From sle-security-updates at lists.suse.com Mon Feb 1 07:11:57 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2016 15:11:57 +0100 (CET) Subject: SUSE-SU-2016:0296-1: moderate: Security update for mariadb Message-ID: <20160201141157.81CC13213F@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0296-1 Rating: moderate References: #937787 #957174 #958789 Cross-References: CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 - Fix information leak via mysql-systemd-helper script. (CVE-2015-5969, bsc#957174) For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents: - https://kb.askmonty.org/en/mariadb-10022-release-notes/ - https://kb.askmonty.org/en/mariadb-10022-changelog/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-183=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-183=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-183=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.22-3.1 libmysqlclient_r18-32bit-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.22-3.1 libmysqlclient_r18-10.0.22-3.1 libmysqld-devel-10.0.22-3.1 libmysqld18-10.0.22-3.1 libmysqld18-debuginfo-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.22-3.1 libmysqlclient18-debuginfo-10.0.22-3.1 mariadb-10.0.22-3.1 mariadb-client-10.0.22-3.1 mariadb-client-debuginfo-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 mariadb-errormessages-10.0.22-3.1 mariadb-tools-10.0.22-3.1 mariadb-tools-debuginfo-10.0.22-3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.22-3.1 libmysqlclient18-debuginfo-32bit-10.0.22-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.22-3.1 libmysqlclient18-32bit-10.0.22-3.1 libmysqlclient18-debuginfo-10.0.22-3.1 libmysqlclient18-debuginfo-32bit-10.0.22-3.1 libmysqlclient_r18-10.0.22-3.1 libmysqlclient_r18-32bit-10.0.22-3.1 mariadb-10.0.22-3.1 mariadb-client-10.0.22-3.1 mariadb-client-debuginfo-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 mariadb-errormessages-10.0.22-3.1 References: https://www.suse.com/security/cve/CVE-2015-4792.html https://www.suse.com/security/cve/CVE-2015-4802.html https://www.suse.com/security/cve/CVE-2015-4807.html https://www.suse.com/security/cve/CVE-2015-4815.html https://www.suse.com/security/cve/CVE-2015-4826.html https://www.suse.com/security/cve/CVE-2015-4830.html https://www.suse.com/security/cve/CVE-2015-4836.html https://www.suse.com/security/cve/CVE-2015-4858.html https://www.suse.com/security/cve/CVE-2015-4861.html https://www.suse.com/security/cve/CVE-2015-4870.html https://www.suse.com/security/cve/CVE-2015-4913.html https://www.suse.com/security/cve/CVE-2015-5969.html https://bugzilla.suse.com/937787 https://bugzilla.suse.com/957174 https://bugzilla.suse.com/958789 From sle-security-updates at lists.suse.com Mon Feb 1 12:11:31 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2016 20:11:31 +0100 (CET) Subject: SUSE-SU-2016:0303-1: moderate: Security update for kdebase4-workspace Message-ID: <20160201191131.D1C8E3213F@maintenance.suse.de> SUSE Security Update: Security update for kdebase4-workspace ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0303-1 Rating: moderate References: #904625 #929718 Cross-References: CVE-2014-8651 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kdebase4-workspace-20160115-12380=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-devel-4.3.5-0.12.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-devel-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-debuginfo-4.3.5-0.12.20.1 kdebase4-workspace-debugsource-4.3.5-0.12.20.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-debuginfo-4.3.5-0.12.20.1 kdebase4-workspace-debugsource-4.3.5-0.12.20.1 References: https://www.suse.com/security/cve/CVE-2014-8651.html https://bugzilla.suse.com/904625 https://bugzilla.suse.com/929718 From sle-security-updates at lists.suse.com Mon Feb 1 12:12:20 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2016 20:12:20 +0100 (CET) Subject: SUSE-SU-2016:0304-1: moderate: Security update for libvirt Message-ID: <20160201191220.1FF533213F@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0304-1 Rating: moderate References: #899334 #903757 #904432 #911737 #914297 #914693 #921355 #921555 #921586 #936524 #938228 #948516 #948686 #953110 Cross-References: CVE-2015-0236 CVE-2015-5313 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: libvirt was updated to fix one security issue and several non-security issues. This security issue was fixed: - CVE-2015-0236: libvirt allowed remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. (bsc#914693) - CVE-2015-5313: path traversal vulnerability allowed libvirtd process to write arbitrary files into file system using root permissions (bsc#953110) Theses non-security issues were fixed: - bsc#948686: Use PAUSED state for domains that are starting up. - bsc#903757: Provide nodeGetSecurityModel implementation in libxl. - bsc#938228: Set disk type to BLOCK when driver is not tap or file. - bsc#948516: Fix profile_status to distinguish between errors and unconfined domains. - bsc#936524: Fix error starting lxc containers with direct interfaces. - bsc#921555: Fixed apparmor generated profile for PCI hostdevs. - bsc#899334: Include additional upstream fixes for systemd TerminateMachine. - bsc#921586: Fix security driver default settings in /etc/libvirt/qemu.conf. - bsc#921355: Fixed a number of QEMU apparmor abstraction problems. - bsc#911737: Additional fix for the case where security labels aren't automatically set. - bsc#914297: Allow setting the URL of an SMT server to use in place of SCC. - bsc#904432: Backported route definition changes. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-189=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-189=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-189=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-189=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-189=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libvirt-client-32bit-1.2.5-27.10.1 libvirt-client-debuginfo-32bit-1.2.5-27.10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libvirt-debugsource-1.2.5-27.10.1 libvirt-devel-1.2.5-27.10.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libvirt-client-32bit-1.2.5-27.10.1 libvirt-client-debuginfo-32bit-1.2.5-27.10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libvirt-1.2.5-27.10.1 libvirt-client-1.2.5-27.10.1 libvirt-client-debuginfo-1.2.5-27.10.1 libvirt-daemon-1.2.5-27.10.1 libvirt-daemon-config-network-1.2.5-27.10.1 libvirt-daemon-config-nwfilter-1.2.5-27.10.1 libvirt-daemon-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-interface-1.2.5-27.10.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-lxc-1.2.5-27.10.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-network-1.2.5-27.10.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-qemu-1.2.5-27.10.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-secret-1.2.5-27.10.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-storage-1.2.5-27.10.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.10.1 libvirt-daemon-lxc-1.2.5-27.10.1 libvirt-daemon-qemu-1.2.5-27.10.1 libvirt-debugsource-1.2.5-27.10.1 libvirt-doc-1.2.5-27.10.1 libvirt-lock-sanlock-1.2.5-27.10.1 libvirt-lock-sanlock-debuginfo-1.2.5-27.10.1 - SUSE Linux Enterprise Server 12 (x86_64): libvirt-daemon-driver-libxl-1.2.5-27.10.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.10.1 libvirt-daemon-xen-1.2.5-27.10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libvirt-1.2.5-27.10.1 libvirt-client-1.2.5-27.10.1 libvirt-client-32bit-1.2.5-27.10.1 libvirt-client-debuginfo-1.2.5-27.10.1 libvirt-client-debuginfo-32bit-1.2.5-27.10.1 libvirt-daemon-1.2.5-27.10.1 libvirt-daemon-config-network-1.2.5-27.10.1 libvirt-daemon-config-nwfilter-1.2.5-27.10.1 libvirt-daemon-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-interface-1.2.5-27.10.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-libxl-1.2.5-27.10.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-lxc-1.2.5-27.10.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-network-1.2.5-27.10.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-qemu-1.2.5-27.10.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-secret-1.2.5-27.10.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-storage-1.2.5-27.10.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.10.1 libvirt-daemon-lxc-1.2.5-27.10.1 libvirt-daemon-qemu-1.2.5-27.10.1 libvirt-daemon-xen-1.2.5-27.10.1 libvirt-debugsource-1.2.5-27.10.1 libvirt-doc-1.2.5-27.10.1 References: https://www.suse.com/security/cve/CVE-2015-0236.html https://www.suse.com/security/cve/CVE-2015-5313.html https://bugzilla.suse.com/899334 https://bugzilla.suse.com/903757 https://bugzilla.suse.com/904432 https://bugzilla.suse.com/911737 https://bugzilla.suse.com/914297 https://bugzilla.suse.com/914693 https://bugzilla.suse.com/921355 https://bugzilla.suse.com/921555 https://bugzilla.suse.com/921586 https://bugzilla.suse.com/936524 https://bugzilla.suse.com/938228 https://bugzilla.suse.com/948516 https://bugzilla.suse.com/948686 https://bugzilla.suse.com/953110 From sle-security-updates at lists.suse.com Wed Feb 3 09:11:18 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Feb 2016 17:11:18 +0100 (CET) Subject: SUSE-SU-2016:0324-1: moderate: Recommended update for LibreOffice Message-ID: <20160203161118.2EBD43213F@maintenance.suse.de> SUSE Security Update: Recommended update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0324-1 Rating: moderate References: #306333 #547549 #668145 #679938 #681560 #688200 #718113 #806250 #857026 #889755 #890735 #907636 #907966 #910805 #910806 #914911 #934423 #936188 #936190 #939996 #940838 #943075 #945047 #945692 #951579 #954345 Cross-References: CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 19 fixes is now available. Description: This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ * LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases * New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface. * LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around. The Pentaho Flow Reporting Engine is now added and used. Security issues fixed: * CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. * CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. * CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed. * CVE-2015-5212: A LibreOffice "PrinterSetup Length" integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document. * CVE-2015-5213: A LibreOffice "Piece Table Counter" invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document. * CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libreoffice-504-1174=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libreoffice-504-1174=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libreoffice-504-1174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): hyphen-devel-2.8.8-2.1 libhyphen0-2.8.8-2.1 libmythes-1_2-0-1.2.4-2.1 libreoffice-5.0.4.2-23.1 libreoffice-base-5.0.4.2-23.1 libreoffice-base-drivers-postgresql-5.0.4.2-23.1 libreoffice-branding-upstream-5.0.4.2-23.1 libreoffice-calc-5.0.4.2-23.1 libreoffice-calc-extensions-5.0.4.2-23.1 libreoffice-draw-5.0.4.2-23.1 libreoffice-filters-optional-5.0.4.2-23.1 libreoffice-gnome-5.0.4.2-23.1 libreoffice-icon-theme-galaxy-5.0.4.2-23.1 libreoffice-icon-theme-tango-5.0.4.2-23.1 libreoffice-impress-5.0.4.2-23.1 libreoffice-kde4-5.0.4.2-23.1 libreoffice-l10n-af-5.0.4.2-23.1 libreoffice-l10n-ar-5.0.4.2-23.1 libreoffice-l10n-ca-5.0.4.2-23.1 libreoffice-l10n-cs-5.0.4.2-23.1 libreoffice-l10n-da-5.0.4.2-23.1 libreoffice-l10n-de-5.0.4.2-23.1 libreoffice-l10n-en-5.0.4.2-23.1 libreoffice-l10n-es-5.0.4.2-23.1 libreoffice-l10n-fi-5.0.4.2-23.1 libreoffice-l10n-fr-5.0.4.2-23.1 libreoffice-l10n-gu-5.0.4.2-23.1 libreoffice-l10n-hi-5.0.4.2-23.1 libreoffice-l10n-hu-5.0.4.2-23.1 libreoffice-l10n-it-5.0.4.2-23.1 libreoffice-l10n-ja-5.0.4.2-23.1 libreoffice-l10n-ko-5.0.4.2-23.1 libreoffice-l10n-nb-5.0.4.2-23.1 libreoffice-l10n-nl-5.0.4.2-23.1 libreoffice-l10n-nn-5.0.4.2-23.1 libreoffice-l10n-pl-5.0.4.2-23.1 libreoffice-l10n-pt-BR-5.0.4.2-23.1 libreoffice-l10n-pt-PT-5.0.4.2-23.1 libreoffice-l10n-ru-5.0.4.2-23.1 libreoffice-l10n-sk-5.0.4.2-23.1 libreoffice-l10n-sv-5.0.4.2-23.1 libreoffice-l10n-xh-5.0.4.2-23.1 libreoffice-l10n-zh-Hans-5.0.4.2-23.1 libreoffice-l10n-zh-Hant-5.0.4.2-23.1 libreoffice-l10n-zu-5.0.4.2-23.1 libreoffice-mailmerge-5.0.4.2-23.1 libreoffice-math-5.0.4.2-23.1 libreoffice-officebean-5.0.4.2-23.1 libreoffice-pyuno-5.0.4.2-23.1 libreoffice-sdk-5.0.4.2-23.1 libreoffice-voikko-4.1-2.26 libreoffice-writer-5.0.4.2-23.1 libreoffice-writer-extensions-5.0.4.2-23.1 libvoikko-devel-3.7.1-5.2 libvoikko1-3.7.1-5.2 myspell-af_NA-20150827-23.1 myspell-af_ZA-20150827-23.1 myspell-ar-20150827-23.1 myspell-ar_AE-20150827-23.1 myspell-ar_BH-20150827-23.1 myspell-ar_DZ-20150827-23.1 myspell-ar_EG-20150827-23.1 myspell-ar_IQ-20150827-23.1 myspell-ar_JO-20150827-23.1 myspell-ar_KW-20150827-23.1 myspell-ar_LB-20150827-23.1 myspell-ar_LY-20150827-23.1 myspell-ar_MA-20150827-23.1 myspell-ar_OM-20150827-23.1 myspell-ar_QA-20150827-23.1 myspell-ar_SA-20150827-23.1 myspell-ar_SD-20150827-23.1 myspell-ar_SY-20150827-23.1 myspell-ar_TN-20150827-23.1 myspell-ar_YE-20150827-23.1 myspell-be_BY-20150827-23.1 myspell-bg_BG-20150827-23.1 myspell-bn_BD-20150827-23.1 myspell-bn_IN-20150827-23.1 myspell-bs-20150827-23.1 myspell-bs_BA-20150827-23.1 myspell-ca-20150827-23.1 myspell-ca_AD-20150827-23.1 myspell-ca_ES-20150827-23.1 myspell-ca_ES_valencia-20150827-23.1 myspell-ca_FR-20150827-23.1 myspell-ca_IT-20150827-23.1 myspell-cs_CZ-20150827-23.1 myspell-da_DK-20150827-23.1 myspell-de-20150827-23.1 myspell-de_AT-20150827-23.1 myspell-de_CH-20150827-23.1 myspell-de_DE-20150827-23.1 myspell-dictionaries-20150827-23.1 myspell-el_GR-20150827-23.1 myspell-en-20150827-23.1 myspell-en_AU-20150827-23.1 myspell-en_BS-20150827-23.1 myspell-en_BZ-20150827-23.1 myspell-en_CA-20150827-23.1 myspell-en_GB-20150827-23.1 myspell-en_GH-20150827-23.1 myspell-en_IE-20150827-23.1 myspell-en_IN-20150827-23.1 myspell-en_JM-20150827-23.1 myspell-en_MW-20150827-23.1 myspell-en_NA-20150827-23.1 myspell-en_NZ-20150827-23.1 myspell-en_PH-20150827-23.1 myspell-en_TT-20150827-23.1 myspell-en_US-20150827-23.1 myspell-en_ZA-20150827-23.1 myspell-en_ZW-20150827-23.1 myspell-es-20150827-23.1 myspell-es_AR-20150827-23.1 myspell-es_BO-20150827-23.1 myspell-es_CL-20150827-23.1 myspell-es_CO-20150827-23.1 myspell-es_CR-20150827-23.1 myspell-es_CU-20150827-23.1 myspell-es_DO-20150827-23.1 myspell-es_EC-20150827-23.1 myspell-es_ES-20150827-23.1 myspell-es_GT-20150827-23.1 myspell-es_HN-20150827-23.1 myspell-es_MX-20150827-23.1 myspell-es_NI-20150827-23.1 myspell-es_PA-20150827-23.1 myspell-es_PE-20150827-23.1 myspell-es_PR-20150827-23.1 myspell-es_PY-20150827-23.1 myspell-es_SV-20150827-23.1 myspell-es_UY-20150827-23.1 myspell-es_VE-20150827-23.1 myspell-et_EE-20150827-23.1 myspell-fr_BE-20150827-23.1 myspell-fr_CA-20150827-23.1 myspell-fr_CH-20150827-23.1 myspell-fr_FR-20150827-23.1 myspell-fr_LU-20150827-23.1 myspell-fr_MC-20150827-23.1 myspell-gu_IN-20150827-23.1 myspell-he_IL-20150827-23.1 myspell-hi_IN-20150827-23.1 myspell-hr_HR-20150827-23.1 myspell-hu_HU-20150827-23.1 myspell-it_IT-20150827-23.1 myspell-lightproof-en-20150827-23.1 myspell-lightproof-hu_HU-20150827-23.1 myspell-lightproof-pt_BR-20150827-23.1 myspell-lightproof-ru_RU-20150827-23.1 myspell-lo_LA-20150827-23.1 myspell-lt_LT-20150827-23.1 myspell-lv_LV-20150827-23.1 myspell-nb_NO-20150827-23.1 myspell-nl_BE-20150827-23.1 myspell-nl_NL-20150827-23.1 myspell-nn_NO-20150827-23.1 myspell-no-20150827-23.1 myspell-pl_PL-20150827-23.1 myspell-pt_AO-20150827-23.1 myspell-pt_BR-20150827-23.1 myspell-pt_PT-20150827-23.1 myspell-ro-20150827-23.1 myspell-ro_RO-20150827-23.1 myspell-ru_RU-20150827-23.1 myspell-sk_SK-20150827-23.1 myspell-sl_SI-20150827-23.1 myspell-sr-20150827-23.1 myspell-sr_CS-20150827-23.1 myspell-sr_Latn_CS-20150827-23.1 myspell-sr_Latn_RS-20150827-23.1 myspell-sr_RS-20150827-23.1 myspell-sv_FI-20150827-23.1 myspell-sv_SE-20150827-23.1 myspell-te-20150827-23.1 myspell-te_IN-20150827-23.1 myspell-th_TH-20150827-23.1 myspell-vi-20150827-23.1 myspell-vi_VN-20150827-23.1 myspell-zu_ZA-20150827-23.1 mythes-devel-1.2.4-2.1 python-importlib-1.0.2-0.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): google-carlito-fonts-1.1.03.beta1-2.1 libreoffice-share-linker-1-2.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libhyphen0-2.8.8-2.1 libmythes-1_2-0-1.2.4-2.1 libreoffice-5.0.4.2-23.1 libreoffice-base-5.0.4.2-23.1 libreoffice-base-drivers-postgresql-5.0.4.2-23.1 libreoffice-calc-5.0.4.2-23.1 libreoffice-calc-extensions-5.0.4.2-23.1 libreoffice-draw-5.0.4.2-23.1 libreoffice-filters-optional-5.0.4.2-23.1 libreoffice-gnome-5.0.4.2-23.1 libreoffice-icon-theme-galaxy-5.0.4.2-23.1 libreoffice-icon-theme-tango-5.0.4.2-23.1 libreoffice-impress-5.0.4.2-23.1 libreoffice-kde4-5.0.4.2-23.1 libreoffice-l10n-af-5.0.4.2-23.1 libreoffice-l10n-ar-5.0.4.2-23.1 libreoffice-l10n-ca-5.0.4.2-23.1 libreoffice-l10n-cs-5.0.4.2-23.1 libreoffice-l10n-da-5.0.4.2-23.1 libreoffice-l10n-de-5.0.4.2-23.1 libreoffice-l10n-en-5.0.4.2-23.1 libreoffice-l10n-es-5.0.4.2-23.1 libreoffice-l10n-fi-5.0.4.2-23.1 libreoffice-l10n-fr-5.0.4.2-23.1 libreoffice-l10n-gu-5.0.4.2-23.1 libreoffice-l10n-hi-5.0.4.2-23.1 libreoffice-l10n-hu-5.0.4.2-23.1 libreoffice-l10n-it-5.0.4.2-23.1 libreoffice-l10n-ja-5.0.4.2-23.1 libreoffice-l10n-ko-5.0.4.2-23.1 libreoffice-l10n-nb-5.0.4.2-23.1 libreoffice-l10n-nl-5.0.4.2-23.1 libreoffice-l10n-nn-5.0.4.2-23.1 libreoffice-l10n-pl-5.0.4.2-23.1 libreoffice-l10n-pt-BR-5.0.4.2-23.1 libreoffice-l10n-pt-PT-5.0.4.2-23.1 libreoffice-l10n-ru-5.0.4.2-23.1 libreoffice-l10n-sk-5.0.4.2-23.1 libreoffice-l10n-sv-5.0.4.2-23.1 libreoffice-l10n-xh-5.0.4.2-23.1 libreoffice-l10n-zh-Hans-5.0.4.2-23.1 libreoffice-l10n-zh-Hant-5.0.4.2-23.1 libreoffice-l10n-zu-5.0.4.2-23.1 libreoffice-mailmerge-5.0.4.2-23.1 libreoffice-math-5.0.4.2-23.1 libreoffice-officebean-5.0.4.2-23.1 libreoffice-pyuno-5.0.4.2-23.1 libreoffice-sdk-5.0.4.2-23.1 libreoffice-voikko-4.1-2.26 libreoffice-writer-5.0.4.2-23.1 libreoffice-writer-extensions-5.0.4.2-23.1 libvoikko1-3.7.1-5.2 myspell-af_NA-20150827-23.1 myspell-af_ZA-20150827-23.1 myspell-ar-20150827-23.1 myspell-ar_AE-20150827-23.1 myspell-ar_BH-20150827-23.1 myspell-ar_DZ-20150827-23.1 myspell-ar_EG-20150827-23.1 myspell-ar_IQ-20150827-23.1 myspell-ar_JO-20150827-23.1 myspell-ar_KW-20150827-23.1 myspell-ar_LB-20150827-23.1 myspell-ar_LY-20150827-23.1 myspell-ar_MA-20150827-23.1 myspell-ar_OM-20150827-23.1 myspell-ar_QA-20150827-23.1 myspell-ar_SA-20150827-23.1 myspell-ar_SD-20150827-23.1 myspell-ar_SY-20150827-23.1 myspell-ar_TN-20150827-23.1 myspell-ar_YE-20150827-23.1 myspell-be_BY-20150827-23.1 myspell-bg_BG-20150827-23.1 myspell-bn_BD-20150827-23.1 myspell-bn_IN-20150827-23.1 myspell-bs-20150827-23.1 myspell-bs_BA-20150827-23.1 myspell-ca-20150827-23.1 myspell-ca_AD-20150827-23.1 myspell-ca_ES-20150827-23.1 myspell-ca_ES_valencia-20150827-23.1 myspell-ca_FR-20150827-23.1 myspell-ca_IT-20150827-23.1 myspell-cs_CZ-20150827-23.1 myspell-da_DK-20150827-23.1 myspell-de-20150827-23.1 myspell-de_AT-20150827-23.1 myspell-de_CH-20150827-23.1 myspell-de_DE-20150827-23.1 myspell-dictionaries-20150827-23.1 myspell-el_GR-20150827-23.1 myspell-en-20150827-23.1 myspell-en_AU-20150827-23.1 myspell-en_BS-20150827-23.1 myspell-en_BZ-20150827-23.1 myspell-en_CA-20150827-23.1 myspell-en_GB-20150827-23.1 myspell-en_GH-20150827-23.1 myspell-en_IE-20150827-23.1 myspell-en_IN-20150827-23.1 myspell-en_JM-20150827-23.1 myspell-en_MW-20150827-23.1 myspell-en_NA-20150827-23.1 myspell-en_NZ-20150827-23.1 myspell-en_PH-20150827-23.1 myspell-en_TT-20150827-23.1 myspell-en_US-20150827-23.1 myspell-en_ZA-20150827-23.1 myspell-en_ZW-20150827-23.1 myspell-es-20150827-23.1 myspell-es_AR-20150827-23.1 myspell-es_BO-20150827-23.1 myspell-es_CL-20150827-23.1 myspell-es_CO-20150827-23.1 myspell-es_CR-20150827-23.1 myspell-es_CU-20150827-23.1 myspell-es_DO-20150827-23.1 myspell-es_EC-20150827-23.1 myspell-es_ES-20150827-23.1 myspell-es_GT-20150827-23.1 myspell-es_HN-20150827-23.1 myspell-es_MX-20150827-23.1 myspell-es_NI-20150827-23.1 myspell-es_PA-20150827-23.1 myspell-es_PE-20150827-23.1 myspell-es_PR-20150827-23.1 myspell-es_PY-20150827-23.1 myspell-es_SV-20150827-23.1 myspell-es_UY-20150827-23.1 myspell-es_VE-20150827-23.1 myspell-et_EE-20150827-23.1 myspell-fr_BE-20150827-23.1 myspell-fr_CA-20150827-23.1 myspell-fr_CH-20150827-23.1 myspell-fr_FR-20150827-23.1 myspell-fr_LU-20150827-23.1 myspell-fr_MC-20150827-23.1 myspell-gu_IN-20150827-23.1 myspell-he_IL-20150827-23.1 myspell-hi_IN-20150827-23.1 myspell-hr_HR-20150827-23.1 myspell-hu_HU-20150827-23.1 myspell-it_IT-20150827-23.1 myspell-lightproof-en-20150827-23.1 myspell-lightproof-hu_HU-20150827-23.1 myspell-lightproof-pt_BR-20150827-23.1 myspell-lightproof-ru_RU-20150827-23.1 myspell-lo_LA-20150827-23.1 myspell-lt_LT-20150827-23.1 myspell-lv_LV-20150827-23.1 myspell-nb_NO-20150827-23.1 myspell-nl_BE-20150827-23.1 myspell-nl_NL-20150827-23.1 myspell-nn_NO-20150827-23.1 myspell-no-20150827-23.1 myspell-pl_PL-20150827-23.1 myspell-pt_AO-20150827-23.1 myspell-pt_BR-20150827-23.1 myspell-pt_PT-20150827-23.1 myspell-ro-20150827-23.1 myspell-ro_RO-20150827-23.1 myspell-ru_RU-20150827-23.1 myspell-sk_SK-20150827-23.1 myspell-sl_SI-20150827-23.1 myspell-sr-20150827-23.1 myspell-sr_CS-20150827-23.1 myspell-sr_Latn_CS-20150827-23.1 myspell-sr_Latn_RS-20150827-23.1 myspell-sr_RS-20150827-23.1 myspell-sv_FI-20150827-23.1 myspell-sv_SE-20150827-23.1 myspell-te-20150827-23.1 myspell-te_IN-20150827-23.1 myspell-th_TH-20150827-23.1 myspell-vi-20150827-23.1 myspell-vi_VN-20150827-23.1 myspell-zu_ZA-20150827-23.1 python-importlib-1.0.2-0.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): google-carlito-fonts-1.1.03.beta1-2.1 libreoffice-share-linker-1-2.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): hyphen-debuginfo-2.8.8-2.1 hyphen-debugsource-2.8.8-2.1 libreoffice-debuginfo-5.0.4.2-23.1 libvoikko-debuginfo-3.7.1-5.2 libvoikko-debugsource-3.7.1-5.2 mythes-debuginfo-1.2.4-2.1 mythes-debugsource-1.2.4-2.1 References: https://www.suse.com/security/cve/CVE-2014-8146.html https://www.suse.com/security/cve/CVE-2014-8147.html https://www.suse.com/security/cve/CVE-2014-9093.html https://www.suse.com/security/cve/CVE-2015-4551.html https://www.suse.com/security/cve/CVE-2015-5212.html https://www.suse.com/security/cve/CVE-2015-5213.html https://www.suse.com/security/cve/CVE-2015-5214.html https://bugzilla.suse.com/306333 https://bugzilla.suse.com/547549 https://bugzilla.suse.com/668145 https://bugzilla.suse.com/679938 https://bugzilla.suse.com/681560 https://bugzilla.suse.com/688200 https://bugzilla.suse.com/718113 https://bugzilla.suse.com/806250 https://bugzilla.suse.com/857026 https://bugzilla.suse.com/889755 https://bugzilla.suse.com/890735 https://bugzilla.suse.com/907636 https://bugzilla.suse.com/907966 https://bugzilla.suse.com/910805 https://bugzilla.suse.com/910806 https://bugzilla.suse.com/914911 https://bugzilla.suse.com/934423 https://bugzilla.suse.com/936188 https://bugzilla.suse.com/936190 https://bugzilla.suse.com/939996 https://bugzilla.suse.com/940838 https://bugzilla.suse.com/943075 https://bugzilla.suse.com/945047 https://bugzilla.suse.com/945692 https://bugzilla.suse.com/951579 https://bugzilla.suse.com/954345 From sle-security-updates at lists.suse.com Thu Feb 4 11:11:53 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:11:53 +0100 (CET) Subject: SUSE-SU-2016:0334-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss Message-ID: <20160204181153.6C2803213F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0334-1 Rating: important References: #954447 #963520 #963632 #963635 #963731 Cross-References: CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mozilla-12383=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mozilla-12383=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mozilla-12383=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mozilla-12383=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mozilla-12383=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mozilla-12383=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mozilla-12383=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-12383=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-12383=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.6.0esr-31.3 mozilla-nss-devel-3.20.2-25.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.6.0esr-31.3 mozilla-nss-devel-3.20.2-25.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP4 (s390x x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.20.2-25.2 libsoftokn3-x86-3.20.2-25.2 mozilla-nss-x86-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP3 (s390x x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): libfreebl3-x86-3.20.2-25.2 libsoftokn3-x86-3.20.2-25.2 mozilla-nss-x86-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-31.3 MozillaFirefox-debugsource-38.6.0esr-31.3 mozilla-nss-debuginfo-3.20.2-25.2 mozilla-nss-debugsource-3.20.2-25.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-31.3 MozillaFirefox-debugsource-38.6.0esr-31.3 mozilla-nss-debuginfo-3.20.2-25.2 mozilla-nss-debugsource-3.20.2-25.2 References: https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://www.suse.com/security/cve/CVE-2016-1938.html https://bugzilla.suse.com/954447 https://bugzilla.suse.com/963520 https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 https://bugzilla.suse.com/963731 From sle-security-updates at lists.suse.com Thu Feb 4 11:13:10 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:13:10 +0100 (CET) Subject: SUSE-SU-2016:0335-1: important: Security update for kernel live patch SP1 0 Message-ID: <20160204181310.0E21D3213F@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch SP1 0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0335-1 Rating: important References: #951542 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This kernel live patch for Linux Kernel 3.12.49-11.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-203=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-2-5.1 kgraft-patch-3_12_49-11-xen-2-5.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/951542 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Thu Feb 4 11:14:05 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:14:05 +0100 (CET) Subject: SUSE-SU-2016:0336-1: important: Security update for kernel live patch 9 Message-ID: <20160204181405.8B2313213F@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 9 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0336-1 Rating: important References: #958601 Cross-References: CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This kernel live patch for Linux Kernel 3.12.51-52.31.1 fixes a security issue: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-204=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_31-default-2-2.1 kgraft-patch-3_12_51-52_31-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Thu Feb 4 11:14:27 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:14:27 +0100 (CET) Subject: SUSE-SU-2016:0337-1: important: Security update for kernel live patch 8 Message-ID: <20160204181427.09C343213F@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0337-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.48-52.27.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-206=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_48-52_27-default-2-2.1 kgraft-patch-3_12_48-52_27-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Thu Feb 4 11:16:03 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:16:03 +0100 (CET) Subject: SUSE-SU-2016:0338-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss Message-ID: <20160204181603.306923213F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0338-1 Rating: important References: #954447 #963520 #963632 #963635 #963731 #964332 Cross-References: CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default - bsc#964332: Fixed leaking file descriptors inside FIPS selfcheck code Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-199=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-199=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-199=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-199=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-199=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-199=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-devel-38.6.0esr-57.3 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-devel-3.20.2-37.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-devel-38.6.0esr-57.3 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-devel-3.20.2-37.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-hmac-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-hmac-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libfreebl3-hmac-32bit-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-hmac-32bit-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-hmac-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-hmac-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libfreebl3-hmac-32bit-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-hmac-32bit-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 References: https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://www.suse.com/security/cve/CVE-2016-1938.html https://bugzilla.suse.com/954447 https://bugzilla.suse.com/963520 https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 https://bugzilla.suse.com/963731 https://bugzilla.suse.com/964332 From sle-security-updates at lists.suse.com Thu Feb 4 11:17:18 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:17:18 +0100 (CET) Subject: SUSE-SU-2016:0339-1: important: Security update for kernel live patch SP1 1 Message-ID: <20160204181718.EDD603213F@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch SP1 1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0339-1 Rating: important References: #958601 Cross-References: CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This kernel live patch for Linux Kernel 3.12.51-60.20.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-205=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-2-2.1 kgraft-patch-3_12_51-60_20-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Thu Feb 4 11:17:42 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:17:42 +0100 (CET) Subject: SUSE-SU-2016:0340-1: moderate: Security update for curl Message-ID: <20160204181743.014523213F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0340-1 Rating: moderate References: #934333 #936676 #962983 #962996 Cross-References: CVE-2016-0755 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#936676: secure_getenv or __secure_getenv may not be detected correctly at build time The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures - bsc#934333: Curl test suite was not run, is now enabled during build Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-201=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-201=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-201=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-201=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-201=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-201=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl-devel-7.37.0-18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl-devel-7.37.0-18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcurl4-32bit-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-32bit-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-32bit-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 References: https://www.suse.com/security/cve/CVE-2016-0755.html https://bugzilla.suse.com/934333 https://bugzilla.suse.com/936676 https://bugzilla.suse.com/962983 https://bugzilla.suse.com/962996 From sle-security-updates at lists.suse.com Thu Feb 4 11:18:39 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:18:39 +0100 (CET) Subject: SUSE-SU-2016:0341-1: important: Security update for Kernel live patch 10 Message-ID: <20160204181839.926393213F@maintenance.suse.de> SUSE Security Update: Security update for Kernel live patch 10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0341-1 Rating: important References: #962078 Cross-References: CVE-2016-0728 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This kernel live patch for Linux Kernel 3.12.51-52.34.1 fixes one security issue: - A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075, CVE-2016-0728). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-202=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_34-default-2-2.1 kgraft-patch-3_12_51-52_34-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-0728.html https://bugzilla.suse.com/962078 From sle-security-updates at lists.suse.com Fri Feb 5 05:11:54 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Feb 2016 13:11:54 +0100 (CET) Subject: SUSE-SU-2016:0343-1: moderate: Security update for socat Message-ID: <20160205121154.28BC83213F@maintenance.suse.de> SUSE Security Update: Security update for socat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0343-1 Rating: moderate References: #821985 #860991 #964844 Cross-References: CVE-2013-3571 CVE-2014-0019 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985) - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991) - Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-socat-12384=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-socat-12384=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-socat-12384=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): socat-1.7.0.0-1.18.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): socat-1.7.0.0-1.18.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): socat-debuginfo-1.7.0.0-1.18.2 socat-debugsource-1.7.0.0-1.18.2 References: https://www.suse.com/security/cve/CVE-2013-3571.html https://www.suse.com/security/cve/CVE-2014-0019.html https://bugzilla.suse.com/821985 https://bugzilla.suse.com/860991 https://bugzilla.suse.com/964844 From sle-security-updates at lists.suse.com Fri Feb 5 05:12:45 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Feb 2016 13:12:45 +0100 (CET) Subject: SUSE-SU-2016:0344-1: moderate: Security update for socat Message-ID: <20160205121245.DF7603213F@maintenance.suse.de> SUSE Security Update: Security update for socat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0344-1 Rating: moderate References: #938913 #964844 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for socat fixed the following issues: - bsc#964844: Fixed security advisory 8, Stack overflow in parser, http://www.openwall.com/lists/oss-security/2016/02/01/5. - bsc#938913: Improved resilience against Logjam attacks (CVE-2015-4000) by increasing the size of the default DH group from 512 to 2048 bit. This change avoids the non-prime 1024 bit DH p parameter in OpenSSL http://www.dest-unreach.org/socat/contrib/socat-secadv7.html. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-209=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-209=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-209=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-209=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/938913 https://bugzilla.suse.com/964844 From sle-security-updates at lists.suse.com Fri Feb 5 10:11:56 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Feb 2016 18:11:56 +0100 (CET) Subject: SUSE-SU-2016:0347-1: moderate: Security update for curl Message-ID: <20160205171156.1508A3213F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0347-1 Rating: moderate References: #926511 #962983 #962996 Cross-References: CVE-2016-0755 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-12385=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-curl-12385=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-curl-12385=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-12385=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-curl-12385=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-curl-12385=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-curl-12385=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-12385=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-curl-12385=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libcurl4-x86-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.46.1 curl-debugsource-7.19.7-1.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.46.1 curl-debugsource-7.19.7-1.46.1 References: https://www.suse.com/security/cve/CVE-2016-0755.html https://bugzilla.suse.com/926511 https://bugzilla.suse.com/962983 https://bugzilla.suse.com/962996 From sle-security-updates at lists.suse.com Fri Feb 5 10:13:08 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Feb 2016 18:13:08 +0100 (CET) Subject: SUSE-SU-2016:0348-1: moderate: Security update for mysql Message-ID: <20160205171308.7EA533213F@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0348-1 Rating: moderate References: #959724 #960961 #962779 Cross-References: CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12386=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mysql-12386=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mysql-12386=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12386=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mysql-12386=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mysql-12386=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mysql-12386=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12386=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-12386=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64): libmysql55client_r18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 mysql-tools-5.5.47-0.17.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libmysql55client18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 mysql-tools-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.47-0.17.1 libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.47-0.17.1 libmysql55client_r18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 mysql-tools-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libmysql55client18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libmysql55client18-32bit-5.5.47-0.17.1 libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libmysql55client18-32bit-5.5.47-0.17.1 libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.47-0.17.1 mysql-debugsource-5.5.47-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.47-0.17.1 mysql-debugsource-5.5.47-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-7744.html https://www.suse.com/security/cve/CVE-2016-0502.html https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0616.html https://bugzilla.suse.com/959724 https://bugzilla.suse.com/960961 https://bugzilla.suse.com/962779 From sle-security-updates at lists.suse.com Fri Feb 5 13:11:54 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Feb 2016 21:11:54 +0100 (CET) Subject: SUSE-SU-2016:0353-1: moderate: Security update for tiff Message-ID: <20160205201154.0B2123213F@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0353-1 Rating: moderate References: #960341 #964225 Cross-References: CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-12389=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-12389=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-tiff-12389=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-12389=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.163.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.163.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.163.1 tiff-3.8.2-141.163.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.163.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.163.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libtiff3-3.8.2-141.163.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libtiff3-32bit-3.8.2-141.163.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.163.1 tiff-debugsource-3.8.2-141.163.1 References: https://www.suse.com/security/cve/CVE-2015-7554.html https://www.suse.com/security/cve/CVE-2015-8781.html https://www.suse.com/security/cve/CVE-2015-8782.html https://www.suse.com/security/cve/CVE-2015-8783.html https://bugzilla.suse.com/960341 https://bugzilla.suse.com/964225 From sle-security-updates at lists.suse.com Fri Feb 5 13:12:31 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Feb 2016 21:12:31 +0100 (CET) Subject: SUSE-SU-2016:0354-1: important: Security update for the Linux Kernel Message-ID: <20160205201231.216693213F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0354-1 Rating: important References: #777565 #814440 #900610 #904348 #904965 #920016 #923002 #926007 #926709 #926774 #930145 #930788 #932350 #932805 #933721 #935053 #935757 #936118 #937969 #937970 #938706 #939207 #939826 #939926 #939955 #940017 #940925 #941202 #942204 #942305 #942367 #942605 #942688 #942938 #943786 #944296 #944831 #944837 #944989 #944993 #945691 #945825 #945827 #946078 #946309 #947957 #948330 #948347 #948521 #949100 #949298 #949502 #949706 #949744 #949981 #951440 #952084 #952384 #952579 #953527 #953980 #954404 #955354 Cross-References: CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384, CVE-2015-7990). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706 bnc#939207). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). The following non-security bugs were fixed: - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: Get rid if the "hotplug_supported_mask" in struct drm_i915_private (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Remove i965_hpd_irq_setup (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - ehci-pci: enable interrupt on BayTrail (bnc926007). - Fixing wording in patch comment (bsc#923002) - fix lpfc_send_rscn_event allocation size claims bnc#935757 - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957, VM Functionality). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - ipv6: fix tunnel error handling (bsc#952579). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ipvs: drop first packet to dead server (bsc#946078). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - lib/string.c: introduce memchr_inv() (bnc#930788). - macvlan: Support bonding events bsc#948521 - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM Functionality). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM Functionality). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957, VM Functionality). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957, VM Functionality). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: make page pfmemalloc check more robust (bnc#920016). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957, VM Functionality). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957, VM Functionality). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957, VM Functionality). - Modified -rt patches: 344 of 435, useless noise elided. - Moved iscsi kabi patch to patches.kabi (bsc#923002) - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - r8169: remember WOL preferences on driver load (bsc#942305). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202). - Rename kabi patch appropriately (bsc#923002) - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SCSI: kabi: allow iscsi disocvery session support (bsc#923002). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg: fix read() error reporting (bsc#926774). - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch (bsc#935053, bsc#926709). Add bug reference. - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - XHCI: use uninterruptible sleep for waiting for internal operations (bnc#939955). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP3: zypper in -t patch slertesp3-kernel-rt-20151204-12390=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-rt-20151204-12390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP3 (x86_64): kernel-rt-3.0.101.rt130-0.33.44.2 kernel-rt-base-3.0.101.rt130-0.33.44.2 kernel-rt-devel-3.0.101.rt130-0.33.44.2 kernel-rt_trace-3.0.101.rt130-0.33.44.2 kernel-rt_trace-base-3.0.101.rt130-0.33.44.2 kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2 kernel-source-rt-3.0.101.rt130-0.33.44.2 kernel-syms-rt-3.0.101.rt130-0.33.44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-0.33.44.2 kernel-rt-debugsource-3.0.101.rt130-0.33.44.2 kernel-rt_trace-debuginfo-3.0.101.rt130-0.33.44.2 kernel-rt_trace-debugsource-3.0.101.rt130-0.33.44.2 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-5157.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/777565 https://bugzilla.suse.com/814440 https://bugzilla.suse.com/900610 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/904965 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/923002 https://bugzilla.suse.com/926007 https://bugzilla.suse.com/926709 https://bugzilla.suse.com/926774 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/932350 https://bugzilla.suse.com/932805 https://bugzilla.suse.com/933721 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/936118 https://bugzilla.suse.com/937969 https://bugzilla.suse.com/937970 https://bugzilla.suse.com/938706 https://bugzilla.suse.com/939207 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/939955 https://bugzilla.suse.com/940017 https://bugzilla.suse.com/940925 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/942204 https://bugzilla.suse.com/942305 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/942605 https://bugzilla.suse.com/942688 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/943786 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/944831 https://bugzilla.suse.com/944837 https://bugzilla.suse.com/944989 https://bugzilla.suse.com/944993 https://bugzilla.suse.com/945691 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/945827 https://bugzilla.suse.com/946078 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/947957 https://bugzilla.suse.com/948330 https://bugzilla.suse.com/948347 https://bugzilla.suse.com/948521 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949298 https://bugzilla.suse.com/949502 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949981 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952084 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/955354 From sle-security-updates at lists.suse.com Mon Feb 8 10:11:24 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:11:24 +0100 (CET) Subject: SUSE-SU-2016:0380-1: important: Security update for kernel live patch 3 Message-ID: <20160208171124.2185832139@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0380-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.38-44.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-221=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_38-44-default-4-2.1 kgraft-patch-3_12_38-44-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Mon Feb 8 10:13:12 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:13:12 +0100 (CET) Subject: SUSE-SU-2016:0381-1: important: Security update for kernel live patch 4 Message-ID: <20160208171312.EFC4F32139@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0381-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.39-47.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-220=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_39-47-default-4-2.1 kgraft-patch-3_12_39-47-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Mon Feb 8 10:17:00 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:17:00 +0100 (CET) Subject: SUSE-SU-2016:0383-1: important: Security update for kernel live patch 5 Message-ID: <20160208171700.B4A0832139@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0383-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.43-52.6.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-219=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_43-52_6-default-4-2.1 kgraft-patch-3_12_43-52_6-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Mon Feb 8 10:18:45 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:18:45 +0100 (CET) Subject: SUSE-SU-2016:0384-1: important: Security update for kernel live patch 2 Message-ID: <20160208171845.3AC2632139@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0384-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.36-38.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-224=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_36-38-default-5-2.1 kgraft-patch-3_12_36-38-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Mon Feb 8 10:20:48 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:20:48 +0100 (CET) Subject: SUSE-SU-2016:0386-1: important: Security update for kernel live patch 6 Message-ID: <20160208172048.34CE632139@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0386-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.44-52.10.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-222=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_10-default-3-2.1 kgraft-patch-3_12_44-52_10-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Mon Feb 8 10:22:30 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:22:30 +0100 (CET) Subject: SUSE-SU-2016:0387-1: important: Security update for kernel live patch 7 Message-ID: <20160208172230.62D9832139@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0387-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.44-52.18.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-223=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_18-default-3-2.1 kgraft-patch-3_12_44-52_18-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Tue Feb 9 06:11:28 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2016 14:11:28 +0100 (CET) Subject: SUSE-SU-2016:0389-1: moderate: Security update for postgresql91 Message-ID: <20160209131128.D6A973213F@maintenance.suse.de> SUSE Security Update: Security update for postgresql91 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0389-1 Rating: moderate References: #949669 Cross-References: CVE-2015-5288 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of postgresql91 to 9.1.19 fixes the following issues: * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-postgresql91-20160120-12391=1 - SUSE Manager 2.1: zypper in -t patch sleman21-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-postgresql91-20160120-12391=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): postgresql91-devel-9.1.19-0.5.1 - SUSE Manager 2.1 (s390x x86_64): postgresql91-pltcl-9.1.19-0.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql91-devel-9.1.19-0.5.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): postgresql91-9.1.19-0.5.1 postgresql91-contrib-9.1.19-0.5.1 postgresql91-docs-9.1.19-0.5.1 postgresql91-server-9.1.19-0.5.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql91-9.1.19-0.5.1 postgresql91-contrib-9.1.19-0.5.1 postgresql91-docs-9.1.19-0.5.1 postgresql91-server-9.1.19-0.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): postgresql91-9.1.19-0.5.1 postgresql91-docs-9.1.19-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql91-debuginfo-9.1.19-0.5.1 postgresql91-debugsource-9.1.19-0.5.1 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://bugzilla.suse.com/949669 From sle-security-updates at lists.suse.com Tue Feb 9 06:11:57 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2016 14:11:57 +0100 (CET) Subject: SUSE-SU-2016:0390-1: important: Security update for java-1_8_0-ibm Message-ID: <20160209131157.306DB3213E@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0390-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0475: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-227=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-227=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr2.10-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr2.10-7.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr2.10-7.1 java-1_8_0-ibm-plugin-1.8.0_sr2.10-7.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0475.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-security-updates at lists.suse.com Tue Feb 9 06:12:33 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2016 14:12:33 +0100 (CET) Subject: SUSE-SU-2016:0391-1: important: Security update for rubygem-rails-html-sanitizer Message-ID: <20160209131233.6D6563213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rails-html-sanitizer ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0391-1 Rating: important References: #963326 #963327 #963328 Cross-References: CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer (bsc#963327) - CVE-2015-7578: XSS vulnerability via attributes (bsc#963326) - CVE-2015-7580: XSS via whitelist sanitizer (bsc#963328) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-228=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.2-7.1 References: https://www.suse.com/security/cve/CVE-2015-7578.html https://www.suse.com/security/cve/CVE-2015-7579.html https://www.suse.com/security/cve/CVE-2015-7580.html https://bugzilla.suse.com/963326 https://bugzilla.suse.com/963327 https://bugzilla.suse.com/963328 From sle-security-updates at lists.suse.com Wed Feb 10 05:11:30 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:11:30 +0100 (CET) Subject: SUSE-SU-2016:0398-1: important: Security update for flash-player Message-ID: <20160210121130.EA7713213F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0398-1 Rating: important References: #965901 Cross-References: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.569 (bsc#965901): * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-235=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-235=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-235=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-235=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 References: https://www.suse.com/security/cve/CVE-2016-0964.html https://www.suse.com/security/cve/CVE-2016-0965.html https://www.suse.com/security/cve/CVE-2016-0966.html https://www.suse.com/security/cve/CVE-2016-0967.html https://www.suse.com/security/cve/CVE-2016-0968.html https://www.suse.com/security/cve/CVE-2016-0969.html https://www.suse.com/security/cve/CVE-2016-0970.html https://www.suse.com/security/cve/CVE-2016-0971.html https://www.suse.com/security/cve/CVE-2016-0972.html https://www.suse.com/security/cve/CVE-2016-0973.html https://www.suse.com/security/cve/CVE-2016-0974.html https://www.suse.com/security/cve/CVE-2016-0975.html https://www.suse.com/security/cve/CVE-2016-0976.html https://www.suse.com/security/cve/CVE-2016-0977.html https://www.suse.com/security/cve/CVE-2016-0978.html https://www.suse.com/security/cve/CVE-2016-0979.html https://www.suse.com/security/cve/CVE-2016-0980.html https://www.suse.com/security/cve/CVE-2016-0981.html https://www.suse.com/security/cve/CVE-2016-0982.html https://www.suse.com/security/cve/CVE-2016-0983.html https://www.suse.com/security/cve/CVE-2016-0984.html https://www.suse.com/security/cve/CVE-2016-0985.html https://bugzilla.suse.com/965901 From sle-security-updates at lists.suse.com Wed Feb 10 05:11:56 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:11:56 +0100 (CET) Subject: SUSE-SU-2016:0399-1: important: Security update for java-1_7_1-ibm Message-ID: <20160210121156.456F53213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0399-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12394=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12394=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.30-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.30-9.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.30-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.30-9.1 java-1_7_1-ibm-plugin-1.7.1_sr3.30-9.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-security-updates at lists.suse.com Wed Feb 10 05:12:33 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:12:33 +0100 (CET) Subject: SUSE-SU-2016:0400-1: important: Security update for flash-player Message-ID: <20160210121233.75B173213F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0400-1 Rating: important References: #965901 Cross-References: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.569 (bsc#965901): * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12393=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.569-0.35.1 flash-player-gnome-11.2.202.569-0.35.1 flash-player-kde4-11.2.202.569-0.35.1 References: https://www.suse.com/security/cve/CVE-2016-0964.html https://www.suse.com/security/cve/CVE-2016-0965.html https://www.suse.com/security/cve/CVE-2016-0966.html https://www.suse.com/security/cve/CVE-2016-0967.html https://www.suse.com/security/cve/CVE-2016-0968.html https://www.suse.com/security/cve/CVE-2016-0969.html https://www.suse.com/security/cve/CVE-2016-0970.html https://www.suse.com/security/cve/CVE-2016-0971.html https://www.suse.com/security/cve/CVE-2016-0972.html https://www.suse.com/security/cve/CVE-2016-0973.html https://www.suse.com/security/cve/CVE-2016-0974.html https://www.suse.com/security/cve/CVE-2016-0975.html https://www.suse.com/security/cve/CVE-2016-0976.html https://www.suse.com/security/cve/CVE-2016-0977.html https://www.suse.com/security/cve/CVE-2016-0978.html https://www.suse.com/security/cve/CVE-2016-0979.html https://www.suse.com/security/cve/CVE-2016-0980.html https://www.suse.com/security/cve/CVE-2016-0981.html https://www.suse.com/security/cve/CVE-2016-0982.html https://www.suse.com/security/cve/CVE-2016-0983.html https://www.suse.com/security/cve/CVE-2016-0984.html https://www.suse.com/security/cve/CVE-2016-0985.html https://bugzilla.suse.com/965901 From sle-security-updates at lists.suse.com Wed Feb 10 05:12:56 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:12:56 +0100 (CET) Subject: SUSE-SU-2016:0401-1: important: Security update for java-1_7_1-ibm Message-ID: <20160210121256.18E903213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0401-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-237=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-237=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-237=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.30-21.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.30-21.1 java-1_7_1-ibm-plugin-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.30-21.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.30-21.1 java-1_7_1-ibm-plugin-1.7.1_sr3.30-21.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-security-updates at lists.suse.com Thu Feb 11 07:11:37 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:11:37 +0100 (CET) Subject: SUSE-SU-2016:0428-1: important: Security update for java-1_6_0-ibm Message-ID: <20160211141137.6101D3213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0428-1 Rating: important References: #960286 #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.20-30.1 java-1_6_0-ibm-fonts-1.6.0_sr16.20-30.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.20-30.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.20-30.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960286 https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-security-updates at lists.suse.com Thu Feb 11 07:12:33 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:12:33 +0100 (CET) Subject: SUSE-SU-2016:0429-1: moderate: Security update for krb5 Message-ID: <20160211141233.5557532139@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0429-1 Rating: moderate References: #963964 #963968 #963975 Cross-References: CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-243=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-243=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-243=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-243=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-243=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-243=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-devel-1.12.1-25.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-devel-1.12.1-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): krb5-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-doc-1.12.1-25.1 krb5-plugin-kdb-ldap-1.12.1-25.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-25.1 krb5-plugin-preauth-otp-1.12.1-25.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-25.1 krb5-plugin-preauth-pkinit-1.12.1-25.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-25.1 krb5-server-1.12.1-25.1 krb5-server-debuginfo-1.12.1-25.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): krb5-32bit-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): krb5-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-doc-1.12.1-25.1 krb5-plugin-kdb-ldap-1.12.1-25.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-25.1 krb5-plugin-preauth-otp-1.12.1-25.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-25.1 krb5-plugin-preauth-pkinit-1.12.1-25.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-25.1 krb5-server-1.12.1-25.1 krb5-server-debuginfo-1.12.1-25.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): krb5-32bit-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): krb5-1.12.1-25.1 krb5-32bit-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): krb5-1.12.1-25.1 krb5-32bit-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 References: https://www.suse.com/security/cve/CVE-2015-8629.html https://www.suse.com/security/cve/CVE-2015-8630.html https://www.suse.com/security/cve/CVE-2015-8631.html https://bugzilla.suse.com/963964 https://bugzilla.suse.com/963968 https://bugzilla.suse.com/963975 From sle-security-updates at lists.suse.com Thu Feb 11 07:13:20 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:13:20 +0100 (CET) Subject: SUSE-SU-2016:0430-1: moderate: Security update for krb5 Message-ID: <20160211141320.4798F3213F@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0430-1 Rating: moderate References: #963968 #963975 Cross-References: CVE-2015-8629 CVE-2015-8631 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-12397=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-12397=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-krb5-12397=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-12397=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.106.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.106.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.106.1 krb5-apps-clients-1.6.3-133.49.106.1 krb5-apps-servers-1.6.3-133.49.106.1 krb5-client-1.6.3-133.49.106.1 krb5-server-1.6.3-133.49.106.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.106.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): krb5-1.6.3-133.49.106.1 krb5-client-1.6.3-133.49.106.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): krb5-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.106.1 krb5-debugsource-1.6.3-133.49.106.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.106.1 References: https://www.suse.com/security/cve/CVE-2015-8629.html https://www.suse.com/security/cve/CVE-2015-8631.html https://bugzilla.suse.com/963968 https://bugzilla.suse.com/963975 From sle-security-updates at lists.suse.com Thu Feb 11 07:13:54 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:13:54 +0100 (CET) Subject: SUSE-SU-2016:0431-1: important: Security update for java-1_6_0-ibm Message-ID: <20160211141354.B4E8A3213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0431-1 Rating: important References: #960286 #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12399=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.20-49.1 java-1_6_0-ibm-devel-1.6.0_sr16.20-49.1 java-1_6_0-ibm-fonts-1.6.0_sr16.20-49.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.20-49.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.20-49.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.20-49.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960286 https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-security-updates at lists.suse.com Thu Feb 11 07:14:36 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:14:36 +0100 (CET) Subject: SUSE-SU-2016:0432-1: moderate: Security update for rubygem-activemodel-4_2 Message-ID: <20160211141436.84B483213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activemodel-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0432-1 Rating: moderate References: #963334 Cross-References: CVE-2016-0753 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activemodel-4_2 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 References: https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963334 From sle-security-updates at lists.suse.com Thu Feb 11 07:15:03 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:15:03 +0100 (CET) Subject: SUSE-SU-2016:0433-1: important: Security update for java-1_7_0-ibm Message-ID: <20160211141503.747BD3213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0433-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12398=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.30-45.1 java-1_7_0-ibm-devel-1.7.0_sr9.30-45.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.30-45.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.30-45.1 java-1_7_0-ibm-plugin-1.7.0_sr9.30-45.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-security-updates at lists.suse.com Thu Feb 11 13:11:06 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 21:11:06 +0100 (CET) Subject: SUSE-SU-2016:0434-1: important: Security update for kernel live patch 1 Message-ID: <20160211201106.AE7A03213F@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0434-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.32-33.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-249=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-33-default-5-2.1 kgraft-patch-3_12_32-33-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-security-updates at lists.suse.com Thu Feb 11 13:12:48 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2016 21:12:48 +0100 (CET) Subject: SUSE-SU-2016:0435-1: moderate: Security update for rubygem-activesupport-4_2 Message-ID: <20160211201248.3BA7C3213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0435-1 Rating: moderate References: #963329 #963334 Cross-References: CVE-2015-7576 CVE-2016-0753 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activesupport-4_2 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) - CVE-2016-0753: Input Validation Circumvention (bsc#963334) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-250=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 References: https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963329 https://bugzilla.suse.com/963334 From sle-security-updates at lists.suse.com Mon Feb 15 10:11:23 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:11:23 +0100 (CET) Subject: SUSE-SU-2016:0455-1: moderate: Security update for libnettle Message-ID: <20160215171123.E95F43213F@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0455-1 Rating: moderate References: #964845 #964847 #964849 Cross-References: CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libnettle fixes the following security issues: - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-259=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-259=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-259=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-259=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-259=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-259=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libnettle-debugsource-2.7.1-9.1 libnettle-devel-2.7.1-9.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libnettle-debugsource-2.7.1-9.1 libnettle-devel-2.7.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libhogweed2-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libhogweed2-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libhogweed2-2.7.1-9.1 libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libhogweed2-2.7.1-9.1 libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 References: https://www.suse.com/security/cve/CVE-2015-8803.html https://www.suse.com/security/cve/CVE-2015-8804.html https://www.suse.com/security/cve/CVE-2015-8805.html https://bugzilla.suse.com/964845 https://bugzilla.suse.com/964847 https://bugzilla.suse.com/964849 From sle-security-updates at lists.suse.com Mon Feb 15 10:12:08 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:12:08 +0100 (CET) Subject: SUSE-SU-2016:0456-1: moderate: Security update for rubygem-actionview-4_2 Message-ID: <20160215171208.A5AEA3213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0456-1 Rating: moderate References: #963332 Cross-References: CVE-2016-0752 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-260=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 References: https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/963332 From sle-security-updates at lists.suse.com Mon Feb 15 10:12:29 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:12:29 +0100 (CET) Subject: SUSE-SU-2016:0457-1: moderate: Security update for rubygem-actionpack-4_2 Message-ID: <20160215171229.528253213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0457-1 Rating: moderate References: #963329 #963331 #963332 #963335 Cross-References: CVE-2015-7576 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2016-0751: Object Leak DoS (bsc#963331) - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (bsc#963335) - CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-262=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 References: https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2015-7581.html https://www.suse.com/security/cve/CVE-2016-0751.html https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/963329 https://bugzilla.suse.com/963331 https://bugzilla.suse.com/963332 https://bugzilla.suse.com/963335 From sle-security-updates at lists.suse.com Mon Feb 15 10:13:20 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:13:20 +0100 (CET) Subject: SUSE-SU-2016:0458-1: moderate: Security update for rubygem-activerecord-4_2 Message-ID: <20160215171320.251FE3213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0458-1 Rating: moderate References: #963330 #963334 Cross-References: CVE-2015-7577 CVE-2016-0753 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activerecord-4_2 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) - CVE-2015-7577: Nested attributes rejection proc bypass (bsc#963330) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 References: https://www.suse.com/security/cve/CVE-2015-7577.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963330 https://bugzilla.suse.com/963334 From sle-security-updates at lists.suse.com Mon Feb 15 11:11:19 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2016 19:11:19 +0100 (CET) Subject: SUSE-SU-2016:0459-1: important: Security update for qemu Message-ID: <20160215181119.B5D8A3213D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0459-1 Rating: important References: #954864 #956829 #957162 Cross-References: CVE-2015-7512 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. (bsc#957162 CVE-2015-7512) - Infinite loop in processing command block list. CVE-2015-8345 (bsc#956829): This update also fixes a non-security bug: - Due to space restrictions in limited bios data areas, don't create mptable if vcpu count is "high" (ie more than ~19). (bsc#954864) (No supported guests are negatively impacted by this change, which is taken from upstream seabios) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-263=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-263=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-7.7 qemu-block-curl-2.3.1-7.7 qemu-block-curl-debuginfo-2.3.1-7.7 qemu-debugsource-2.3.1-7.7 qemu-guest-agent-2.3.1-7.7 qemu-guest-agent-debuginfo-2.3.1-7.7 qemu-lang-2.3.1-7.7 qemu-tools-2.3.1-7.7 qemu-tools-debuginfo-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-7.7 qemu-ppc-debuginfo-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-7.7 qemu-block-rbd-debuginfo-2.3.1-7.7 qemu-x86-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-7.7 qemu-seabios-1.8.1-7.7 qemu-sgabios-8-7.7 qemu-vgabios-1.8.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-7.7 qemu-s390-debuginfo-2.3.1-7.7 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-7.7 qemu-block-curl-2.3.1-7.7 qemu-block-curl-debuginfo-2.3.1-7.7 qemu-debugsource-2.3.1-7.7 qemu-kvm-2.3.1-7.7 qemu-tools-2.3.1-7.7 qemu-tools-debuginfo-2.3.1-7.7 qemu-x86-2.3.1-7.7 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-7.7 qemu-seabios-1.8.1-7.7 qemu-sgabios-8-7.7 qemu-vgabios-1.8.1-7.7 References: https://www.suse.com/security/cve/CVE-2015-7512.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/954864 https://bugzilla.suse.com/956829 https://bugzilla.suse.com/957162 From sle-security-updates at lists.suse.com Tue Feb 16 12:15:41 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:15:41 +0100 (CET) Subject: SUSE-SU-2016:0470-1: important: Security update for glibc Message-ID: <20160216191541.3CAE432148@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0470-1 Rating: important References: #830257 #847227 #863499 #892065 #918187 #920338 #927080 #945779 #950944 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2013-2207 CVE-2013-4458 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has four fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) - CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257) - CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227) - CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) - bsc#920338: Read past end of pattern in fnmatch - CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) The following non-security bugs were fixed: - bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1 - bnc#863499: Memory leak in getaddrinfo when many RRs are returned - bsc#892065: Avoid unbound alloca in setenv - bsc#945779: Properly reread entry after failure in nss_files getent function Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-glibc-12405=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-glibc-12405=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.45.66.1 glibc-devel-2.11.3-17.45.66.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.45.66.1 glibc-i18ndata-2.11.3-17.45.66.1 glibc-info-2.11.3-17.45.66.1 glibc-locale-2.11.3-17.45.66.1 glibc-profile-2.11.3-17.45.66.1 nscd-2.11.3-17.45.66.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.45.66.1 glibc-devel-32bit-2.11.3-17.45.66.1 glibc-locale-32bit-2.11.3-17.45.66.1 glibc-profile-32bit-2.11.3-17.45.66.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.45.66.1 glibc-debugsource-2.11.3-17.45.66.1 References: https://www.suse.com/security/cve/CVE-2013-2207.html https://www.suse.com/security/cve/CVE-2013-4458.html https://www.suse.com/security/cve/CVE-2014-8121.html https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-1781.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/830257 https://bugzilla.suse.com/847227 https://bugzilla.suse.com/863499 https://bugzilla.suse.com/892065 https://bugzilla.suse.com/918187 https://bugzilla.suse.com/920338 https://bugzilla.suse.com/927080 https://bugzilla.suse.com/945779 https://bugzilla.suse.com/950944 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-security-updates at lists.suse.com Tue Feb 16 12:22:55 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:22:55 +0100 (CET) Subject: SUSE-SU-2016:0471-1: important: Security update for glibc Message-ID: <20160216192255.F015D32148@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0471-1 Rating: important References: #950944 #955647 #956716 #958315 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-271=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-271=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): glibc-debuginfo-2.19-35.1 glibc-debugsource-2.19-35.1 glibc-devel-static-2.19-35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): glibc-info-2.19-35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): glibc-2.19-35.1 glibc-debuginfo-2.19-35.1 glibc-debugsource-2.19-35.1 glibc-devel-2.19-35.1 glibc-devel-debuginfo-2.19-35.1 glibc-locale-2.19-35.1 glibc-locale-debuginfo-2.19-35.1 glibc-profile-2.19-35.1 nscd-2.19-35.1 nscd-debuginfo-2.19-35.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): glibc-32bit-2.19-35.1 glibc-debuginfo-32bit-2.19-35.1 glibc-devel-32bit-2.19-35.1 glibc-devel-debuginfo-32bit-2.19-35.1 glibc-locale-32bit-2.19-35.1 glibc-locale-debuginfo-32bit-2.19-35.1 glibc-profile-32bit-2.19-35.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): glibc-html-2.19-35.1 glibc-i18ndata-2.19-35.1 glibc-info-2.19-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): glibc-2.19-35.1 glibc-32bit-2.19-35.1 glibc-debuginfo-2.19-35.1 glibc-debuginfo-32bit-2.19-35.1 glibc-debugsource-2.19-35.1 glibc-devel-2.19-35.1 glibc-devel-32bit-2.19-35.1 glibc-devel-debuginfo-2.19-35.1 glibc-devel-debuginfo-32bit-2.19-35.1 glibc-locale-2.19-35.1 glibc-locale-32bit-2.19-35.1 glibc-locale-debuginfo-2.19-35.1 glibc-locale-debuginfo-32bit-2.19-35.1 nscd-2.19-35.1 nscd-debuginfo-2.19-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): glibc-i18ndata-2.19-35.1 References: https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/950944 https://bugzilla.suse.com/955647 https://bugzilla.suse.com/956716 https://bugzilla.suse.com/958315 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-security-updates at lists.suse.com Tue Feb 16 12:28:44 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:28:44 +0100 (CET) Subject: SUSE-SU-2016:0472-1: important: Security update for glibc Message-ID: <20160216192844.36A2232148@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0472-1 Rating: important References: #930721 #942317 #950944 #956988 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-12406=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-glibc-12406=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-glibc-12406=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-12406=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-glibc-12406=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-glibc-12406=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-glibc-12406=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-12406=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-12406=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): glibc-html-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 glibc-html-2.11.3-17.95.2 glibc-i18ndata-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 glibc-profile-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 glibc-profile-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.95.2 glibc-i18ndata-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 glibc-profile-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 glibc-profile-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.95.2 glibc-profile-x86-2.11.3-17.95.2 glibc-x86-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.95.2 glibc-i18ndata-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 glibc-profile-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 glibc-profile-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): glibc-locale-x86-2.11.3-17.95.2 glibc-profile-x86-2.11.3-17.95.2 glibc-x86-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 i686 x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): glibc-i18ndata-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 i686 x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.95.2 glibc-debugsource-2.11.3-17.95.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.95.2 glibc-debugsource-2.11.3-17.95.2 References: https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/930721 https://bugzilla.suse.com/942317 https://bugzilla.suse.com/950944 https://bugzilla.suse.com/956988 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-security-updates at lists.suse.com Tue Feb 16 12:30:42 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:30:42 +0100 (CET) Subject: SUSE-SU-2016:0473-1: important: Security update for glibc Message-ID: <20160216193042.7CAD832148@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0473-1 Rating: important References: #950944 #955647 #956716 #958315 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-272=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-272=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-272=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): glibc-debuginfo-2.19-22.13.1 glibc-debugsource-2.19-22.13.1 glibc-devel-static-2.19-22.13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): glibc-2.19-22.13.1 glibc-debuginfo-2.19-22.13.1 glibc-debugsource-2.19-22.13.1 glibc-devel-2.19-22.13.1 glibc-devel-debuginfo-2.19-22.13.1 glibc-locale-2.19-22.13.1 glibc-locale-debuginfo-2.19-22.13.1 glibc-profile-2.19-22.13.1 nscd-2.19-22.13.1 nscd-debuginfo-2.19-22.13.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): glibc-32bit-2.19-22.13.1 glibc-debuginfo-32bit-2.19-22.13.1 glibc-devel-32bit-2.19-22.13.1 glibc-devel-debuginfo-32bit-2.19-22.13.1 glibc-locale-32bit-2.19-22.13.1 glibc-locale-debuginfo-32bit-2.19-22.13.1 glibc-profile-32bit-2.19-22.13.1 - SUSE Linux Enterprise Server 12 (noarch): glibc-html-2.19-22.13.1 glibc-i18ndata-2.19-22.13.1 glibc-info-2.19-22.13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): glibc-2.19-22.13.1 glibc-32bit-2.19-22.13.1 glibc-debuginfo-2.19-22.13.1 glibc-debuginfo-32bit-2.19-22.13.1 glibc-debugsource-2.19-22.13.1 glibc-devel-2.19-22.13.1 glibc-devel-32bit-2.19-22.13.1 glibc-devel-debuginfo-2.19-22.13.1 glibc-devel-debuginfo-32bit-2.19-22.13.1 glibc-locale-2.19-22.13.1 glibc-locale-32bit-2.19-22.13.1 glibc-locale-debuginfo-2.19-22.13.1 glibc-locale-debuginfo-32bit-2.19-22.13.1 nscd-2.19-22.13.1 nscd-debuginfo-2.19-22.13.1 - SUSE Linux Enterprise Desktop 12 (noarch): glibc-i18ndata-2.19-22.13.1 References: https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/950944 https://bugzilla.suse.com/955647 https://bugzilla.suse.com/956716 https://bugzilla.suse.com/958315 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-security-updates at lists.suse.com Tue Feb 16 14:11:43 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2016 22:11:43 +0100 (CET) Subject: SUSE-SU-2016:0481-1: moderate: Security update for dhcp Message-ID: <20160216211143.9795F32147@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0481-1 Rating: moderate References: #880984 #919959 #926159 #928390 #936923 #947780 #961305 Cross-References: CVE-2015-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with "Unable to set up timer: out of range" on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dhcp-12410=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-dhcp-12410=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-dhcp-12410=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dhcp-12410=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-dhcp-12410=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-dhcp-12410=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-dhcp-12410=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dhcp-12410=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dhcp-12410=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 dhcp-relay-4.2.4.P2-0.24.1 dhcp-server-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 dhcp-relay-4.2.4.P2-0.24.1 dhcp-server-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 dhcp-relay-4.2.4.P2-0.24.1 dhcp-server-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.24.1 dhcp-debugsource-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.24.1 dhcp-debugsource-4.2.4.P2-0.24.1 References: https://www.suse.com/security/cve/CVE-2015-8605.html https://bugzilla.suse.com/880984 https://bugzilla.suse.com/919959 https://bugzilla.suse.com/926159 https://bugzilla.suse.com/928390 https://bugzilla.suse.com/936923 https://bugzilla.suse.com/947780 https://bugzilla.suse.com/961305 From sle-security-updates at lists.suse.com Tue Feb 16 14:13:46 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2016 22:13:46 +0100 (CET) Subject: SUSE-SU-2016:0482-1: moderate: Security update for postgresql94 Message-ID: <20160216211346.69EEF32147@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0482-1 Rating: moderate References: #949669 #949670 Cross-References: CVE-2015-5288 CVE-2015-5289 Affected Products: SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-postgreqsql94-20160120-12409=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): postgresql94-pltcl-9.4.5-0.8.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.5-0.8.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.5-0.8.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-contrib-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 postgresql94-server-9.4.5-0.8.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-contrib-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 postgresql94-server-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-contrib-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 postgresql94-server-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.5-0.8.3 postgresql94-debugsource-9.4.5-0.8.3 postgresql94-libs-debuginfo-9.4.5-0.8.3 postgresql94-libs-debugsource-9.4.5-0.8.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.5-0.8.3 postgresql94-debugsource-9.4.5-0.8.3 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://www.suse.com/security/cve/CVE-2015-5289.html https://bugzilla.suse.com/949669 https://bugzilla.suse.com/949670 From sle-security-updates at lists.suse.com Mon Feb 22 06:11:15 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2016 14:11:15 +0100 (CET) Subject: SUSE-SU-2016:0539-1: important: Security update for postgresql93 Message-ID: <20160222131115.DB1FF32149@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0539-1 Rating: important References: #966435 #966436 Cross-References: CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-292=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-292=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql93-devel-9.3.11-14.1 postgresql93-devel-debuginfo-9.3.11-14.1 postgresql93-libs-debugsource-9.3.11-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): postgresql93-9.3.11-14.2 postgresql93-contrib-9.3.11-14.2 postgresql93-contrib-debuginfo-9.3.11-14.2 postgresql93-debuginfo-9.3.11-14.2 postgresql93-debugsource-9.3.11-14.2 postgresql93-server-9.3.11-14.2 postgresql93-server-debuginfo-9.3.11-14.2 - SUSE Linux Enterprise Server 12 (noarch): postgresql93-docs-9.3.11-14.2 - SUSE Linux Enterprise Desktop 12 (x86_64): postgresql93-9.3.11-14.2 postgresql93-debuginfo-9.3.11-14.2 postgresql93-debugsource-9.3.11-14.2 References: https://www.suse.com/security/cve/CVE-2007-4772.html https://www.suse.com/security/cve/CVE-2016-0766.html https://www.suse.com/security/cve/CVE-2016-0773.html https://bugzilla.suse.com/966435 https://bugzilla.suse.com/966436 From sle-security-updates at lists.suse.com Mon Feb 22 10:11:17 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2016 18:11:17 +0100 (CET) Subject: SUSE-SU-2016:0540-1: moderate: Security update for dhcp Message-ID: <20160222171117.762D532149@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0540-1 Rating: moderate References: #880984 #891961 #910686 #912098 #919959 #926159 #928390 #936923 #947780 #956159 #960506 #961305 Cross-References: CVE-2015-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#956159: fixed service files to start dhcpd after slapd - bsc#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface - bsc#947780: DHCP server could abort with "Unable to set up timer: out of range" on very long or infinite timer intervals / lease lifetimes - bsc#912098: dhclient could pretend to run while silently declining leases - bsc#919959: server: Do not log success report before send reported success - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#910686: Prevent a dependency conflict of dhcp-devel with bind-devel package The following tracked changes affect the build of the package only: - bsc#891961: Disabled /sbin/service legacy-action hooks Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-293=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-293=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dhcp-debuginfo-4.2.6-14.3.1 dhcp-debugsource-4.2.6-14.3.1 dhcp-devel-4.2.6-14.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dhcp-4.2.6-14.3.1 dhcp-client-4.2.6-14.3.1 dhcp-client-debuginfo-4.2.6-14.3.1 dhcp-debuginfo-4.2.6-14.3.1 dhcp-debugsource-4.2.6-14.3.1 dhcp-relay-4.2.6-14.3.1 dhcp-relay-debuginfo-4.2.6-14.3.1 dhcp-server-4.2.6-14.3.1 dhcp-server-debuginfo-4.2.6-14.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dhcp-4.2.6-14.3.1 dhcp-client-4.2.6-14.3.1 dhcp-client-debuginfo-4.2.6-14.3.1 dhcp-debuginfo-4.2.6-14.3.1 dhcp-debugsource-4.2.6-14.3.1 References: https://www.suse.com/security/cve/CVE-2015-8605.html https://bugzilla.suse.com/880984 https://bugzilla.suse.com/891961 https://bugzilla.suse.com/910686 https://bugzilla.suse.com/912098 https://bugzilla.suse.com/919959 https://bugzilla.suse.com/926159 https://bugzilla.suse.com/928390 https://bugzilla.suse.com/936923 https://bugzilla.suse.com/947780 https://bugzilla.suse.com/956159 https://bugzilla.suse.com/960506 https://bugzilla.suse.com/961305 From sle-security-updates at lists.suse.com Mon Feb 22 10:14:36 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2016 18:14:36 +0100 (CET) Subject: SUSE-SU-2016:0541-1: moderate: Security update for dhcp Message-ID: <20160222171436.1C2AC32149@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0541-1 Rating: moderate References: #880984 #936923 #956159 #960506 #961305 Cross-References: CVE-2015-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#956159: fixed service files to start dhcpd after slapd - bsc#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-294=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-294=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-4.1 dhcp-debugsource-4.3.3-4.1 dhcp-devel-4.3.3-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dhcp-4.3.3-4.1 dhcp-client-4.3.3-4.1 dhcp-client-debuginfo-4.3.3-4.1 dhcp-debuginfo-4.3.3-4.1 dhcp-debugsource-4.3.3-4.1 dhcp-relay-4.3.3-4.1 dhcp-relay-debuginfo-4.3.3-4.1 dhcp-server-4.3.3-4.1 dhcp-server-debuginfo-4.3.3-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dhcp-4.3.3-4.1 dhcp-client-4.3.3-4.1 dhcp-client-debuginfo-4.3.3-4.1 dhcp-debuginfo-4.3.3-4.1 dhcp-debugsource-4.3.3-4.1 References: https://www.suse.com/security/cve/CVE-2015-8605.html https://bugzilla.suse.com/880984 https://bugzilla.suse.com/936923 https://bugzilla.suse.com/956159 https://bugzilla.suse.com/960506 https://bugzilla.suse.com/961305 From sle-security-updates at lists.suse.com Wed Feb 24 05:12:01 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Feb 2016 13:12:01 +0100 (CET) Subject: SUSE-SU-2016:0554-1: important: Security update for MozillaFirefox Message-ID: <20160224121201.630DE32150@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0554-1 Rating: important References: #967087 Cross-References: CVE-2016-1523 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-307=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-307=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-307=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-307=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-307=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-307=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-devel-38.6.1esr-60.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-devel-38.6.1esr-60.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 References: https://www.suse.com/security/cve/CVE-2016-1523.html https://bugzilla.suse.com/967087 From sle-security-updates at lists.suse.com Wed Feb 24 05:12:31 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Feb 2016 13:12:31 +0100 (CET) Subject: SUSE-SU-2016:0555-1: important: Security update for postgresql94 Message-ID: <20160224121231.128B432150@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0555-1 Rating: important References: #578053 #966435 #966436 Cross-References: CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - PL/Perl still needs to be linked with rpath, so that it can find libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-306=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-306=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-306=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-306=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-306=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-306=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): postgresql94-devel-9.4.6-7.1 postgresql94-devel-debuginfo-9.4.6-7.1 postgresql94-libs-debugsource-9.4.6-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql94-devel-9.4.6-7.1 postgresql94-devel-debuginfo-9.4.6-7.1 postgresql94-libs-debugsource-9.4.6-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-contrib-9.4.6-7.2 postgresql94-contrib-debuginfo-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 postgresql94-server-9.4.6-7.2 postgresql94-server-debuginfo-9.4.6-7.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpq5-32bit-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): postgresql94-docs-9.4.6-7.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-contrib-9.4.6-7.2 postgresql94-contrib-debuginfo-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 postgresql94-server-9.4.6-7.2 postgresql94-server-debuginfo-9.4.6-7.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpq5-32bit-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql94-docs-9.4.6-7.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-32bit-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-32bit-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 References: https://www.suse.com/security/cve/CVE-2007-4772.html https://www.suse.com/security/cve/CVE-2016-0766.html https://www.suse.com/security/cve/CVE-2016-0773.html https://bugzilla.suse.com/578053 https://bugzilla.suse.com/966435 https://bugzilla.suse.com/966436 From sle-security-updates at lists.suse.com Wed Feb 24 10:11:41 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Feb 2016 18:11:41 +0100 (CET) Subject: SUSE-SU-2016:0564-1: important: Security update for MozillaFirefox Message-ID: <20160224171141.9247732150@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0564-1 Rating: important References: #967087 Cross-References: CVE-2016-1523 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12416=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12416=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-12416=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12416=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.6.1esr-34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.6.1esr-34.1 MozillaFirefox-translations-38.6.1esr-34.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.6.1esr-34.1 MozillaFirefox-translations-38.6.1esr-34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-34.1 MozillaFirefox-debugsource-38.6.1esr-34.1 References: https://www.suse.com/security/cve/CVE-2016-1523.html https://bugzilla.suse.com/967087 From sle-security-updates at lists.suse.com Thu Feb 25 12:13:07 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2016 20:13:07 +0100 (CET) Subject: SUSE-SU-2016:0584-1: moderate: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss Message-ID: <20160225191307.2A38D32150@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0584-1 Rating: moderate References: #954447 #959888 #963520 #963632 #963635 #963731 #967087 Cross-References: CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed: - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-mozilla-12419=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-mozilla-12419=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-38.6.1esr-33.1 MozillaFirefox-branding-SLED-38-15.58 MozillaFirefox-translations-38.6.1esr-33.1 libfreebl3-3.20.2-17.5 mozilla-nss-3.20.2-17.5 mozilla-nss-devel-3.20.2-17.5 mozilla-nss-tools-3.20.2-17.5 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.20.2-17.5 mozilla-nss-32bit-3.20.2-17.5 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-33.1 MozillaFirefox-debugsource-38.6.1esr-33.1 mozilla-nss-debuginfo-3.20.2-17.5 mozilla-nss-debugsource-3.20.2-17.5 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): mozilla-nss-debuginfo-32bit-3.20.2-17.5 References: https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2016-1523.html https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://www.suse.com/security/cve/CVE-2016-1938.html https://bugzilla.suse.com/954447 https://bugzilla.suse.com/959888 https://bugzilla.suse.com/963520 https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 https://bugzilla.suse.com/963731 https://bugzilla.suse.com/967087 From sle-security-updates at lists.suse.com Thu Feb 25 13:11:26 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2016 21:11:26 +0100 (CET) Subject: SUSE-SU-2016:0585-1: important: Security update for the Linux Kernel Message-ID: <20160225201126.4BA8432150@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0585-1 Rating: important References: #812259 #855062 #867583 #899908 #902606 #924919 #935087 #937261 #937444 #938577 #940338 #940946 #941363 #942476 #943989 #944749 #945649 #947953 #949440 #949936 #950292 #951199 #951392 #951615 #952579 #952976 #954992 #955118 #955354 #955654 #956514 #956708 #957525 #957988 #957990 #958463 #958886 #958951 #959090 #959146 #959190 #959257 #959364 #959399 #959436 #959463 #959629 #960221 #960227 #960281 #960300 #961202 #961257 #961500 #961509 #961516 #961588 #961971 #962336 #962356 #962788 #962965 #963449 #963572 #963765 #963767 #963825 #964230 #964821 #965344 #965840 Cross-References: CVE-2013-7446 CVE-2015-0272 CVE-2015-5707 CVE-2015-7550 CVE-2015-7799 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8569 CVE-2015-8575 CVE-2015-8660 CVE-2015-8767 CVE-2015-8785 CVE-2016-0723 CVE-2016-2069 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device's state, allowing for DoS (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (bnc#960281). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767). The following non-security bugs were fixed: - ACPI: Introduce apic_id in struct processor to save parsed APIC id (bsc#959463). - ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463). - ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463). - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261). - Add sd_mod to initrd modules. For some reason PowerVM backend can't work without sd_mod - Do not modify perf bias performance setting by default at boot (bnc#812259, bsc#959629). - Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946, bsc#937444). - Driver for IBM System i/p VNIC protocol - Drop blktap patches from SLE12, since the driver is unsupported - Improve fairness when locking the per-superblock s_anon list (bsc#957525, bsc#941363). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - NFSD: Do not start lockd when only NFSv4 is running - NFSv4: Recovery of recalled read delegations is broken (bsc#956514). - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the CPU we need it to run on - Revert "ipv6: add complete rcu protection around np->opt" (bnc#961257). - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1. Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd applied, victim of 1 reports performance regression (1,2 https://lkml.org/lkml/2016/2/4/618) 3. Leads to scheduling work to offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound delayed work timer is no longer deflected to a housekeeper CPU. - be2net: fix some log messages (bnc#855062, bnc#867583). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#902606). - block: Always check queue limits for cloned requests (bsc#902606). - bnx2x: Add new device ids under the Qlogic vendor (bnc#964821). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649). - btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344). - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649). - btrfs: remove transaction from send (bnc#935087, bnc#945649). - btrfs: skip locking when searching commit root (bnc#963825). - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - crypto: nx - use common code for both NX decompress success cases (bsc#942476). - crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - drivers/firmware/memmap.c: do not allocate firmware_map_entry of same memory range (bsc#959463). - drivers/firmware/memmap.c: do not create memmap sysfs of same firmware_map_entry (bsc#959463). - drivers/firmware/memmap.c: pass the correct argument to firmware_map_find_entry_bootmem() (bsc#959463). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765). - group-source-files: mark module.lds as devel file ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory - ipv6: fix tunnel error handling (bsc#952579). - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kABI: reintroduce blk_rq_check_limits. - kabi: protect struct acpi_processor signature (bsc#959463). - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup (bsc#940946, bsc#937444). - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946, bsc#937444). - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444). - kernel: inadvertent free of the vector register save area (bnc#961202). - kexec: Fix race between panic() and crash_kexec() (bsc#940946, bsc#937444). - kgr: Remove the confusing search for fentry - kgr: Safe way to avoid an infinite redirection - kgr: do not print error for !abort_if_missing symbols (bnc#943989). - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572). - kgr: log when modifying kernel - kgr: mark some more missed kthreads (bnc#962336). - kgr: usb/storage: do not emit thread awakened (bnc#899908). - kvm: Add arch specific mmu notifier for page invalidation (bsc#959463). - kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463). - kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463). - kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and make it non-static (bsc#959463). - kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address (bsc#959463). - kvm: vmx: Implement set_apic_access_page_addr (bsc#959463). - kvm: x86: Add request bit to reload APIC access page address (bsc#959463). - kvm: x86: Unpin and remove kvm_arch->apic_access_page (bsc#959463). - libiscsi: Fix host busy blocking during connection teardown. - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118). - md/bitmap: remove confusing code from filemap_get_page. - md/bitmap: remove rcu annotation from pointer arithmetic. - mem-hotplug: reset node managed pages when hot-adding a new pgdat (bsc#959463). - mem-hotplug: reset node present pages when hot-adding a new pgdat (bsc#959463). - memory-hotplug: clear pgdat which is allocated by bootmem in try_offline_node() (bsc#959463). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (VM Functionality, bnc#961588). - mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM Performance, bnc#959436). - module: keep percpu symbols in module's symtab (bsc#962788). - nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444). - nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - panic, x86: Allow CPUs to save registers even if looping in NMI context (bsc#940946, bsc#937444). - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946, bsc#937444). - pci: Check for valid tags when calculating the VPD size (bsc#959146). - qeth: initialize net_device with carrier off (bnc#964230). - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere. - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency (bsc#959090) - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel (bsc#959090). - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file - rpm/kernel-binary.spec.in: Use bzip compression to speed up build (bsc#962356) - rpm/kernel-source.spec.in: Install kernel-macros for kernel-source-vanilla (bsc#959090) - rpm/kernel-spec-macros: Do not modify the release string in PTFs (bsc#963449) - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop - s390/cio: ensure consistent measurement state (bnc#964230). - s390/cio: fix measurement characteristics memleak (bnc#964230). - s390/cio: update measurement characteristics (bnc#964230). - s390/dasd: fix failfast for disconnected devices (bnc#961202). - s390/vtime: correct scaled cputime for SMT (bnc#964230). - s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230). - s390/vtime: limit MT scaling value updates (bnc#964230). - sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA Balancing). - sched/fair: Care divide error in update_task_scan_period() (bsc#959463). - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group (bnc#960227). - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline (bnc#960227). - sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA Balancing). - sched: Fix race between task_group and sched_task_group (Automatic NUMA Balancing). - scsi: restart list search after unlock in scsi_remove_target (bsc#944749, bsc#959257). - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840). - supported.conf: Add netfilter modules to base (bsc#950292) - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292) - supported.conf: Add vfat to -base to be able to mount the ESP (bsc#950292). - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base (bsc#950292) - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292). - supported.conf: drop +external from ghash-clmulni-intel It was agreed that it does not make sense to maintain "external" for this specific module. Furthermore it causes problems in rather ordinary VMware environments. (bsc#961971) - udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364). - x86, xsave: Support eager-only xsave features, add MPX support (bsc#938577). - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946, bsc#937444). - x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means the end (bsc#938577). - x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577). - x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577). - x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444). - x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444). - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). - xfs: add a few more verifier tests (bsc#947953). - xfs: fix double free in xlog_recover_commit_trans (bsc#947953). - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-329=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-329=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-329=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-329=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-329=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-329=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-extra-3.12.53-60.30.1 kernel-default-extra-debuginfo-3.12.53-60.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.53-60.30.2 kernel-obs-build-debugsource-3.12.53-60.30.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.53-60.30.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.53-60.30.1 kernel-default-base-3.12.53-60.30.1 kernel-default-base-debuginfo-3.12.53-60.30.1 kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-devel-3.12.53-60.30.1 kernel-syms-3.12.53-60.30.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.53-60.30.1 kernel-xen-base-3.12.53-60.30.1 kernel-xen-base-debuginfo-3.12.53-60.30.1 kernel-xen-debuginfo-3.12.53-60.30.1 kernel-xen-debugsource-3.12.53-60.30.1 kernel-xen-devel-3.12.53-60.30.1 lttng-modules-2.7.0-3.1 lttng-modules-debugsource-2.7.0-3.1 lttng-modules-kmp-default-2.7.0_k3.12.53_60.30-3.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.53_60.30-3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.53-60.30.1 kernel-macros-3.12.53-60.30.1 kernel-source-3.12.53-60.30.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.53-60.30.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.53-60.30.1 kernel-ec2-debuginfo-3.12.53-60.30.1 kernel-ec2-debugsource-3.12.53-60.30.1 kernel-ec2-devel-3.12.53-60.30.1 kernel-ec2-extra-3.12.53-60.30.1 kernel-ec2-extra-debuginfo-3.12.53-60.30.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-1-2.1 kgraft-patch-3_12_53-60_30-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.53-60.30.1 kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-devel-3.12.53-60.30.1 kernel-default-extra-3.12.53-60.30.1 kernel-default-extra-debuginfo-3.12.53-60.30.1 kernel-syms-3.12.53-60.30.1 kernel-xen-3.12.53-60.30.1 kernel-xen-debuginfo-3.12.53-60.30.1 kernel-xen-debugsource-3.12.53-60.30.1 kernel-xen-devel-3.12.53-60.30.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.53-60.30.1 kernel-macros-3.12.53-60.30.1 kernel-source-3.12.53-60.30.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-5707.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8660.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://bugzilla.suse.com/812259 https://bugzilla.suse.com/855062 https://bugzilla.suse.com/867583 https://bugzilla.suse.com/899908 https://bugzilla.suse.com/902606 https://bugzilla.suse.com/924919 https://bugzilla.suse.com/935087 https://bugzilla.suse.com/937261 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/938577 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940946 https://bugzilla.suse.com/941363 https://bugzilla.suse.com/942476 https://bugzilla.suse.com/943989 https://bugzilla.suse.com/944749 https://bugzilla.suse.com/945649 https://bugzilla.suse.com/947953 https://bugzilla.suse.com/949440 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/950292 https://bugzilla.suse.com/951199 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/951615 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/954992 https://bugzilla.suse.com/955118 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/957525 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959090 https://bugzilla.suse.com/959146 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959257 https://bugzilla.suse.com/959364 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/959436 https://bugzilla.suse.com/959463 https://bugzilla.suse.com/959629 https://bugzilla.suse.com/960221 https://bugzilla.suse.com/960227 https://bugzilla.suse.com/960281 https://bugzilla.suse.com/960300 https://bugzilla.suse.com/961202 https://bugzilla.suse.com/961257 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961516 https://bugzilla.suse.com/961588 https://bugzilla.suse.com/961971 https://bugzilla.suse.com/962336 https://bugzilla.suse.com/962356 https://bugzilla.suse.com/962788 https://bugzilla.suse.com/962965 https://bugzilla.suse.com/963449 https://bugzilla.suse.com/963572 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/963825 https://bugzilla.suse.com/964230 https://bugzilla.suse.com/964821 https://bugzilla.suse.com/965344 https://bugzilla.suse.com/965840 From sle-security-updates at lists.suse.com Fri Feb 26 11:11:19 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:11:19 +0100 (CET) Subject: SUSE-SU-2016:0597-1: moderate: Security update for rubygem-activemodel-4_1 Message-ID: <20160226181119.3B6D432157@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activemodel-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0597-1 Rating: moderate References: #963334 Cross-References: CVE-2016-0753 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activemodel-4_1 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activemodel-4_1-12422=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activemodel-4_1-4.1.9-9.1 References: https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963334 From sle-security-updates at lists.suse.com Fri Feb 26 11:11:39 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:11:39 +0100 (CET) Subject: SUSE-SU-2016:0598-1: moderate: Security update for rubygem-activerecord-4_1 Message-ID: <20160226181139.F3E5A32157@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0598-1 Rating: moderate References: #963330 #963334 Cross-References: CVE-2015-7577 CVE-2016-0753 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activerecord-4_1 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) - CVE-2015-7577: Nested attributes rejection proc bypass (bsc#963330) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activerecord-4_1-12423=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activerecord-4_1-4.1.9-9.1 References: https://www.suse.com/security/cve/CVE-2015-7577.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963330 https://bugzilla.suse.com/963334 From sle-security-updates at lists.suse.com Fri Feb 26 11:12:10 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:12:10 +0100 (CET) Subject: SUSE-SU-2016:0599-1: moderate: Security update for rubygem-actionview-4_1 Message-ID: <20160226181210.32BB832157@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0599-1 Rating: moderate References: #963332 Cross-References: CVE-2016-0752 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_1 fixes the following issues: - CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-actionview-4_1-12421=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-actionview-4_1-4.1.9-9.1 References: https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/963332 From sle-security-updates at lists.suse.com Fri Feb 26 11:12:28 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:12:28 +0100 (CET) Subject: SUSE-SU-2016:0600-1: moderate: Security update for rubygem-activesupport-4_1 Message-ID: <20160226181228.E87ED32157@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0600-1 Rating: moderate References: #963329 #963334 Cross-References: CVE-2015-7576 CVE-2016-0753 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activesupport-4_1 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activesupport-4_1-12424=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activesupport-4_1-4.1.9-12.1 References: https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963329 https://bugzilla.suse.com/963334