve/CVE-2015-5131.html https://www.suse.com/security/cve/CVE-2015-5132.html https://www.suse.com/security/cve/CVE-2015-5133.html https://www.suse.com/security/cve/CVE-2015-5134.html https://www.suse.com/security/cve/CVE-2015-5539.html https://www.suse.com/security/cve/CVE-2015-5540.html https://www.suse.com/security/cve/CVE-2015-5541.html https://www.suse.com/security/cve/CVE-2015-5544.html https://www.suse.com/security/cve/CVE-2015-5545.html https://www.suse.com/security/cve/CVE-2015-5546.html https://www.suse.com/security/cve/CVE-2015-5547.html https://www.suse.com/security/cve/CVE-2015-5548.html https://www.suse.com/security/cve/CVE-2015-5549.html https://www.suse.com/security/cve/CVE-2015-5550.html https://www.suse.com/security/cve/CVE-2015-5551.html https://www.suse.com/security/cve/CVE-2015-5552.html https://www.suse.com/security/cve/CVE-2015-5553.html https://www.suse.com/security/cve/CVE-2015-5554.html https://www.suse.com/security/cve/CVE-2015-5555.html https://www.suse.com/security/cve/CVE-2015-5556.html https://www.suse.com/security/cve/CVE-2015-5557.html https://www.suse.com/security/cve/CVE-2015-5558.html https://www.suse.com/security/cve/CVE-2015-5559.html https://www.suse.com/security/cve/CVE-2015-5560.html https://www.suse.com/security/cve/CVE-2015-5561.html https://www.suse.com/security/cve/CVE-2015-5562.html https://www.suse.com/security/cve/CVE-2015-5563.html https://bugzilla.suse.com/941239 From sle-security-updates at lists.suse.com Wed Aug 12 08:09:52 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Aug 2015 16:09:52 +0200 (CEST) Subject: SUSE-SU-2015:1374-1: critical: Security update for flash-player Message-ID: <20150812140952.54658320E8@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1374-1 Rating: critical References: #941239 Cross-References: CVE-2015-3107 CVE-2015-5124 CVE-2015-5125 CVE-2015-5127 CVE-2015-5128 CVE-2015-5129 CVE-2015-5130 CVE-2015-5131 CVE-2015-5132 CVE-2015-5133 CVE-2015-5134 CVE-2015-5539 CVE-2015-5540 CVE-2015-5541 CVE-2015-5544 CVE-2015-5545 CVE-2015-5546 CVE-2015-5547 CVE-2015-5548 CVE-2015-5549 CVE-2015-5550 CVE-2015-5551 CVE-2015-5552 CVE-2015-5553 CVE-2015-5554 CVE-2015-5555 CVE-2015-5556 CVE-2015-5557 CVE-2015-5558 CVE-2015-5559 CVE-2015-5560 CVE-2015-5561 CVE-2015-5562 CVE-2015-5563 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: This security update to 11.2.202.508 (bsc#941239) fixes the following issues: * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-390=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.508-99.1 flash-player-gnome-11.2.202.508-99.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.508-99.1 flash-player-gnome-11.2.202.508-99.1 References: https://www.suse.com/security/cve/CVE-2015-3107.html https://www.suse.com/security/cve/CVE-2015-5124.html https://www.suse.com/security/cve/CVE-2015-5125.html https://www.suse.com/security/cve/CVE-2015-5127.html https://www.suse.com/security/cve/CVE-2015-5128.html https://www.suse.com/security/cve/CVE-2015-5129.html https://www.suse.com/security/cve/CVE-2015-5130.html https://www.suse.com/security/cve/CVE-2015-5131.html https://www.suse.com/security/cve/CVE-2015-5132.html https://www.suse.com/security/cve/CVE-2015-5133.html https://www.suse.com/security/cve/CVE-2015-5134.html https://www.suse.com/security/cve/CVE-2015-5539.html https://www.suse.com/security/cve/CVE-2015-5540.html https://www.suse.com/security/cve/CVE-2015-5541.html https://www.suse.com/security/cve/CVE-2015-5544.html https://www.suse.com/security/cve/CVE-2015-5545.html https://www.suse.com/security/cve/CVE-2015-5546.html https://www.suse.com/security/cve/CVE-2015-5547.html https://www.suse.com/security/cve/CVE-2015-5548.html https://www.suse.com/security/cve/CVE-2015-5549.html https://www.suse.com/security/cve/CVE-2015-5550.html https://www.suse.com/security/cve/CVE-2015-5551.html https://www.suse.com/security/cve/CVE-2015-5552.html https://www.suse.com/security/cve/CVE-2015-5553.html https://www.suse.com/security/cve/CVE-2015-5554.html https://www.suse.com/security/cve/CVE-2015-5555.html https://www.suse.com/security/cve/CVE-2015-5556.html https://www.suse.com/security/cve/CVE-2015-5557.html https://www.suse.com/security/cve/CVE-2015-5558.html https://www.suse.com/security/cve/CVE-2015-5559.html https://www.suse.com/security/cve/CVE-2015-5560.html https://www.suse.com/security/cve/CVE-2015-5561.html https://www.suse.com/security/cve/CVE-2015-5562.html https://www.suse.com/security/cve/CVE-2015-5563.html https://bugzilla.suse.com/941239 From sle-security-updates at lists.suse.com Wed Aug 12 10:09:24 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Aug 2015 18:09:24 +0200 (CEST) Subject: SUSE-SU-2015:1375-1: important: Security update for java-1_7_0-ibm Message-ID: <20150812160924.3C41E320E8@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1375-1 Rating: important References: #935540 #938895 Cross-References: CVE-2015-0192 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: java-1_7_0-ibm was updated to fix 21 security issues. These security issues were fixed: - CVE-2015-4729: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment (bsc#938895). - CVE-2015-4748: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security (bsc#938895). - CVE-2015-2664: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bsc#938895). - CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allowed remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine (bsc#938895). - CVE-2015-2613: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-4731: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX (bsc#938895). - CVE-2015-2637: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-4733: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bsc#938895). - CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590 (bsc#938895). - CVE-2015-2621: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allowed remote attackers to affect confidentiality via vectors related to JMX (bsc#938895). - CVE-2015-2619: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732 (bsc#938895). - CVE-2015-2638: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JSSE (bsc#938895). - CVE-2015-2632: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-1931: Unspecified vulnerability (bsc#938895). - CVE-2015-4760: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue (bsc#935540). - CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL protocol, did not properly combine state data with key data during the initialization phase, which made it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue (bsc#938895). - CVE-2015-4749: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect availability via vectors related to JNDI (bsc#938895). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-12026=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-java-1_7_0-ibm-12026=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-java-1_7_0-ibm-12026=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12026=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr9.10-9.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): java-1_7_0-ibm-1.7.0_sr9.10-9.1 java-1_7_0-ibm-alsa-1.7.0_sr9.10-9.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.10-9.1 java-1_7_0-ibm-plugin-1.7.0_sr9.10-9.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.10-9.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.10-9.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.10-9.1 java-1_7_0-ibm-plugin-1.7.0_sr9.10-9.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.10-9.1 java-1_7_0-ibm-devel-1.7.0_sr9.10-9.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.10-9.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.10-9.1 java-1_7_0-ibm-plugin-1.7.0_sr9.10-9.1 References: https://www.suse.com/security/cve/CVE-2015-0192.html https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/938895 From sle-security-updates at lists.suse.com Wed Aug 12 11:09:17 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Aug 2015 19:09:17 +0200 (CEST) Subject: SUSE-SU-2015:1376-1: important: Security update for the Real Time Linux Kernel Message-ID: <20150812170917.C401C320E8@maintenance.suse.de> SUSE Security Update: Security update for the Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1376-1 Rating: important References: #831029 #877456 #889221 #891212 #891641 #900881 #902286 #904242 #904883 #904901 #906027 #908706 #909309 #909312 #909477 #909684 #910517 #911326 #912202 #912741 #913080 #913598 #914726 #914742 #914818 #914987 #915045 #915200 #915577 #916521 #916848 #917093 #917120 #917648 #917684 #917830 #917839 #918333 #919007 #919018 #919357 #919463 #919589 #919682 #919808 #921769 #922583 #923344 #924142 #924271 #924333 #924340 #925012 #925370 #925443 #925567 #925729 #926016 #926240 #926439 #926767 #927190 #927257 #927262 #927338 #928122 #928130 #928142 #928333 #928970 #929145 #929148 #929283 #929525 #929647 #930145 #930171 #930226 #930284 #930401 #930669 #930786 #930788 #931014 #931015 #931850 Cross-References: CVE-2014-8086 CVE-2014-8159 CVE-2014-9419 CVE-2014-9529 CVE-2014-9683 CVE-2015-0777 CVE-2015-1421 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 71 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to fix various bugs and security issues. The following vulnerabilities have been fixed: CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the ipv4 stack can cause crashes if a disconnect is followed by another connect() attempt. (bnc#929525) CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bnc#928130) CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bnc#927257) CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (bnc#922583) CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bnc#926240) CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bnc#919463) CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (bnc#919018) CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (bnc#919007) CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (bnc#915577) CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bnc#917830) CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. (bnc#918333) CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. (bnc#912202) CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326) CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bnc#914742) CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. (bnc#900881) The following non-security bugs have been fixed: * mm: exclude reserved pages from dirtyable memory (bnc#931015, bnc#930788). * mm: fix calculation of dirtyable memory (bnc#931015, bnc#930788). * mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (bnc#931015, bnc#930788). * mm, oom: fix and cleanup oom score calculations (bnc#930171). * mm: fix anon_vma->degree underflow in anon_vma endless growing prevention (bnc#904242). * mm, slab: lock the correct nodelist after reenabling irqs (bnc#926439). * x86: irq: Check for valid irq descriptor incheck_irq_vectors_for_cpu_disable (bnc#914726). * x86/mce: Introduce mce_gather_info() (bsc#914987). * x86/mce: Fix mce regression from recent cleanup (bsc#914987). * x86/mce: Update MCE severity condition check (bsc#914987). * x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). * x86/reboot: Fix a warning message triggered by stop_other_cpus() (bnc#930284). * x86/apic/uv: Update the UV APIC HUB check (bsc#929145). * x86/apic/uv: Update the UV APIC driver check (bsc#929145). * x86/apic/uv: Update the APIC UV OEM check (bsc#929145). * kabi: invalidate removed sys_elem_dir::children (bnc#919589). * kabi: fix for changes in the sysfs_dirent structure (bnc#919589). * iommu/amd: Correctly encode huge pages in iommu page tables (bsc#931014). * iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface (bsc#931014). * iommu/amd: Optimize alloc_new_range for new fetch_pte interface (bsc#931014). * iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface (bsc#931014). * iommu/amd: Return the pte page-size in fetch_pte (bsc#931014). * rtc: Prevent the automatic reboot after powering off the system (bnc#930145) * rtc: Restore the RTC alarm time to the configured alarm time in BIOS Setup (bnc#930145, bnc#927262). * rtc: Add more TGCS models for alarm disable quirk (bnc#927262). * kernel: Fix IA64 kernel/kthread.c build woes. Hide #include from kABI checker. * cpu: Correct cpu affinity for dlpar added cpus (bsc#928970). * proc: deal with deadlock in d_walk fix (bnc#929148, bnc#929283). * proc: /proc/stat: convert to single_open_size() (bnc#928122). * proc: new helper: single_open_size() (bnc#928122). * proc: speed up /proc/stat handling (bnc#928122). * sched: Fix potential near-infinite distribute_cfs_runtime() loop (bnc#930786) * tty: Correct tty buffer flush (bnc#929647). * tty: hold lock across tty buffer finding and buffer filling (bnc#929647). * fork: report pid reservation failure properly (bnc#909684). * random: Fix add_timer_randomness throttling (bsc#904883,bsc#904901,FATE#317374). * random: account for entropy loss due to overwrites (FATE#317374). * random: allow fractional bits to be tracked (FATE#317374). * random: statically compute poolbitshift, poolbytes, poolbits (FATE#317374). * crypto: Limit allocation of crypto mechanisms to dialect which requires (bnc#925729). * net: relax rcvbuf limits (bug#923344). * udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309). * acpi / sysfs: Treat the count field of counter_show() as unsigned (bnc#909312). * acpi / osl: speedup grace period in acpi_os_map_cleanup (bnc#877456). * btrfs: upstream fixes from 3.18 * btrfs: fix race when reusing stale extent buffers that leads to BUG_ON. * btrfs: btrfs_release_extent_buffer_page did not free pages of dummy extent (bnc#930226, bnc#916521). * btrfs: set error return value in btrfs_get_blocks_direct. * btrfs: fix off-by-one in cow_file_range_inline(). * btrfs: wake up transaction thread from SYNC_FS ioctl. * btrfs: fix wrong fsid check of scrub. * btrfs: try not to ENOSPC on log replay. * btrfs: fix build_backref_tree issue with multiple shared blocks. * btrfs: add missing end_page_writeback on submit_extent_page failure. * btrfs: fix crash of btrfs_release_extent_buffer_page. * btrfs: fix race in WAIT_SYNC ioctl. * btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup. * btrfs: cleanup orphans while looking up default subvolume (bsc#914818). * btrfs: fix lost return value due to variable shadowing. * btrfs: abort the transaction if we fail to update the free space cache inode. * btrfs: fix scheduler warning when syncing log. * btrfs: add more checks to btrfs_read_sys_array. * btrfs: cleanup, rename a few variables in btrfs_read_sys_array. * btrfs: add checks for sys_chunk_array sizes. * btrfs: more superblock checks, lower bounds on devices and sectorsize/nodesize. * btrfs: fix setup_leaf_for_split() to avoid leaf corruption. * btrfs: fix typos in btrfs_check_super_valid. * btrfs: use macro accessors in superblock validation checks. * btrfs: add more superblock checks. * btrfs: avoid premature -ENOMEM in clear_extent_bit(). * btrfs: avoid returning -ENOMEM in convert_extent_bit() too early. * btrfs: call inode_dec_link_count() on mkdir error path. * btrfs: fix fs corruption on transaction abort if device supports discard. * btrfs: make sure we wait on logged extents when fsycning two subvols. * btrfs: make xattr replace operations atomic. * xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080, bnc#912741). * xfs: prevent deadlock trying to cover an active log (bsc#917093). * xfs: introduce xfs_bmapi_read() (bnc#891641). * xfs: factor extent map manipulations out of xfs_bmapi (bnc#891641). * nfs: Fix a regression in nfs_file_llseek() (bnc#930401). * nfs: do not try to use lock state when we hold a delegation (bnc#831029) - add to series.conf * sunrpc: Fix the execution time statistics in the face of RPC restarts (bnc#924271). * fsnotify: Fix handling of renames in audit (bnc#915200). * configfs: fix race between dentry put and lookup (bnc#924333). * fs/pipe.c: add ->statfs callback for pipefs (bsc#916848). * fs/buffer.c: make block-size be per-page and protected by the page lock (bnc#919357). * st: fix corruption of the st_modedef structures in st_set_options() (bnc#928333). * lpfc: Fix race on command completion (bnc#906027,bnc#889221). * cifs: fix use-after-free bug in find_writable_file (bnc#909477). * sysfs: Make sysfs_rename safe with sysfs_dirents in rbtrees (bnc#919589). * sysfs: use rb-tree for inode number lookup (bnc#919589). * sysfs: use rb-tree for name lookups (bnc#919589). * dasd: Fix inability to set a DASD device offline (bnc#927338, LTC#123905). * dasd: Fix device having no paths after suspend/resume (bnc#927338, LTC#123896). * dasd: Fix unresumed device after suspend/resume (bnc#927338, LTC#123892). * dasd: Missing partition after online processing (bnc#917120, LTC#120565). * af_iucv: fix AF_IUCV sendmsg() errno (bnc#927338, LTC#123304). * s390: avoid z13 cache aliasing (bnc#925012). * s390: enable large page support with CONFIG_DEBUG_PAGEALLOC (bnc#925012). * s390: z13 base performance (bnc#925012, LTC#KRN1514). * s390/spinlock: cleanup spinlock code (bnc#925012). * s390/spinlock: optimize spinlock code sequence (bnc#925012). * s390/spinlock,rwlock: always to a load-and-test first (bnc#925012). * s390/spinlock: refactor arch_spin_lock_wait[_flags] (bnc#925012). * s390/spinlock: optimize spin_unlock code (bnc#925012). * s390/rwlock: add missing local_irq_restore calls (bnc#925012). * s390/time: use stck clock fast for do_account_vtime (bnc#925012). * s390/kernel: use stnsm 255 instead of stosm 0 (bnc#925012). * s390/mm: align 64-bit PIE binaries to 4GB (bnc#925012). * s390/mm: use pfmf instruction to initialize storage keys (bnc#925012). * s390/mm: speedup storage key initialization (bnc#925012). * s390/memory hotplug: initialize storage keys (bnc#925012). * s390/memory hotplug: use pfmf instruction to initialize storage keys (bnc#925012). * s390/facilities: cleanup PFMF and HPAGE machine facility detection (bnc#925012). * powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH (bsc#928142). * powerpc+sparc64/mm: Remove hack in mmap randomize layout (bsc#917839). * powerpc: Make chip-id information available to userspace (bsc#919682). * powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the allowed address space (bsc#930669). * ib/ipoib: Add missing locking when CM object is deleted (bsc#924340). * ib/ipoib: Fix RCU pointer dereference of wrong object (bsc#924340). * IPoIB: Fix race in deleting ipoib_neigh entries (bsc#924340). * IPoIB: Fix ipoib_neigh hashing to use the correct daddr octets (bsc#924340). * IPoIB: Fix AB-BA deadlock when deleting neighbours (bsc#924340). * IPoIB: Fix memory leak in the neigh table deletion flow (bsc#924340). * ch: fixup refcounting imbalance for SCSI devices (bsc#925443). * ch: remove ch_mutex (bnc#925443). * DLPAR memory add failed on Linux partition (bsc#927190). * Revert "pseries/iommu: Remove DDW on kexec" (bsc#926016). * Revert "powerpc/pseries/iommu: remove default window before attempting DDW manipulation" (bsc#926016). * alsa: hda_intel: apply the Seperate stream_tag for Sunrise Point (bsc#925370). * alsa: hda_intel: apply the Seperate stream_tag for Skylake (bsc#925370). * alsa: hda_controller: Separate stream_tag for input and output streams (bsc#925370). * md: do not give up looking for spares on first failure-to-add (bnc#908706). * md: fix safe_mode buglet (bnc#926767). * md: do not wait for plug_cnt to go to zero (bnc#891641). * epoll: fix use-after-free in eventpoll_release_file (epoll scaling). * eventpoll: use-after-possible-free in epoll_create1() (bug#917648). * direct-io: do not read inode->i_blkbits multiple times (bnc#919357). * scsifront: do not use bitfields for indicators modified under different locks. * msi: also reject resource with flags all clear. * pvscsi: support suspend/resume (bsc#902286). * do not switch internal CDC device on IBM NeXtScale nx360 M5 (bnc#913598). * dm: optimize use SRCU and RCU (bnc#910517). * uvc: work on XHCI controllers without ring expansion (bnc#915045). * qla2xxx: Do not crash system for sp ref count zero (bnc#891212,bsc#917684). * megaraid_sas : Update threshold based reply post host index register (bnc#919808). * bnx2x: Fix kdump when iommu=on (bug#921769). * Provide/Obsolete all subpackages of old flavors (bnc#925567) * tgcs: Ichigan 6140-x3x Integrated touchscreen is not precised (bnc#924142). Security Issues: * CVE-2014-8086 * CVE-2014-8159 * CVE-2014-9419 * CVE-2014-9529 * CVE-2014-9683 * CVE-2015-0777 * CVE-2015-1421 * CVE-2015-2041 * CVE-2015-2042 * CVE-2015-2150 * CVE-2015-2830 * CVE-2015-2922 * CVE-2015-3331 * CVE-2015-3339 * CVE-2015-3636 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel=10745 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.33.38-2.28.1.22 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.33.38-2.28.1.22 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.33.38-0.23.1.22 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.33.38-0.23.1.22 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.33.38-0.39.1.22 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.33.38-0.39.1.22 kernel-rt-3.0.101.rt130-0.33.38.1 kernel-rt-base-3.0.101.rt130-0.33.38.1 kernel-rt-devel-3.0.101.rt130-0.33.38.1 kernel-rt_trace-3.0.101.rt130-0.33.38.1 kernel-rt_trace-base-3.0.101.rt130-0.33.38.1 kernel-rt_trace-devel-3.0.101.rt130-0.33.38.1 kernel-source-rt-3.0.101.rt130-0.33.38.1 kernel-syms-rt-3.0.101.rt130-0.33.38.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.33.38-0.12.1.20 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.33.38-0.12.1.20 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.33.38-0.21.1.22 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.33.38-0.21.1.22 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.33.38-0.14.1.22 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.33.38-0.14.1.22 References: https://www.suse.com/security/cve/CVE-2014-8086.html https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2014-9419.html https://www.suse.com/security/cve/CVE-2014-9529.html https://www.suse.com/security/cve/CVE-2014-9683.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1421.html https://www.suse.com/security/cve/CVE-2015-2041.html https://www.suse.com/security/cve/CVE-2015-2042.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-2922.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://bugzilla.suse.com/831029 https://bugzilla.suse.com/877456 https://bugzilla.suse.com/889221 https://bugzilla.suse.com/891212 https://bugzilla.suse.com/891641 https://bugzilla.suse.com/900881 https://bugzilla.suse.com/902286 https://bugzilla.suse.com/904242 https://bugzilla.suse.com/904883 https://bugzilla.suse.com/904901 https://bugzilla.suse.com/906027 https://bugzilla.suse.com/908706 https://bugzilla.suse.com/909309 https://bugzilla.suse.com/909312 https://bugzilla.suse.com/909477 https://bugzilla.suse.com/909684 https://bugzilla.suse.com/910517 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/912202 https://bugzilla.suse.com/912741 https://bugzilla.suse.com/913080 https://bugzilla.suse.com/913598 https://bugzilla.suse.com/914726 https://bugzilla.suse.com/914742 https://bugzilla.suse.com/914818 https://bugzilla.suse.com/914987 https://bugzilla.suse.com/915045 https://bugzilla.suse.com/915200 https://bugzilla.suse.com/915577 https://bugzilla.suse.com/916521 https://bugzilla.suse.com/916848 https://bugzilla.suse.com/917093 https://bugzilla.suse.com/917120 https://bugzilla.suse.com/917648 https://bugzilla.suse.com/917684 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/917839 https://bugzilla.suse.com/918333 https://bugzilla.suse.com/919007 https://bugzilla.suse.com/919018 https://bugzilla.suse.com/919357 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/919589 https://bugzilla.suse.com/919682 https://bugzilla.suse.com/919808 https://bugzilla.suse.com/921769 https://bugzilla.suse.com/922583 https://bugzilla.suse.com/923344 https://bugzilla.suse.com/924142 https://bugzilla.suse.com/924271 https://bugzilla.suse.com/924333 https://bugzilla.suse.com/924340 https://bugzilla.suse.com/925012 https://bugzilla.suse.com/925370 https://bugzilla.suse.com/925443 https://bugzilla.suse.com/925567 https://bugzilla.suse.com/925729 https://bugzilla.suse.com/926016 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926439 https://bugzilla.suse.com/926767 https://bugzilla.suse.com/927190 https://bugzilla.suse.com/927257 https://bugzilla.suse.com/927262 https://bugzilla.suse.com/927338 https://bugzilla.suse.com/928122 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/928142 https://bugzilla.suse.com/928333 https://bugzilla.suse.com/928970 https://bugzilla.suse.com/929145 https://bugzilla.suse.com/929148 https://bugzilla.suse.com/929283 https://bugzilla.suse.com/929525 https://bugzilla.suse.com/929647 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930171 https://bugzilla.suse.com/930226 https://bugzilla.suse.com/930284 https://bugzilla.suse.com/930401 https://bugzilla.suse.com/930669 https://bugzilla.suse.com/930786 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/931014 https://bugzilla.suse.com/931015 https://bugzilla.suse.com/931850 https://download.suse.com/patch/finder/?keywords=d46854c3e502e19a491396bdae01c354 From sle-security-updates at lists.suse.com Thu Aug 13 05:09:27 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Aug 2015 13:09:27 +0200 (CEST) Subject: SUSE-SU-2015:1377-1: moderate: Security update for cups-filters Message-ID: <20150813110927.9C824320E8@maintenance.suse.de> SUSE Security Update: Security update for cups-filters ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1377-1 Rating: moderate References: #936281 #937018 Cross-References: CVE-2015-3258 CVE-2015-3279 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: cups-filters was updated to fix two security issues. These security issues were fixed: - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-393=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-393=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cups-filters-1.0.58-8.1 cups-filters-cups-browsed-1.0.58-8.1 cups-filters-cups-browsed-debuginfo-1.0.58-8.1 cups-filters-debuginfo-1.0.58-8.1 cups-filters-debugsource-1.0.58-8.1 cups-filters-foomatic-rip-1.0.58-8.1 cups-filters-foomatic-rip-debuginfo-1.0.58-8.1 cups-filters-ghostscript-1.0.58-8.1 cups-filters-ghostscript-debuginfo-1.0.58-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cups-filters-1.0.58-8.1 cups-filters-cups-browsed-1.0.58-8.1 cups-filters-cups-browsed-debuginfo-1.0.58-8.1 cups-filters-debuginfo-1.0.58-8.1 cups-filters-debugsource-1.0.58-8.1 cups-filters-foomatic-rip-1.0.58-8.1 cups-filters-foomatic-rip-debuginfo-1.0.58-8.1 cups-filters-ghostscript-1.0.58-8.1 cups-filters-ghostscript-debuginfo-1.0.58-8.1 References: https://www.suse.com/security/cve/CVE-2015-3258.html https://www.suse.com/security/cve/CVE-2015-3279.html https://bugzilla.suse.com/936281 https://bugzilla.suse.com/937018 From sle-security-updates at lists.suse.com Thu Aug 13 05:10:04 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Aug 2015 13:10:04 +0200 (CEST) Subject: SUSE-SU-2015:1378-1: moderate: Security update for libwmf Message-ID: <20150813111004.F1BD8320E8@maintenance.suse.de> SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1378-1 Rating: moderate References: #831299 #933109 #936058 #936062 Cross-References: CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libwmf-12027=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libwmf-12027=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libwmf-12027=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libwmf-12027=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libwmf-12027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwmf-0.2.8.4-206.29.29.1 libwmf-devel-0.2.8.4-206.29.29.1 libwmf-gnome-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libwmf-32bit-0.2.8.4-206.29.29.1 libwmf-gnome-32bit-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libwmf-gnome-x86-0.2.8.4-206.29.29.1 libwmf-x86-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libwmf-0.2.8.4-206.29.29.1 libwmf-devel-0.2.8.4-206.29.29.1 libwmf-gnome-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libwmf-32bit-0.2.8.4-206.29.29.1 libwmf-gnome-32bit-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64): libwmf-gnome-x86-0.2.8.4-206.29.29.1 libwmf-x86-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libwmf-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libwmf-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libwmf-debuginfo-0.2.8.4-206.29.29.1 libwmf-debugsource-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): libwmf-debuginfo-32bit-0.2.8.4-206.29.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): libwmf-debuginfo-x86-0.2.8.4-206.29.29.1 References: https://www.suse.com/security/cve/CVE-2015-0848.html https://www.suse.com/security/cve/CVE-2015-4588.html https://www.suse.com/security/cve/CVE-2015-4695.html https://www.suse.com/security/cve/CVE-2015-4696.html https://bugzilla.suse.com/831299 https://bugzilla.suse.com/933109 https://bugzilla.suse.com/936058 https://bugzilla.suse.com/936062 From sle-security-updates at lists.suse.com Thu Aug 13 08:09:35 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Aug 2015 16:09:35 +0200 (CEST) Subject: SUSE-SU-2015:1379-1: critical: Security update for MozillaFirefox Message-ID: <20150813140935.A6A12320E8@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1379-1 Rating: critical References: #940918 Cross-References: CVE-2015-4495 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This security update (bsc#940918) fixes the following issues: * MFSA 2015-78: (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-395=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-395=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-395=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-40.1 MozillaFirefox-debugsource-31.8.0esr-40.1 MozillaFirefox-devel-31.8.0esr-40.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le): MozillaFirefox-debuginfo-31.8.0esr-39.1 MozillaFirefox-debugsource-31.8.0esr-39.1 MozillaFirefox-devel-31.8.0esr-39.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): MozillaFirefox-31.8.0esr-40.1 MozillaFirefox-debuginfo-31.8.0esr-40.1 MozillaFirefox-debugsource-31.8.0esr-40.1 MozillaFirefox-translations-31.8.0esr-40.1 - SUSE Linux Enterprise Server 12 (ppc64le): MozillaFirefox-31.8.0esr-39.1 MozillaFirefox-debuginfo-31.8.0esr-39.1 MozillaFirefox-debugsource-31.8.0esr-39.1 MozillaFirefox-translations-31.8.0esr-39.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-31.8.0esr-40.1 MozillaFirefox-debuginfo-31.8.0esr-40.1 MozillaFirefox-debugsource-31.8.0esr-40.1 MozillaFirefox-translations-31.8.0esr-40.1 References: https://www.suse.com/security/cve/CVE-2015-4495.html https://bugzilla.suse.com/940918 From sle-security-updates at lists.suse.com Thu Aug 13 09:09:57 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Aug 2015 17:09:57 +0200 (CEST) Subject: SUSE-SU-2015:1380-1: critical: Security update for MozillaFirefox Message-ID: <20150813150957.32E22320E8@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1380-1 Rating: critical References: #940918 Cross-References: CVE-2015-4495 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12028=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-MozillaFirefox-12028=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-MozillaFirefox-12028=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12028=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-MozillaFirefox-12028=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-12028=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-MozillaFirefox-12028=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12028=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12028=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.8.0esr-0.13.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.8.0esr-0.13.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-31.8.0esr-0.13.2 MozillaFirefox-translations-31.8.0esr-0.13.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-31.8.0esr-0.13.2 MozillaFirefox-translations-31.8.0esr-0.13.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-31.8.0esr-0.13.2 MozillaFirefox-translations-31.8.0esr-0.13.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-31.8.0esr-0.13.2 MozillaFirefox-translations-31.8.0esr-0.13.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-31.8.0esr-0.13.2 MozillaFirefox-translations-31.8.0esr-0.13.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-0.13.2 MozillaFirefox-debugsource-31.8.0esr-0.13.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-0.13.2 MozillaFirefox-debugsource-31.8.0esr-0.13.2 References: https://www.suse.com/security/cve/CVE-2015-4495.html https://bugzilla.suse.com/940918 From sle-security-updates at lists.suse.com Fri Aug 14 05:09:32 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Aug 2015 13:09:32 +0200 (CEST) Subject: SUSE-SU-2015:1383-1: moderate: Security update for libqt5-qtbase Message-ID: <20150814110932.BEEA2320E8@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1383-1 Rating: moderate References: #870151 #921999 #927806 #927807 #927808 Cross-References: CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This security update fixes the following issues: * Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.patch - QTBUG-44547, bsc#921999 (CVE-2015-0295) * Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc#927806 (CVE-2015-1858), bsc#927807 (CVE-2015-1859) * Add libqt5-Fixes-crash-in-gif-image-decoder.patch - bsc#927808 (CVE-2015-1860) * Add libqt5-fix-use-after-free-bug.patch from upstream - fixes the use-after-free bug in backingstore, boo#870151 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-399=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-399=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-399=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.3.1-4.4.2 libQt5Concurrent-devel-5.3.1-4.4.2 libQt5Concurrent5-5.3.1-4.4.2 libQt5Concurrent5-debuginfo-5.3.1-4.4.2 libQt5Core-devel-5.3.1-4.4.2 libQt5DBus-devel-5.3.1-4.4.2 libQt5DBus-devel-debuginfo-5.3.1-4.4.2 libQt5Gui-devel-5.3.1-4.4.2 libQt5Network-devel-5.3.1-4.4.2 libQt5Network5-5.3.1-4.4.2 libQt5Network5-debuginfo-5.3.1-4.4.2 libQt5OpenGL-devel-5.3.1-4.4.2 libQt5OpenGL5-5.3.1-4.4.2 libQt5OpenGL5-debuginfo-5.3.1-4.4.2 libQt5OpenGLExtensions-devel-static-5.3.1-4.4.2 libQt5PlatformSupport-devel-static-5.3.1-4.4.2 libQt5PrintSupport-devel-5.3.1-4.4.2 libQt5PrintSupport5-5.3.1-4.4.2 libQt5PrintSupport5-debuginfo-5.3.1-4.4.2 libQt5Sql-devel-5.3.1-4.4.2 libQt5Sql5-5.3.1-4.4.2 libQt5Sql5-debuginfo-5.3.1-4.4.2 libQt5Sql5-mysql-5.3.1-4.4.2 libQt5Sql5-mysql-debuginfo-5.3.1-4.4.2 libQt5Sql5-postgresql-5.3.1-4.4.2 libQt5Sql5-postgresql-debuginfo-5.3.1-4.4.2 libQt5Sql5-sqlite-5.3.1-4.4.2 libQt5Sql5-sqlite-debuginfo-5.3.1-4.4.2 libQt5Sql5-unixODBC-5.3.1-4.4.2 libQt5Sql5-unixODBC-debuginfo-5.3.1-4.4.2 libQt5Test-devel-5.3.1-4.4.2 libQt5Test5-5.3.1-4.4.2 libQt5Test5-debuginfo-5.3.1-4.4.2 libQt5Widgets-devel-5.3.1-4.4.2 libQt5Xml-devel-5.3.1-4.4.2 libQt5Xml5-5.3.1-4.4.2 libQt5Xml5-debuginfo-5.3.1-4.4.2 libqt5-qtbase-common-devel-5.3.1-4.4.2 libqt5-qtbase-common-devel-debuginfo-5.3.1-4.4.2 libqt5-qtbase-debugsource-5.3.1-4.4.2 libqt5-qtbase-devel-5.3.1-4.4.2 libqt5-qtbase-doc-5.3.1-4.4.2 libqt5-qtbase-doc-debuginfo-5.3.1-4.4.2 - SUSE Linux Enterprise Software Development Kit 12 (noarch): libQt5Core-private-headers-devel-5.3.1-4.4.2 libQt5DBus-private-headers-devel-5.3.1-4.4.2 libQt5Gui-private-headers-devel-5.3.1-4.4.2 libQt5Network-private-headers-devel-5.3.1-4.4.2 libQt5OpenGL-private-headers-devel-5.3.1-4.4.2 libQt5PlatformSupport-private-headers-devel-5.3.1-4.4.2 libQt5PrintSupport-private-headers-devel-5.3.1-4.4.2 libQt5Sql-private-headers-devel-5.3.1-4.4.2 libQt5Test-private-headers-devel-5.3.1-4.4.2 libQt5Widgets-private-headers-devel-5.3.1-4.4.2 libqt5-qtbase-private-headers-devel-5.3.1-4.4.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libQt5Core5-5.3.1-4.4.2 libQt5Core5-debuginfo-5.3.1-4.4.2 libQt5DBus5-5.3.1-4.4.2 libQt5DBus5-debuginfo-5.3.1-4.4.2 libQt5Gui5-5.3.1-4.4.2 libQt5Gui5-debuginfo-5.3.1-4.4.2 libQt5Widgets5-5.3.1-4.4.2 libQt5Widgets5-debuginfo-5.3.1-4.4.2 libqt5-qtbase-debugsource-5.3.1-4.4.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libQt5Core5-5.3.1-4.4.2 libQt5Core5-debuginfo-5.3.1-4.4.2 libQt5DBus5-5.3.1-4.4.2 libQt5DBus5-debuginfo-5.3.1-4.4.2 libQt5Gui5-5.3.1-4.4.2 libQt5Gui5-debuginfo-5.3.1-4.4.2 libQt5Widgets5-5.3.1-4.4.2 libQt5Widgets5-debuginfo-5.3.1-4.4.2 libqt5-qtbase-debugsource-5.3.1-4.4.2 References: https://www.suse.com/security/cve/CVE-2015-0295.html https://www.suse.com/security/cve/CVE-2015-1858.html https://www.suse.com/security/cve/CVE-2015-1859.html https://www.suse.com/security/cve/CVE-2015-1860.html https://bugzilla.suse.com/870151 https://bugzilla.suse.com/921999 https://bugzilla.suse.com/927806 https://bugzilla.suse.com/927807 https://bugzilla.suse.com/927808 From sle-security-updates at lists.suse.com Fri Aug 14 05:10:39 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Aug 2015 13:10:39 +0200 (CEST) Subject: SUSE-SU-2015:1384-1: moderate: xen Message-ID: <20150814111039.89B2B320E8@maintenance.suse.de> SUSE Security Update: xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1384-1 Rating: moderate References: #939709 #939712 Cross-References: CVE-2015-5165 CVE-2015-5166 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-398=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-398=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-398=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.2_10-22.8.1 xen-devel-4.4.2_10-22.8.1 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.2_10-22.8.1 xen-debugsource-4.4.2_10-22.8.1 xen-doc-html-4.4.2_10-22.8.1 xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1 xen-kmp-default-debuginfo-4.4.2_10_k3.12.44_52.10-22.8.1 xen-libs-32bit-4.4.2_10-22.8.1 xen-libs-4.4.2_10-22.8.1 xen-libs-debuginfo-32bit-4.4.2_10-22.8.1 xen-libs-debuginfo-4.4.2_10-22.8.1 xen-tools-4.4.2_10-22.8.1 xen-tools-debuginfo-4.4.2_10-22.8.1 xen-tools-domU-4.4.2_10-22.8.1 xen-tools-domU-debuginfo-4.4.2_10-22.8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.2_10-22.8.1 xen-debugsource-4.4.2_10-22.8.1 xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1 xen-kmp-default-debuginfo-4.4.2_10_k3.12.44_52.10-22.8.1 xen-libs-32bit-4.4.2_10-22.8.1 xen-libs-4.4.2_10-22.8.1 xen-libs-debuginfo-32bit-4.4.2_10-22.8.1 xen-libs-debuginfo-4.4.2_10-22.8.1 References: https://www.suse.com/security/cve/CVE-2015-5165.html https://www.suse.com/security/cve/CVE-2015-5166.html https://bugzilla.suse.com/939709 https://bugzilla.suse.com/939712 From sle-security-updates at lists.suse.com Tue Aug 18 09:09:27 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Aug 2015 17:09:27 +0200 (CEST) Subject: SUSE-SU-2015:1404-1: moderate: xen Message-ID: <20150818150927.98330320E8@maintenance.suse.de> SUSE Security Update: xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1404-1 Rating: moderate References: #939709 #939712 Cross-References: CVE-2015-5165 CVE-2015-5166 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-Xen-12033=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-Xen-12033=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-Xen-12033=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-Xen-12033=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.2_12-23.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.2_12_3.0.101_63-23.1 xen-libs-4.4.2_12-23.1 xen-tools-domU-4.4.2_12-23.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.2_12-23.1 xen-doc-html-4.4.2_12-23.1 xen-libs-32bit-4.4.2_12-23.1 xen-tools-4.4.2_12-23.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.2_12_3.0.101_63-23.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xen-kmp-default-4.4.2_12_3.0.101_63-23.1 xen-libs-4.4.2_12-23.1 xen-tools-domU-4.4.2_12-23.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): xen-4.4.2_12-23.1 xen-doc-html-4.4.2_12-23.1 xen-libs-32bit-4.4.2_12-23.1 xen-tools-4.4.2_12-23.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586): xen-kmp-pae-4.4.2_12_3.0.101_63-23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.2_12-23.1 xen-debugsource-4.4.2_12-23.1 References: https://www.suse.com/security/cve/CVE-2015-5165.html https://www.suse.com/security/cve/CVE-2015-5166.html https://bugzilla.suse.com/939709 https://bugzilla.suse.com/939712 From sle-security-updates at lists.suse.com Wed Aug 19 08:09:25 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Aug 2015 16:09:25 +0200 (CEST) Subject: SUSE-SU-2015:1408-1: moderate: Security update for xen Message-ID: <20150819140925.919A9320E8@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1408-1 Rating: moderate References: #938344 #939712 Cross-References: CVE-2015-5154 CVE-2015-5165 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#938344: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM (CVE-2015-5154) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-Xen-12035=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-Xen-12035=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): xen-devel-4.1.6_08-17.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1 xen-libs-4.1.6_08-17.1 xen-tools-domU-4.1.6_08-17.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64): xen-4.1.6_08-17.1 xen-doc-html-4.1.6_08-17.1 xen-doc-pdf-4.1.6_08-17.1 xen-libs-32bit-4.1.6_08-17.1 xen-tools-4.1.6_08-17.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): xen-debuginfo-4.1.6_08-17.1 xen-debugsource-4.1.6_08-17.1 References: https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5165.html https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939712 From sle-security-updates at lists.suse.com Thu Aug 20 05:09:24 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Aug 2015 13:09:24 +0200 (CEST) Subject: SUSE-SU-2015:1409-1: important: Security update for kvm Message-ID: <20150820110924.43CBF320E8@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1409-1 Rating: important References: #938344 Cross-References: CVE-2015-5154 Affected Products: SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-kvm-12036=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-kvm-12036=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 x86_64): kvm-0.12.5-1.30.2 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 x86_64): kvm-debuginfo-0.12.5-1.30.2 kvm-debugsource-0.12.5-1.30.2 References: https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/938344 From sle-security-updates at lists.suse.com Thu Aug 20 08:09:50 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Aug 2015 16:09:50 +0200 (CEST) Subject: SUSE-SU-2015:1410-1: moderate: Recommended update for openssl Message-ID: <20150820140950.1F4B6320E8@maintenance.suse.de> SUSE Security Update: Recommended update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1410-1 Rating: moderate References: #937212 #937492 Cross-References: CVE-2015-0287 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of openssl fixes two regressions. - A regression was caused by the security fix for CVE-2015-0287, where DSA keys were not correctly loaded from file anymore. (bsc#937492) - RSA key generation odd keylengths was entering an endless loop (bsc#937212) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-418=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-418=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-418=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-27.3.1 openssl-debuginfo-1.0.1i-27.3.1 openssl-debugsource-1.0.1i-27.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.3.1 libopenssl1_0_0-debuginfo-1.0.1i-27.3.1 libopenssl1_0_0-hmac-1.0.1i-27.3.1 openssl-1.0.1i-27.3.1 openssl-debuginfo-1.0.1i-27.3.1 openssl-debugsource-1.0.1i-27.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.3.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.3.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.3.1 - SUSE Linux Enterprise Server 12 (noarch): openssl-doc-1.0.1i-27.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libopenssl1_0_0-1.0.1i-27.3.1 libopenssl1_0_0-32bit-1.0.1i-27.3.1 libopenssl1_0_0-debuginfo-1.0.1i-27.3.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.3.1 openssl-1.0.1i-27.3.1 openssl-debuginfo-1.0.1i-27.3.1 openssl-debugsource-1.0.1i-27.3.1 References: https://www.suse.com/security/cve/CVE-2015-0287.html https://bugzilla.suse.com/937212 https://bugzilla.suse.com/937492 From sle-security-updates at lists.suse.com Fri Aug 21 08:10:42 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Aug 2015 16:10:42 +0200 (CEST) Subject: SUSE-SU-2015:1420-1: moderate: Security update for tiff Message-ID: <20150821141042.4C38C27F16@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1420-1 Rating: moderate References: #914890 #916927 Cross-References: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-12040=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-tiff-12040=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-tiff-12040=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-12040=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-tiff-12040=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-tiff-12040=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-tiff-12040=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-12040=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tiff-12040=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.160.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.160.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libtiff3-3.8.2-141.160.1 tiff-3.8.2-141.160.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libtiff3-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.160.1 tiff-3.8.2-141.160.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.160.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.160.1 tiff-3.8.2-141.160.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libtiff3-x86-3.8.2-141.160.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libtiff3-3.8.2-141.160.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libtiff3-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libtiff3-3.8.2-141.160.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libtiff3-32bit-3.8.2-141.160.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.160.1 tiff-debugsource-3.8.2-141.160.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.160.1 tiff-debugsource-3.8.2-141.160.1 References: https://www.suse.com/security/cve/CVE-2014-8127.html https://www.suse.com/security/cve/CVE-2014-8128.html https://www.suse.com/security/cve/CVE-2014-8129.html https://www.suse.com/security/cve/CVE-2014-8130.html https://www.suse.com/security/cve/CVE-2014-9655.html https://bugzilla.suse.com/914890 https://bugzilla.suse.com/916927 From sle-security-updates at lists.suse.com Fri Aug 21 08:11:30 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Aug 2015 16:11:30 +0200 (CEST) Subject: SUSE-SU-2015:1421-1: important: Security update for xen Message-ID: <20150821141130.92AD1320E8@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1421-1 Rating: important References: #938344 #939712 Cross-References: CVE-2015-5154 CVE-2015-5165 Affected Products: SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Xen was updated to fix the following security issues: * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-xen-12039=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-xen-12039=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 x86_64): xen-4.0.3_21548_18-29.1 xen-doc-html-4.0.3_21548_18-29.1 xen-doc-pdf-4.0.3_21548_18-29.1 xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1 xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1 xen-libs-4.0.3_21548_18-29.1 xen-tools-4.0.3_21548_18-29.1 xen-tools-domU-4.0.3_21548_18-29.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586): xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 x86_64): xen-debuginfo-4.0.3_21548_18-29.1 xen-debugsource-4.0.3_21548_18-29.1 References: https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5165.html https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939712 From sle-security-updates at lists.suse.com Fri Aug 21 10:10:08 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Aug 2015 18:10:08 +0200 (CEST) Subject: SUSE-SU-2015:1424-1: important: Security update for glibc Message-ID: <20150821161008.A05D727F16@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1424-1 Rating: important References: #830257 #851280 #918187 #920338 #927080 #928723 #932059 #933770 #933903 #935286 Cross-References: CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-12042=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-glibc-12042=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-glibc-12042=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-12042=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-glibc-12042=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-glibc-12042=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-glibc-12042=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-12042=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-12042=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.87.3 glibc-info-2.11.3-17.87.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): glibc-html-2.11.3-17.87.3 glibc-info-2.11.3-17.87.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): glibc-2.11.3-17.87.3 glibc-devel-2.11.3-17.87.3 glibc-html-2.11.3-17.87.3 glibc-i18ndata-2.11.3-17.87.3 glibc-info-2.11.3-17.87.3 glibc-locale-2.11.3-17.87.3 glibc-profile-2.11.3-17.87.3 nscd-2.11.3-17.87.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): glibc-32bit-2.11.3-17.87.3 glibc-devel-32bit-2.11.3-17.87.3 glibc-locale-32bit-2.11.3-17.87.3 glibc-profile-32bit-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.87.3 glibc-devel-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.87.3 glibc-i18ndata-2.11.3-17.87.3 glibc-info-2.11.3-17.87.3 glibc-locale-2.11.3-17.87.3 glibc-profile-2.11.3-17.87.3 nscd-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.87.3 glibc-devel-32bit-2.11.3-17.87.3 glibc-locale-32bit-2.11.3-17.87.3 glibc-profile-32bit-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.87.3 glibc-profile-x86-2.11.3-17.87.3 glibc-x86-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.87.3 glibc-devel-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.87.3 glibc-i18ndata-2.11.3-17.87.3 glibc-info-2.11.3-17.87.3 glibc-locale-2.11.3-17.87.3 glibc-profile-2.11.3-17.87.3 nscd-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.87.3 glibc-devel-32bit-2.11.3-17.87.3 glibc-locale-32bit-2.11.3-17.87.3 glibc-profile-32bit-2.11.3-17.87.3 - SUSE Linux Enterprise Server 11-SP3 (ia64): glibc-locale-x86-2.11.3-17.87.3 glibc-profile-x86-2.11.3-17.87.3 glibc-x86-2.11.3-17.87.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 i686 x86_64): glibc-2.11.3-17.87.3 glibc-devel-2.11.3-17.87.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): glibc-i18ndata-2.11.3-17.87.3 glibc-locale-2.11.3-17.87.3 nscd-2.11.3-17.87.3 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): glibc-32bit-2.11.3-17.87.3 glibc-devel-32bit-2.11.3-17.87.3 glibc-locale-32bit-2.11.3-17.87.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 i686 x86_64): glibc-2.11.3-17.87.3 glibc-devel-2.11.3-17.87.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.87.3 glibc-locale-2.11.3-17.87.3 nscd-2.11.3-17.87.3 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): glibc-32bit-2.11.3-17.87.3 glibc-devel-32bit-2.11.3-17.87.3 glibc-locale-32bit-2.11.3-17.87.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.87.3 glibc-debugsource-2.11.3-17.87.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.87.3 glibc-debugsource-2.11.3-17.87.3 References: https://www.suse.com/security/cve/CVE-2013-2207.html https://www.suse.com/security/cve/CVE-2014-8121.html https://www.suse.com/security/cve/CVE-2015-1781.html https://bugzilla.suse.com/830257 https://bugzilla.suse.com/851280 https://bugzilla.suse.com/918187 https://bugzilla.suse.com/920338 https://bugzilla.suse.com/927080 https://bugzilla.suse.com/928723 https://bugzilla.suse.com/932059 https://bugzilla.suse.com/933770 https://bugzilla.suse.com/933903 https://bugzilla.suse.com/935286 From sle-security-updates at lists.suse.com Fri Aug 21 10:12:54 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Aug 2015 18:12:54 +0200 (CEST) Subject: SUSE-SU-2015:1425-1: moderate: Security update for php5 Message-ID: <20150821161254.05337320E8@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1425-1 Rating: moderate References: #938719 #938721 #940807 #940821 Cross-References: CVE-2015-5589 CVE-2015-5590 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the "phar" extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719) This update ships the php5-opcache package (FATE#319034 bsc#940807) and the php5-posix package. (FATE#319094 bsc#940821) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-429=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-429=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-33.2 php5-debugsource-5.5.14-33.2 php5-devel-5.5.14-33.2 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-33.2 apache2-mod_php5-debuginfo-5.5.14-33.2 php5-5.5.14-33.2 php5-bcmath-5.5.14-33.2 php5-bcmath-debuginfo-5.5.14-33.2 php5-bz2-5.5.14-33.2 php5-bz2-debuginfo-5.5.14-33.2 php5-calendar-5.5.14-33.2 php5-calendar-debuginfo-5.5.14-33.2 php5-ctype-5.5.14-33.2 php5-ctype-debuginfo-5.5.14-33.2 php5-curl-5.5.14-33.2 php5-curl-debuginfo-5.5.14-33.2 php5-dba-5.5.14-33.2 php5-dba-debuginfo-5.5.14-33.2 php5-debuginfo-5.5.14-33.2 php5-debugsource-5.5.14-33.2 php5-dom-5.5.14-33.2 php5-dom-debuginfo-5.5.14-33.2 php5-enchant-5.5.14-33.2 php5-enchant-debuginfo-5.5.14-33.2 php5-exif-5.5.14-33.2 php5-exif-debuginfo-5.5.14-33.2 php5-fastcgi-5.5.14-33.2 php5-fastcgi-debuginfo-5.5.14-33.2 php5-fileinfo-5.5.14-33.2 php5-fileinfo-debuginfo-5.5.14-33.2 php5-fpm-5.5.14-33.2 php5-fpm-debuginfo-5.5.14-33.2 php5-ftp-5.5.14-33.2 php5-ftp-debuginfo-5.5.14-33.2 php5-gd-5.5.14-33.2 php5-gd-debuginfo-5.5.14-33.2 php5-gettext-5.5.14-33.2 php5-gettext-debuginfo-5.5.14-33.2 php5-gmp-5.5.14-33.2 php5-gmp-debuginfo-5.5.14-33.2 php5-iconv-5.5.14-33.2 php5-iconv-debuginfo-5.5.14-33.2 php5-intl-5.5.14-33.2 php5-intl-debuginfo-5.5.14-33.2 php5-json-5.5.14-33.2 php5-json-debuginfo-5.5.14-33.2 php5-ldap-5.5.14-33.2 php5-ldap-debuginfo-5.5.14-33.2 php5-mbstring-5.5.14-33.2 php5-mbstring-debuginfo-5.5.14-33.2 php5-mcrypt-5.5.14-33.2 php5-mcrypt-debuginfo-5.5.14-33.2 php5-mysql-5.5.14-33.2 php5-mysql-debuginfo-5.5.14-33.2 php5-odbc-5.5.14-33.2 php5-odbc-debuginfo-5.5.14-33.2 php5-opcache-5.5.14-33.2 php5-opcache-debuginfo-5.5.14-33.2 php5-openssl-5.5.14-33.2 php5-openssl-debuginfo-5.5.14-33.2 php5-pcntl-5.5.14-33.2 php5-pcntl-debuginfo-5.5.14-33.2 php5-pdo-5.5.14-33.2 php5-pdo-debuginfo-5.5.14-33.2 php5-pgsql-5.5.14-33.2 php5-pgsql-debuginfo-5.5.14-33.2 php5-posix-5.5.14-33.2 php5-posix-debuginfo-5.5.14-33.2 php5-pspell-5.5.14-33.2 php5-pspell-debuginfo-5.5.14-33.2 php5-shmop-5.5.14-33.2 php5-shmop-debuginfo-5.5.14-33.2 php5-snmp-5.5.14-33.2 php5-snmp-debuginfo-5.5.14-33.2 php5-soap-5.5.14-33.2 php5-soap-debuginfo-5.5.14-33.2 php5-sockets-5.5.14-33.2 php5-sockets-debuginfo-5.5.14-33.2 php5-sqlite-5.5.14-33.2 php5-sqlite-debuginfo-5.5.14-33.2 php5-suhosin-5.5.14-33.2 php5-suhosin-debuginfo-5.5.14-33.2 php5-sysvmsg-5.5.14-33.2 php5-sysvmsg-debuginfo-5.5.14-33.2 php5-sysvsem-5.5.14-33.2 php5-sysvsem-debuginfo-5.5.14-33.2 php5-sysvshm-5.5.14-33.2 php5-sysvshm-debuginfo-5.5.14-33.2 php5-tokenizer-5.5.14-33.2 php5-tokenizer-debuginfo-5.5.14-33.2 php5-wddx-5.5.14-33.2 php5-wddx-debuginfo-5.5.14-33.2 php5-xmlreader-5.5.14-33.2 php5-xmlreader-debuginfo-5.5.14-33.2 php5-xmlrpc-5.5.14-33.2 php5-xmlrpc-debuginfo-5.5.14-33.2 php5-xmlwriter-5.5.14-33.2 php5-xmlwriter-debuginfo-5.5.14-33.2 php5-xsl-5.5.14-33.2 php5-xsl-debuginfo-5.5.14-33.2 php5-zip-5.5.14-33.2 php5-zip-debuginfo-5.5.14-33.2 php5-zlib-5.5.14-33.2 php5-zlib-debuginfo-5.5.14-33.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-33.2 References: https://www.suse.com/security/cve/CVE-2015-5589.html https://www.suse.com/security/cve/CVE-2015-5590.html https://bugzilla.suse.com/938719 https://bugzilla.suse.com/938721 https://bugzilla.suse.com/940807 https://bugzilla.suse.com/940821 From sle-security-updates at lists.suse.com Fri Aug 21 10:13:46 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Aug 2015 18:13:46 +0200 (CEST) Subject: SUSE-SU-2015:1426-1: important: Security update for kvm Message-ID: <20150821161346.CFB50320E8@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1426-1 Rating: important References: #932770 #938344 Cross-References: CVE-2015-3209 CVE-2015-5154 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: kvm was updated to fix two security issues. The following vulnerabilities were fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). - CVE-2015-3209: Fix buffer overflow in pcnet emulation (bsc#932770). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kvm-12041=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kvm-12041=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kvm-0.15.1-0.32.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kvm-debuginfo-0.15.1-0.32.2 kvm-debugsource-0.15.1-0.32.2 References: https://www.suse.com/security/cve/CVE-2015-3209.html https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/932770 https://bugzilla.suse.com/938344 From sle-security-updates at lists.suse.com Tue Aug 25 03:09:40 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Aug 2015 11:09:40 +0200 (CEST) Subject: SUSE-SU-2015:1433-1: moderate: Security update for p7zip Message-ID: <20150825090940.5D7AC320FC@maintenance.suse.de> SUSE Security Update: Security update for p7zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1433-1 Rating: moderate References: #912878 Cross-References: CVE-2015-1038 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2015-1038: directory traversal vulnerability [bnc#912878] This could for the overwriting of arbitrary files through uncompressing a crafted archive, with the privileges of the user running 7z Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-437=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-437=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): p7zip-9.20.1-3.2 p7zip-debuginfo-9.20.1-3.2 p7zip-debugsource-9.20.1-3.2 - SUSE Linux Enterprise Desktop 12 (x86_64): p7zip-9.20.1-3.2 p7zip-debuginfo-9.20.1-3.2 p7zip-debugsource-9.20.1-3.2 References: https://www.suse.com/security/cve/CVE-2015-1038.html https://bugzilla.suse.com/912878 From sle-security-updates at lists.suse.com Tue Aug 25 03:10:02 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Aug 2015 11:10:02 +0200 (CEST) Subject: SUSE-SU-2015:1434-1: Security update for python modules Message-ID: <20150825091002.6A2A8320FC@maintenance.suse.de> SUSE Security Update: Security update for python modules ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1434-1 Rating: low References: #928205 #932270 #933758 Cross-References: CVE-2015-1852 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update provides the following fixes for various python-modules: - python-openstackclient: + Fix image create location attribute (bnc#932270) - python-novaclient: + Update novaclient shell to use shared arguments from Session + Support using the Keystone V3 API from the Nova CLI - python-keystoneclient: + Fix s3_token middleware parsing insecure option (bsc#928205, CVE-2015-1852) - python-glanceclient: + remove deprecation warning Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-modules-201507-12046=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-glanceclient-0.15.0-9.2 python-keystoneclient-1.0.0-11.1 python-keystoneclient-doc-1.0.0-11.1 python-keystonemiddleware-1.2.0-11.2 python-novaclient-2.20.0-9.2 python-novaclient-doc-2.20.0-9.2 python-openstackclient-0.4.1-9.2 References: https://www.suse.com/security/cve/CVE-2015-1852.html https://bugzilla.suse.com/928205 https://bugzilla.suse.com/932270 https://bugzilla.suse.com/933758 From sle-security-updates at lists.suse.com Wed Aug 26 09:10:08 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Aug 2015 17:10:08 +0200 (CEST) Subject: SUSE-SU-2015:1439-1: moderate: Security update for perl-XML-LibXML Message-ID: <20150826151008.1AE54320FC@maintenance.suse.de> SUSE Security Update: Security update for perl-XML-LibXML ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1439-1 Rating: moderate References: #929237 Cross-References: CVE-2015-3451 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: perl-XML-LibXML was updated to fix the expand_entities option to be preserved in all cases. (CVE-2015-3451). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-442=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-442=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): perl-XML-LibXML-2.0019-5.3 perl-XML-LibXML-debuginfo-2.0019-5.3 perl-XML-LibXML-debugsource-2.0019-5.3 - SUSE Linux Enterprise Desktop 12 (x86_64): perl-XML-LibXML-2.0019-5.3 perl-XML-LibXML-debuginfo-2.0019-5.3 perl-XML-LibXML-debugsource-2.0019-5.3 References: https://www.suse.com/security/cve/CVE-2015-3451.html https://bugzilla.suse.com/929237 From sle-security-updates at lists.suse.com Fri Aug 28 04:10:03 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Aug 2015 12:10:03 +0200 (CEST) Subject: SUSE-SU-2015:1444-1: moderate: Security update for mozilla-nspr Message-ID: <20150828101003.A84D8320F6@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1444-1 Rating: moderate References: #935979 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: mozilla-nspr was update to version 4.10.8 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mozilla-nspr-12048=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mozilla-nspr-12048=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mozilla-nspr-12048=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mozilla-nspr-12048=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mozilla-nspr-12048=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-mozilla-nspr-12048=1 - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-mozilla-nspr-12048=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mozilla-nspr-12048=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mozilla-nspr-12048=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nspr-12048=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nspr-12048=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-mozilla-nspr-12048=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-mozilla-nspr-12048=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nspr-devel-4.10.8-0.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): mozilla-nspr-devel-4.10.8-0.8.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): mozilla-nspr-4.10.8-0.8.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nspr-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): mozilla-nspr-x86-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): mozilla-nspr-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): mozilla-nspr-x86-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): mozilla-nspr-4.10.8-0.8.1 mozilla-nspr-devel-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): mozilla-nspr-4.10.8-0.8.1 mozilla-nspr-devel-4.10.8-0.8.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): mozilla-nspr-4.10.8-0.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): mozilla-nspr-4.10.8-0.8.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): mozilla-nspr-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nspr-debuginfo-4.10.8-0.8.1 mozilla-nspr-debugsource-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): mozilla-nspr-debuginfo-x86-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): mozilla-nspr-debuginfo-4.10.8-0.8.1 mozilla-nspr-debugsource-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): mozilla-nspr-debuginfo-x86-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): mozilla-nspr-debuginfo-4.10.8-0.8.1 mozilla-nspr-debugsource-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 s390x x86_64): mozilla-nspr-debuginfo-4.10.8-0.8.1 mozilla-nspr-debugsource-4.10.8-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.8.1 References: https://bugzilla.suse.com/935979 From sle-security-updates at lists.suse.com Fri Aug 28 04:10:47 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Aug 2015 12:10:47 +0200 (CEST) Subject: SUSE-SU-2015:1445-1: moderate: Security update for busybox Message-ID: <20150828101047.5E70A320FC@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1445-1 Rating: moderate References: #914660 Cross-References: CVE-2014-9645 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: -The following issues are fixed by this update: CVE-2014-9645: do not allow / in module names to avoid loading bad modules (bnc#914660) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-448=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-448=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): busybox-1.21.1-3.3 - SUSE Linux Enterprise Desktop 12 (x86_64): busybox-1.21.1-3.3 References: https://www.suse.com/security/cve/CVE-2014-9645.html https://bugzilla.suse.com/914660 From sle-security-updates at lists.suse.com Fri Aug 28 08:10:18 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Aug 2015 16:10:18 +0200 (CEST) Subject: SUSE-SU-2015:1449-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20150828141018.F3D5E320FC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1449-1 Rating: important References: #935033 #935979 #940806 #940918 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-mozilla-201507-12049=1 - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-mozilla-201507-12049=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-mozilla-201507-12049=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-mozilla-201507-12049=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-38.2.0esr-10.1 MozillaFirefox-branding-SLED-31.0-0.5.7.11 MozillaFirefox-translations-38.2.0esr-10.1 firefox-libgcc_s1-4.7.2_20130108-0.37.2 firefox-libstdc++6-4.7.2_20130108-0.37.2 libfreebl3-3.19.2.0-0.7.1 mozilla-nss-3.19.2.0-0.7.1 mozilla-nss-devel-3.19.2.0-0.7.1 mozilla-nss-tools-3.19.2.0-0.7.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.19.2.0-0.7.1 mozilla-nss-32bit-3.19.2.0-0.7.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): MozillaFirefox-38.2.0esr-10.1 MozillaFirefox-branding-SLED-31.0-0.5.7.11 MozillaFirefox-translations-38.2.0esr-10.1 firefox-libgcc_s1-4.7.2_20130108-0.37.2 firefox-libstdc++6-4.7.2_20130108-0.37.2 libfreebl3-3.19.2.0-0.7.1 mozilla-nss-3.19.2.0-0.7.1 mozilla-nss-devel-3.19.2.0-0.7.1 mozilla-nss-tools-3.19.2.0-0.7.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.19.2.0-0.7.1 mozilla-nss-32bit-3.19.2.0-0.7.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.2.0esr-10.1 MozillaFirefox-debugsource-38.2.0esr-10.1 mozilla-nss-debuginfo-3.19.2.0-0.7.1 mozilla-nss-debugsource-3.19.2.0-0.7.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): mozilla-nss-debuginfo-32bit-3.19.2.0-0.7.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.2.0esr-10.1 MozillaFirefox-debugsource-38.2.0esr-10.1 mozilla-nss-debuginfo-3.19.2.0-0.7.1 mozilla-nss-debugsource-3.19.2.0-0.7.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (s390x x86_64): mozilla-nss-debuginfo-32bit-3.19.2.0-0.7.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4473.html https://www.suse.com/security/cve/CVE-2015-4474.html https://www.suse.com/security/cve/CVE-2015-4475.html https://www.suse.com/security/cve/CVE-2015-4478.html https://www.suse.com/security/cve/CVE-2015-4479.html https://www.suse.com/security/cve/CVE-2015-4484.html https://www.suse.com/security/cve/CVE-2015-4485.html https://www.suse.com/security/cve/CVE-2015-4486.html https://www.suse.com/security/cve/CVE-2015-4487.html https://www.suse.com/security/cve/CVE-2015-4488.html https://www.suse.com/security/cve/CVE-2015-4489.html https://www.suse.com/security/cve/CVE-2015-4491.html https://www.suse.com/security/cve/CVE-2015-4492.html https://www.suse.com/security/cve/CVE-2015-4495.html https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 https://bugzilla.suse.com/940806 https://bugzilla.suse.com/940918 From sle-security-updates at lists.suse.com Mon Aug 31 02:09:58 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 31 Aug 2015 10:09:58 +0200 (CEST) Subject: SUSE-SU-2015:1455-1: important: Security update for kvm Message-ID: <20150831080958.D4A5F320F7@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1455-1 Rating: important References: #938344 Cross-References: CVE-2015-5154 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-12053=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kvm-12053=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-32.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kvm-1.4.2-32.1 References: https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/938344 From sle-security-updates at lists.suse.com Mon Aug 31 23:10:09 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 1 Sep 2015 07:10:09 +0200 (CEST) Subject: SUSE-SU-2015:1466-1: moderate: Security update for php53 Message-ID: <20150901051009.ACA4F320FC@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1466-1 Rating: moderate References: #938719 #938721 Cross-References: CVE-2015-5589 CVE-2015-5590 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the "phar" extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12057=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-php53-12057=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-php53-12057=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12057=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-php53-12057=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12057=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-12057=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-45.1 php53-imap-5.3.17-45.1 php53-posix-5.3.17-45.1 php53-readline-5.3.17-45.1 php53-sockets-5.3.17-45.1 php53-sqlite-5.3.17-45.1 php53-tidy-5.3.17-45.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-45.1 php53-imap-5.3.17-45.1 php53-posix-5.3.17-45.1 php53-readline-5.3.17-45.1 php53-sockets-5.3.17-45.1 php53-sqlite-5.3.17-45.1 php53-tidy-5.3.17-45.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): apache2-mod_php53-5.3.17-45.1 php53-5.3.17-45.1 php53-bcmath-5.3.17-45.1 php53-bz2-5.3.17-45.1 php53-calendar-5.3.17-45.1 php53-ctype-5.3.17-45.1 php53-curl-5.3.17-45.1 php53-dba-5.3.17-45.1 php53-dom-5.3.17-45.1 php53-exif-5.3.17-45.1 php53-fastcgi-5.3.17-45.1 php53-fileinfo-5.3.17-45.1 php53-ftp-5.3.17-45.1 php53-gd-5.3.17-45.1 php53-gettext-5.3.17-45.1 php53-gmp-5.3.17-45.1 php53-iconv-5.3.17-45.1 php53-intl-5.3.17-45.1 php53-json-5.3.17-45.1 php53-ldap-5.3.17-45.1 php53-mbstring-5.3.17-45.1 php53-mcrypt-5.3.17-45.1 php53-mysql-5.3.17-45.1 php53-odbc-5.3.17-45.1 php53-openssl-5.3.17-45.1 php53-pcntl-5.3.17-45.1 php53-pdo-5.3.17-45.1 php53-pear-5.3.17-45.1 php53-pgsql-5.3.17-45.1 php53-pspell-5.3.17-45.1 php53-shmop-5.3.17-45.1 php53-snmp-5.3.17-45.1 php53-soap-5.3.17-45.1 php53-suhosin-5.3.17-45.1 php53-sysvmsg-5.3.17-45.1 php53-sysvsem-5.3.17-45.1 php53-sysvshm-5.3.17-45.1 php53-tokenizer-5.3.17-45.1 php53-wddx-5.3.17-45.1 php53-xmlreader-5.3.17-45.1 php53-xmlrpc-5.3.17-45.1 php53-xmlwriter-5.3.17-45.1 php53-xsl-5.3.17-45.1 php53-zip-5.3.17-45.1 php53-zlib-5.3.17-45.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-45.1 php53-5.3.17-45.1 php53-bcmath-5.3.17-45.1 php53-bz2-5.3.17-45.1 php53-calendar-5.3.17-45.1 php53-ctype-5.3.17-45.1 php53-curl-5.3.17-45.1 php53-dba-5.3.17-45.1 php53-dom-5.3.17-45.1 php53-exif-5.3.17-45.1 php53-fastcgi-5.3.17-45.1 php53-fileinfo-5.3.17-45.1 php53-ftp-5.3.17-45.1 php53-gd-5.3.17-45.1 php53-gettext-5.3.17-45.1 php53-gmp-5.3.17-45.1 php53-iconv-5.3.17-45.1 php53-intl-5.3.17-45.1 php53-json-5.3.17-45.1 php53-ldap-5.3.17-45.1 php53-mbstring-5.3.17-45.1 php53-mcrypt-5.3.17-45.1 php53-mysql-5.3.17-45.1 php53-odbc-5.3.17-45.1 php53-openssl-5.3.17-45.1 php53-pcntl-5.3.17-45.1 php53-pdo-5.3.17-45.1 php53-pear-5.3.17-45.1 php53-pgsql-5.3.17-45.1 php53-pspell-5.3.17-45.1 php53-shmop-5.3.17-45.1 php53-snmp-5.3.17-45.1 php53-soap-5.3.17-45.1 php53-suhosin-5.3.17-45.1 php53-sysvmsg-5.3.17-45.1 php53-sysvsem-5.3.17-45.1 php53-sysvshm-5.3.17-45.1 php53-tokenizer-5.3.17-45.1 php53-wddx-5.3.17-45.1 php53-xmlreader-5.3.17-45.1 php53-xmlrpc-5.3.17-45.1 php53-xmlwriter-5.3.17-45.1 php53-xsl-5.3.17-45.1 php53-zip-5.3.17-45.1 php53-zlib-5.3.17-45.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-45.1 php53-5.3.17-45.1 php53-bcmath-5.3.17-45.1 php53-bz2-5.3.17-45.1 php53-calendar-5.3.17-45.1 php53-ctype-5.3.17-45.1 php53-curl-5.3.17-45.1 php53-dba-5.3.17-45.1 php53-dom-5.3.17-45.1 php53-exif-5.3.17-45.1 php53-fastcgi-5.3.17-45.1 php53-fileinfo-5.3.17-45.1 php53-ftp-5.3.17-45.1 php53-gd-5.3.17-45.1 php53-gettext-5.3.17-45.1 php53-gmp-5.3.17-45.1 php53-iconv-5.3.17-45.1 php53-intl-5.3.17-45.1 php53-json-5.3.17-45.1 php53-ldap-5.3.17-45.1 php53-mbstring-5.3.17-45.1 php53-mcrypt-5.3.17-45.1 php53-mysql-5.3.17-45.1 php53-odbc-5.3.17-45.1 php53-openssl-5.3.17-45.1 php53-pcntl-5.3.17-45.1 php53-pdo-5.3.17-45.1 php53-pear-5.3.17-45.1 php53-pgsql-5.3.17-45.1 php53-pspell-5.3.17-45.1 php53-shmop-5.3.17-45.1 php53-snmp-5.3.17-45.1 php53-soap-5.3.17-45.1 php53-suhosin-5.3.17-45.1 php53-sysvmsg-5.3.17-45.1 php53-sysvsem-5.3.17-45.1 php53-sysvshm-5.3.17-45.1 php53-tokenizer-5.3.17-45.1 php53-wddx-5.3.17-45.1 php53-xmlreader-5.3.17-45.1 php53-xmlrpc-5.3.17-45.1 php53-xmlwriter-5.3.17-45.1 php53-xsl-5.3.17-45.1 php53-zip-5.3.17-45.1 php53-zlib-5.3.17-45.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-45.1 php53-debugsource-5.3.17-45.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-45.1 php53-debugsource-5.3.17-45.1 References: https://www.suse.com/security/cve/CVE-2015-5589.html https://www.suse.com/security/cve/CVE-2015-5590.html https://bugzilla.suse.com/938719 https://bugzilla.suse.com/938721