From sle-updates at lists.suse.com Tue Dec 4 10:08:29 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Dec 2012 18:08:29 +0100 (CET) Subject: SUSE-RU-2012:1604-1: Recommended update for yast2-ftp-server Message-ID: <20121204170829.8ECD632349@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ftp-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1604-1 Rating: low References: #684863 #756612 #782386 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for YaST's FTP Server configuration module resolves the following issues: * Recognize colon and white space as separators for PassivePortRange (bnc#782386, bnc#756612) * Use the ButtonBox widget (bnc#684863). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-yast2-ftp-server-6971 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yast2-ftp-server-6971 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yast2-ftp-server-6971 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch) [New Version: 2.17.9]: yast2-ftp-server-2.17.9-0.5.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2.17.9]: yast2-ftp-server-2.17.9-0.5.2 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2.17.9]: yast2-ftp-server-2.17.9-0.5.2 References: https://bugzilla.novell.com/684863 https://bugzilla.novell.com/756612 https://bugzilla.novell.com/782386 http://download.novell.com/patch/finder/?keywords=2d737edbd46b7b950d5493d521b557a9 From sle-updates at lists.suse.com Tue Dec 4 13:08:36 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Dec 2012 21:08:36 +0100 (CET) Subject: SUSE-SU-2012:1605-1: moderate: Security update for libwebkit Message-ID: <20121204200836.4E47A32348@maintenance.suse.de> SUSE Security Update: Security update for libwebkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1605-1 Rating: moderate References: #688701 #688702 Cross-References: CVE-2011-1344 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Two issues in libwebkit have been fixed: * CVE-2011-1290: Webkit CSS Text Element Count remote code execution was fixed. * CVE-2011-1344: WebKit WBR Tag Removal remote code execution was fixed. Security Issue reference: * CVE-2011-1344 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libwebkit-7114 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libwebkit-7114 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libwebkit-1_0-2-1.2.7-0.15.2 libwebkit-devel-1.2.7-0.15.2 libwebkit-lang-1.2.7-0.15.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libwebkit-1_0-2-1.2.7-0.15.2 libwebkit-lang-1.2.7-0.15.2 References: http://support.novell.com/security/cve/CVE-2011-1344.html https://bugzilla.novell.com/688701 https://bugzilla.novell.com/688702 http://download.novell.com/patch/finder/?keywords=65e2ca40c4e75aa0c6a03eced96f17f4 From sle-updates at lists.suse.com Tue Dec 4 14:08:36 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Dec 2012 22:08:36 +0100 (CET) Subject: SUSE-SU-2012:1606-1: important: Security update for Xen Message-ID: <20121204210836.DD3F332348@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1606-1 Rating: important References: #789950 #789951 Cross-References: CVE-2012-5513 CVE-2012-5515 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues in xen: * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following bugs have been fixed and upstream patches have been applied: 26134-x86-shadow-invlpg-check.patch Security Issue references: * CVE-2012-5513 * CVE-2012-5515 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): xen-3.2.3_17040_44-0.7.1 xen-devel-3.2.3_17040_44-0.7.1 xen-doc-html-3.2.3_17040_44-0.7.1 xen-doc-pdf-3.2.3_17040_44-0.7.1 xen-doc-ps-3.2.3_17040_44-0.7.1 xen-kmp-debug-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-default-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-kdump-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-smp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-libs-3.2.3_17040_44-0.7.1 xen-tools-3.2.3_17040_44-0.7.1 xen-tools-domU-3.2.3_17040_44-0.7.1 xen-tools-ioemu-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-kdumppae-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-vmi-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-vmipae-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xen-3.2.3_17040_44-0.7.1 xen-devel-3.2.3_17040_44-0.7.1 xen-doc-html-3.2.3_17040_44-0.7.1 xen-doc-pdf-3.2.3_17040_44-0.7.1 xen-doc-ps-3.2.3_17040_44-0.7.1 xen-kmp-default-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-smp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-libs-3.2.3_17040_44-0.7.1 xen-tools-3.2.3_17040_44-0.7.1 xen-tools-domU-3.2.3_17040_44-0.7.1 xen-tools-ioemu-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 - SLE SDK 10 SP4 (i586 x86_64): xen-3.2.3_17040_44-0.7.1 xen-devel-3.2.3_17040_44-0.7.1 xen-kmp-debug-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-kdump-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-libs-3.2.3_17040_44-0.7.1 xen-tools-3.2.3_17040_44-0.7.1 xen-tools-ioemu-3.2.3_17040_44-0.7.1 - SLE SDK 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_44-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-5513.html http://support.novell.com/security/cve/CVE-2012-5515.html https://bugzilla.novell.com/789950 https://bugzilla.novell.com/789951 http://download.novell.com/patch/finder/?keywords=193b206adfdaf6da1ce1c5ced79e9f29 From sle-updates at lists.suse.com Wed Dec 5 09:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Dec 2012 17:08:31 +0100 (CET) Subject: SUSE-RU-2012:1614-1: moderate: Recommended update for virt-utils Message-ID: <20121205160831.DC4AD3234B@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1614-1 Rating: moderate References: #785085 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds support for creating VHD images for HyperV that are greater than 127GB. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-virt-utils-7102 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-virt-utils-7102 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): virt-utils-1.1.7-0.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): virt-utils-1.1.7-0.13.1 References: https://bugzilla.novell.com/785085 http://download.novell.com/patch/finder/?keywords=f546cbb1d660dfa6cd5f40252a45ef90 From sle-updates at lists.suse.com Thu Dec 6 09:08:43 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Dec 2012 17:08:43 +0100 (CET) Subject: SUSE-SU-2012:1615-1: important: Security update for Xen Message-ID: <20121206160843.F0BCE3234B@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1615-1 Rating: important References: #777628 #789940 #789944 #789945 #789948 #789950 #789951 #789988 #792476 Cross-References: CVE-2012-5510 CVE-2012-5511 CVE-2012-5512 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update fixes the following security issues in xen: * CVE-2012-5510: Grant table version switch list corruption vulnerability (XSA-26) * CVE-2012-5511: Several HVM operations do not validate the range of their inputs (XSA-27) * CVE-2012-5512: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak (XSA-28) * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5514: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following bugs have been fixed and upstream patches have been applied: * FATAL PAGE FAULT in hypervisor (arch_do_domctl) * 25931-x86-domctl-iomem-mapping-checks.patch * 26132-tmem-save-NULL-check.patch * 26134-x86-shadow-invlpg-check.patch * 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) * 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch) * 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch) * 26151-gnttab-compat-get-status-frames.patch (Replaces CVE-2012-4539-xsa24.patch) * bnc#792476 - efi files missing in latest XEN update Security Issue references: * CVE-2012-5512 * CVE-2012-5513 * CVE-2012-5514 * CVE-2012-5511 * CVE-2012-5510 * CVE-2012-5515 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-7133 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-7133 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-7133 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-7133 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): xen-devel-4.1.3_06-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.3_06-0.7.1 xen-doc-html-4.1.3_06-0.7.1 xen-doc-pdf-4.1.3_06-0.7.1 xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-libs-32bit-4.1.3_06-0.7.1 xen-libs-4.1.3_06-0.7.1 xen-tools-4.1.3_06-0.7.1 xen-tools-domU-4.1.3_06-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.3_06-0.7.1 xen-doc-html-4.1.3_06-0.7.1 xen-doc-pdf-4.1.3_06-0.7.1 xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-libs-32bit-4.1.3_06-0.7.1 xen-libs-4.1.3_06-0.7.1 xen-tools-4.1.3_06-0.7.1 xen-tools-domU-4.1.3_06-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-5510.html http://support.novell.com/security/cve/CVE-2012-5511.html http://support.novell.com/security/cve/CVE-2012-5512.html http://support.novell.com/security/cve/CVE-2012-5513.html http://support.novell.com/security/cve/CVE-2012-5514.html http://support.novell.com/security/cve/CVE-2012-5515.html https://bugzilla.novell.com/777628 https://bugzilla.novell.com/789940 https://bugzilla.novell.com/789944 https://bugzilla.novell.com/789945 https://bugzilla.novell.com/789948 https://bugzilla.novell.com/789950 https://bugzilla.novell.com/789951 https://bugzilla.novell.com/789988 https://bugzilla.novell.com/792476 http://download.novell.com/patch/finder/?keywords=d862e18d5680d7561000adc9e50779c8 From sle-updates at lists.suse.com Thu Dec 6 09:09:44 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Dec 2012 17:09:44 +0100 (CET) Subject: SUSE-RU-2012:1618-1: important: Recommended update for vm-install Message-ID: <20121206160944.ADFAC32347@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1618-1 Rating: important References: #779280 #779494 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes one version update. Description: vm-install received various bugfixes: * bnc#779494 - SM wont install on KVM/Virt-Manager * bnc#779280 - vm-install doesn't honour / correctly document disk * Changed documentation link to suse.com. Security Issue references: * CVE-2012-4539 * CVE-2012-3497 * CVE-2012-4411 * CVE-2012-4535 * CVE-2012-4537 * CVE-2012-4536 * CVE-2012-4538 * CVE-2012-4539 * CVE-2012-4544 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-vminstall-201211-7081 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-vminstall-201211-7081 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 0.5.14]: vm-install-0.5.14-0.5.7 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.5.14]: vm-install-0.5.14-0.5.7 References: http://support.novell.com/security/cve/CVE-2012-3497.html http://support.novell.com/security/cve/CVE-2012-4411.html http://support.novell.com/security/cve/CVE-2012-4535.html http://support.novell.com/security/cve/CVE-2012-4536.html http://support.novell.com/security/cve/CVE-2012-4537.html http://support.novell.com/security/cve/CVE-2012-4538.html http://support.novell.com/security/cve/CVE-2012-4539.html http://support.novell.com/security/cve/CVE-2012-4544.html https://bugzilla.novell.com/779280 https://bugzilla.novell.com/779494 http://download.novell.com/patch/finder/?keywords=d9c4600ab825b8dc831f3185523198a9 From sle-updates at lists.suse.com Thu Dec 6 15:08:35 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Dec 2012 23:08:35 +0100 (CET) Subject: SUSE-FU-2012:1619-1: Feature update for git Message-ID: <20121206220835.4565B3234B@maintenance.suse.de> SUSE Feature Update: Feature update for git ______________________________________________________________________________ Announcement ID: SUSE-FU-2012:1619-1 Rating: low References: #787405 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that has one feature fix can now be installed. It includes one version update. Description: This updates git to version 1.7.12.4 (previous version was 1.6.0.2), which provides several noteworthy feature improvements frequently requested by customers. The git 1.7 version has changed behavior in a few cases. It is heavily recommended to read http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7 .0.txt for information about the behavior changes. For all changes and new features since version 1.6.0 see the upstream release notes: http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7 .0.txt http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6 .6.txt http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6 .5.txt http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6 .4.txt http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6 .3.txt http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6 .2.txt http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6 .1.txt Patch Instructions: To install this SUSE Feature Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-git-7023 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.12.4]: git-1.7.12.4-0.3.1 git-arch-1.7.12.4-0.3.1 git-core-1.7.12.4-0.3.1 git-cvs-1.7.12.4-0.3.1 git-daemon-1.7.12.4-0.3.1 git-email-1.7.12.4-0.3.1 git-gui-1.7.12.4-0.3.1 git-svn-1.7.12.4-0.3.1 git-web-1.7.12.4-0.3.1 gitk-1.7.12.4-0.3.1 References: https://bugzilla.novell.com/787405 http://download.novell.com/patch/finder/?keywords=33bc922e286bbd41b30dc58a5c90d5ef From sle-updates at lists.suse.com Fri Dec 7 10:08:43 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Dec 2012 18:08:43 +0100 (CET) Subject: SUSE-RU-2012:1628-1: Recommended update for pure-ftpd Message-ID: <20121207170843.79D763205D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pure-ftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1628-1 Rating: low References: #756306 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update to pure-ftpd documents how pam_umask's configuration affects the FTP server umask settings. Additionally, it replaces GPL parts of the code by those released later by upstream under BSD license, resolving a licensing issue. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-pure-ftpd-7108 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-pure-ftpd-7108 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-pure-ftpd-7108 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): pure-ftpd-1.0.22-3.17.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): pure-ftpd-1.0.22-3.17.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): pure-ftpd-1.0.22-3.17.1 References: https://bugzilla.novell.com/756306 http://download.novell.com/patch/finder/?keywords=16a53d16bed20e53189236f41869df7f From sle-updates at lists.suse.com Fri Dec 7 14:08:37 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Dec 2012 22:08:37 +0100 (CET) Subject: SUSE-RU-2012:1629-1: Recommended update for kiwi Message-ID: <20121207210837.CD8253215F@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1629-1 Rating: low References: #747346 #771592 #773649 #773861 #775278 #778570 #778787 #779360 #779701 #782092 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. It includes one version update. Description: Kiwi was updated to 4.85.80 with the following fixes: * added a 10sec timeout for the language selection (bnc #778570) * cleanup spec file, correctly set virt-utils Requires (bnc #782092) * fix The fetchFile() return value (bnc #779701) * fixed startshell.c to compile without warnings * fixed setupPackageKeys() to work without pubring.gpg * netboot: enable multicast for system image and transfer to a block device, respectively disable it for any other transfer (bnc #773649) * auto adapt image size only if size was not explicitly set (bnc #775278) * make sure specified size is used for virtual disk images even if the calculated minimum size is bigger than the specified value (bnc #775278) * check blkid before mounting in searchBiosBootDevice (bnc #773861) * netboot: added function pxePartitionSetupCheck() which is used to validate the PART information whether the requested partition sizes can be reached according to the size of the disk. This implements the request in (bnc #771592) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-kiwi-6913 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.85.80]: kiwi-4.85.80-0.5.1 kiwi-instsource-4.85.80-0.5.1 kiwi-tools-4.85.80-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 s390x x86_64) [New Version: 4.85.80]: kiwi-desc-oemboot-4.85.80-0.5.1 kiwi-desc-vmxboot-4.85.80-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 4.85.80]: kiwi-desc-isoboot-4.85.80-0.5.1 kiwi-desc-netboot-4.85.80-0.5.1 kiwi-doc-4.85.80-0.5.1 kiwi-pxeboot-4.85.80-0.5.1 References: https://bugzilla.novell.com/747346 https://bugzilla.novell.com/771592 https://bugzilla.novell.com/773649 https://bugzilla.novell.com/773861 https://bugzilla.novell.com/775278 https://bugzilla.novell.com/778570 https://bugzilla.novell.com/778787 https://bugzilla.novell.com/779360 https://bugzilla.novell.com/779701 https://bugzilla.novell.com/782092 http://download.novell.com/patch/finder/?keywords=99fa8ad82d5cb51885fdbe28a2bf18b1 From sle-updates at lists.suse.com Fri Dec 7 15:08:36 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Dec 2012 23:08:36 +0100 (CET) Subject: SUSE-RU-2012:1630-1: moderate: Recommended update for yast2-backup and yast2-restore Message-ID: <20121207220836.ECEBB3215F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-backup and yast2-restore ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1630-1 Rating: moderate References: #776078 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes two new package versions. Description: This collective update for YaST's Backup and Restore modules (yast2-backup, yast2-restore) fixes escaping of shell paths that might contain spaces or special characters. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yast2-backup-201211-7035 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yast2-backup-201211-7035 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-yast2-backup-201211-7035 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2.17.13 and 2.17.7]: yast2-backup-2.17.13-0.5.1 yast2-restore-2.17.7-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2.17.13 and 2.17.7]: yast2-backup-2.17.13-0.5.1 yast2-restore-2.17.7-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 2.17.13 and 2.17.7]: yast2-backup-2.17.13-0.5.1 yast2-restore-2.17.7-0.5.1 References: https://bugzilla.novell.com/776078 http://download.novell.com/patch/finder/?keywords=a3c2da4bd8dabd2eba0138b6ee0b17db From sle-updates at lists.suse.com Fri Dec 7 17:08:47 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Dec 2012 01:08:47 +0100 (CET) Subject: SUSE-RU-2012:1631-1: Recommended update for ant Message-ID: <20121208000847.AF89132161@maintenance.suse.de> SUSE Recommended Update: Recommended update for ant ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1631-1 Rating: low References: #763820 #785695 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ant adds a fix for the following reports for ant: * 785695: RPM task converts dashes (-) to underscores (_) In addition, a security fix for a denial of service via specially crafted input has been added (CVE-2012-2098) Security Issue reference: * CVE-2012-2098 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ant-7029 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ant-7029 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ant-7029 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch): ant-1.7.0-200.26.1 ant-antlr-1.7.0-200.26.1 ant-antlr-1.7.0-200.26.2 ant-apache-bcel-1.7.0-200.26.1 ant-apache-bcel-1.7.0-200.26.2 ant-apache-bsf-1.7.0-200.26.1 ant-apache-bsf-1.7.0-200.26.2 ant-apache-log4j-1.7.0-200.26.1 ant-apache-log4j-1.7.0-200.26.2 ant-apache-oro-1.7.0-200.26.1 ant-apache-oro-1.7.0-200.26.2 ant-apache-regexp-1.7.0-200.26.1 ant-apache-regexp-1.7.0-200.26.2 ant-apache-resolver-1.7.0-200.26.1 ant-apache-resolver-1.7.0-200.26.2 ant-commons-logging-1.7.0-200.26.1 ant-commons-logging-1.7.0-200.26.2 ant-javadoc-1.7.0-200.26.1 ant-javamail-1.7.0-200.26.1 ant-javamail-1.7.0-200.26.2 ant-jdepend-1.7.0-200.26.1 ant-jdepend-1.7.0-200.26.2 ant-jmf-1.7.0-200.26.1 ant-jmf-1.7.0-200.26.2 ant-junit-1.7.0-200.26.1 ant-junit-1.7.0-200.26.2 ant-manual-1.7.0-200.26.1 ant-nodeps-1.7.0-200.26.1 ant-nodeps-1.7.0-200.26.2 ant-scripts-1.7.0-200.26.1 ant-swing-1.7.0-200.26.1 ant-swing-1.7.0-200.26.2 ant-trax-1.7.0-200.26.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): ant-1.7.0-200.26.1 ant-trax-1.7.0-200.26.2 - SUSE Linux Enterprise Server 11 SP2 (noarch): ant-1.7.0-200.26.1 ant-trax-1.7.0-200.26.1 ant-trax-1.7.0-200.26.2 References: http://support.novell.com/security/cve/CVE-2012-2098.html https://bugzilla.novell.com/763820 https://bugzilla.novell.com/785695 http://download.novell.com/patch/finder/?keywords=6b595a1f678c5b49bab15e9f5517fac2 From sle-updates at lists.suse.com Fri Dec 7 19:08:44 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Dec 2012 03:08:44 +0100 (CET) Subject: SUSE-RU-2012:1632-1: Recommended update for ant Message-ID: <20121208020844.22F5B32161@maintenance.suse.de> SUSE Recommended Update: Recommended update for ant ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1632-1 Rating: low References: #763820 #785695 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ant adds a fix for the following reports for ant: * 785695: RPM task converts dashes (-) to underscores (_) In addition, a security fix for a denial of service via specially crafted input has been added (CVE-2012-2098) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): ant-trax-1.6.5-20.9.1 - SUSE Linux Enterprise Server 10 SP4 (noarch): ant-1.6.5-20.9.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): ant-apache-oro-1.6.5-20.9.1 ant-apache-regexp-1.6.5-20.9.1 ant-jdepend-1.6.5-20.9.1 ant-junit-1.6.5-20.9.1 ant-nodeps-1.6.5-20.9.1 ant-trax-1.6.5-20.9.1 - SLE SDK 10 SP4 (noarch): ant-1.6.5-20.9.1 References: https://bugzilla.novell.com/763820 https://bugzilla.novell.com/785695 http://download.novell.com/patch/finder/?keywords=af17921d695a9060c06c8e79789774c7 From sle-updates at lists.suse.com Tue Dec 11 15:08:29 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Dec 2012 23:08:29 +0100 (CET) Subject: SUSE-RU-2012:1634-1: Recommended update for ntp Message-ID: <20121211220829.A4BE73213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1634-1 Rating: low References: #758253 #771480 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update for the Network Time Protocol daemon (ntp) provides fixes for the following reports: * 758253: ntp fails if a host has more than 1024 IP addresses * 771480: sntp not able to sync against Windows ntp server. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ntp-7085 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ntp-7085 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ntp-7085 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ntp-4.2.4p8-1.20.1 ntp-doc-4.2.4p8-1.20.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.20.1 ntp-doc-4.2.4p8-1.20.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ntp-4.2.4p8-1.20.1 ntp-doc-4.2.4p8-1.20.1 References: https://bugzilla.novell.com/758253 https://bugzilla.novell.com/771480 http://download.novell.com/patch/finder/?keywords=ee8adeb4e7bd05be855e87aaa048872d From sle-updates at lists.suse.com Wed Dec 12 09:08:50 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Dec 2012 17:08:50 +0100 (CET) Subject: SUSE-SU-2012:1636-1: important: Security update for libxml2 Message-ID: <20121212160850.11A3A32166@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1636-1 Rating: important References: #793334 Cross-References: CVE-2012-5134 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer underflow in the entity decoding of libxml2 could have caused a Denial of Service or potentially allowed the execution of arbitrary code. This has been fixed. Security Issue reference: * CVE-2012-5134 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libxml2-7140 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libxml2-7140 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libxml2-7140 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libxml2-7140 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.21.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libxml2-2.7.6-0.21.1 libxml2-doc-2.7.6-0.21.1 libxml2-python-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libxml2-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.21.1 libxml2-doc-2.7.6-0.21.1 libxml2-python-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.21.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-2.6.23-15.35.1 libxml2-devel-2.6.23-15.35.1 libxml2-python-2.6.23-15.35.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxml2-32bit-2.6.23-15.35.1 libxml2-devel-32bit-2.6.23-15.35.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxml2-x86-2.6.23-15.35.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxml2-64bit-2.6.23-15.35.1 libxml2-devel-64bit-2.6.23-15.35.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.21.1 libxml2-python-2.7.6-0.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxml2-2.6.23-15.35.1 libxml2-devel-2.6.23-15.35.1 libxml2-python-2.6.23-15.35.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxml2-32bit-2.6.23-15.35.1 libxml2-devel-32bit-2.6.23-15.35.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-test-2.6.23-15.35.1 References: http://support.novell.com/security/cve/CVE-2012-5134.html https://bugzilla.novell.com/793334 http://download.novell.com/patch/finder/?keywords=109525a062f4923fd62bd1c1a3772bd8 http://download.novell.com/patch/finder/?keywords=b31152ce7358e67eddba6c88cfe97cac From sle-updates at lists.suse.com Wed Dec 12 15:08:30 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Dec 2012 23:08:30 +0100 (CET) Subject: SUSE-RU-2012:1640-1: Recommended update for susecloud-manuals_en Message-ID: <20121212220830.51C1532161@maintenance.suse.de> SUSE Recommended Update: Recommended update for susecloud-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1640-1 Rating: low References: #778588 #788156 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest state of the SUSE Cloud documentation, with many bug fixes and enhancements added. In addition the End User Guide and the User Guide for Admins has been improved based on reviews and feedback. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-susecloud-manuals_en-7129 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (noarch): susecloud-manuals_en-1.0-0.13.1 References: https://bugzilla.novell.com/778588 https://bugzilla.novell.com/788156 http://download.novell.com/patch/finder/?keywords=2c9e0584c8ca7c85dcd5fd33f783046b From sle-updates at lists.suse.com Wed Dec 12 15:08:45 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Dec 2012 23:08:45 +0100 (CET) Subject: SUSE-RU-2012:1641-1: moderate: Recommended update for release-notes-sles and release-notes-SLES-for-VMware Message-ID: <20121212220845.906113216D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles and release-notes-SLES-for-VMware ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1641-1 Rating: moderate References: #778116 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise Server 11 SP2. The changes in detail are: * New entry: Mounting NFS Volumes Locally on the Exporting Server (bnc#778116). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-release-notes-SLES-for-VMware-7109 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-release-notes-SLES-for-VMware-7109 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 11.2.0.42]: release-notes-SLES-for-VMware-11.2.0.42-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.2.0.42]: release-notes-sles-11.2.0.42-0.7.1 References: https://bugzilla.novell.com/778116 http://download.novell.com/patch/finder/?keywords=3e4542ce203455df3111b13f63ad1eae From sle-updates at lists.suse.com Wed Dec 12 16:09:04 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Dec 2012 00:09:04 +0100 (CET) Subject: SUSE-RU-2012:1642-1: Recommended update for pure-ftpd Message-ID: <20121212230904.EDAD33216D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pure-ftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1642-1 Rating: low References: #693805 #725137 #749680 #752356 #756306 #759995 #769694 #779657 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update to pure-ftpd documents how pam_umask's configuration affects the FTP server umask settings. Additionally, it replaces GPL parts of the code by those released later by upstream under BSD license, resolving a licensing issue. This update also includes improvements and fixes specific to Novell Open Enterprise Server environments that run pure-ftpd (bnc#769694): * Wait for nwlogin and nwlogout processes to terminate before closing the FTP user session (bnc#693805) * Fix timeouts in FTP logins due to LDAP subtree search for NCP servers from (bnc#725137) * Allow backslash characters ("\") in pathnames (bnc#749680) * Remote server access fails with full domain names (bnc#752356) * DefaultHomeDirectory causes segfault/disconnect upon anonymous login attempt (bnc#759995) * "remote_server yes" causes error and failure for pure-ftpd AltLog (bnc#779657). Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): pure-ftpd-1.0.22-0.30.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): pure-ftpd-1.0.22-0.30.1 References: https://bugzilla.novell.com/693805 https://bugzilla.novell.com/725137 https://bugzilla.novell.com/749680 https://bugzilla.novell.com/752356 https://bugzilla.novell.com/756306 https://bugzilla.novell.com/759995 https://bugzilla.novell.com/769694 https://bugzilla.novell.com/779657 http://download.novell.com/patch/finder/?keywords=e869c7ee1c9f6229167d1efda8002dc8 From sle-updates at lists.suse.com Fri Dec 14 09:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Dec 2012 17:08:31 +0100 (CET) Subject: SUSE-RU-2012:1644-1: Recommended update for login Message-ID: <20121214160831.461CA32173@maintenance.suse.de> SUSE Recommended Update: Recommended update for login ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1644-1 Rating: low References: #778842 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update to the login program resolves a problem that caused a hang when attempting to log-in through PPP dial in. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-login-7007 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-login-7007 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-login-7007 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): login-3.41-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): login-3.41-0.4.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): login-3.41-0.4.2 References: https://bugzilla.novell.com/778842 http://download.novell.com/patch/finder/?keywords=89d8cae90221ddaabd30c1c9917ba412 From sle-updates at lists.suse.com Fri Dec 14 11:08:35 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Dec 2012 19:08:35 +0100 (CET) Subject: SUSE-SU-2012:1645-1: critical: Security update for flash-player Message-ID: <20121214180835.D294832174@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1645-1 Rating: critical References: #794062 Cross-References: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This version upgrade of flash-player fixes multiple unspecified code execution vulnerabilities. Security Issue references: * CVE-2012-5676 * CVE-2012-5677 * CVE-2012-5678 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7150 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.258]: flash-player-11.2.202.258-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.258]: flash-player-11.2.202.258-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-5676.html http://support.novell.com/security/cve/CVE-2012-5677.html http://support.novell.com/security/cve/CVE-2012-5678.html https://bugzilla.novell.com/794062 http://download.novell.com/patch/finder/?keywords=0900ec4427a20de14e991485ca9de9f5 http://download.novell.com/patch/finder/?keywords=b7ac6ecdf7451e0c0240a0c459360503 From sle-updates at lists.suse.com Fri Dec 14 15:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Dec 2012 23:08:31 +0100 (CET) Subject: SUSE-RU-2012:1646-1: Recommended update for curl Message-ID: <20121214220831.2A97432174@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1646-1 Rating: low References: #765342 #769247 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for curl resolves a problem in authentication against some proxy servers that use the NTLM security protocols. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-7052 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-7052 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-7052 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-7052 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.23.1 libcurl4-7.19.7-1.20.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.23.1 libcurl4-7.19.7-1.20.23.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.23.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.23.1 libcurl4-7.19.7-1.20.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.23.1 References: https://bugzilla.novell.com/765342 https://bugzilla.novell.com/769247 http://download.novell.com/patch/finder/?keywords=edfea34b853e7ca45b79f900377931d4 From sle-updates at lists.suse.com Mon Dec 17 08:08:21 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Dec 2012 16:08:21 +0100 (CET) Subject: SUSE-SU-2012:1652-1: important: Security update for bogofilter Message-ID: <20121217150821.E1AFF32174@maintenance.suse.de> SUSE Security Update: Security update for bogofilter ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1652-1 Rating: important References: #792939 Cross-References: CVE-2012-5468 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap corruption in bogofilter's base64 decoding function, caused by incomplete multibyte characters, could have resulted in a Denial of Service (App. crash) or potentially allowed the execution of arbitrary code. This has been fixed. Security Issue reference: * CVE-2012-5468 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bogofilter-7135 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): bogofilter-1.1.1-174.27.1 References: http://support.novell.com/security/cve/CVE-2012-5468.html https://bugzilla.novell.com/792939 http://download.novell.com/patch/finder/?keywords=68d7ea43f53e4df074e77ba0e35dc785 From sle-updates at lists.suse.com Mon Dec 17 13:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Dec 2012 21:08:31 +0100 (CET) Subject: SUSE-RU-2012:1661-1: Recommended update for hwinfo Message-ID: <20121217200831.C015A32174@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1661-1 Rating: low References: #693090 #739368 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for hwinfo fixes network detection when several interfaces are attached to a single PCI function. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 12.68]: hwinfo-12.68-0.7.1 hwinfo-devel-12.68-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 12.68]: hwinfo-12.68-0.7.1 hwinfo-devel-12.68-0.7.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 12.68]: hwinfo-devel-12.68-0.7.1 References: https://bugzilla.novell.com/693090 https://bugzilla.novell.com/739368 http://download.novell.com/patch/finder/?keywords=1071139351f6711666b2ba53ccd3bba9 From sle-updates at lists.suse.com Tue Dec 18 12:08:32 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Dec 2012 20:08:32 +0100 (CET) Subject: SUSE-RU-2012:1665-1: Recommended update for file Message-ID: <20121218190833.12D073216F@maintenance.suse.de> SUSE Recommended Update: Recommended update for file ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1665-1 Rating: low References: #788435 #792428 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes an issue where file(1) incorrectly detects ext2/3/4 filesystems as "minix" (bnc#788435). Additionally, the utility can now correctly identify XZ compressed archives (bnc#792428). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-file-7134 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-file-7134 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-file-7134 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-file-7134 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): file-devel-4.24-43.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): file-4.24-43.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): file-32bit-4.24-43.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): file-4.24-43.23.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): file-32bit-4.24-43.23.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): file-x86-4.24-43.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): file-4.24-43.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): file-32bit-4.24-43.23.1 References: https://bugzilla.novell.com/788435 https://bugzilla.novell.com/792428 http://download.novell.com/patch/finder/?keywords=2bb83630dc9e0d585ed112edd58b2460 From sle-updates at lists.suse.com Tue Dec 18 12:08:48 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Dec 2012 20:08:48 +0100 (CET) Subject: SUSE-SU-2012:1666-1: moderate: Security update for glibc Message-ID: <20121218190848.80A1C32174@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1666-1 Rating: moderate References: #750741 #767266 #770891 #775690 #777233 #783060 Cross-References: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This collective update for the GNU C library (glibc) provides the following fixes: * Fix strtod integer/buffer overflows (bnc#775690, CVE-2012-3480) * Fix vfprintf handling of many format specifiers (bnc#770891, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) * Fix pthread_cond_timedwait stack unwinding (bnc#750741, bnc#777233) * Improve fix for dynamic library unloading (bnc#783060) * Fix resolver when first query fails, but second one succeeds (bnc#767266). Security Issue references: * CVE-2012-3404 * CVE-2012-3405 * CVE-2012-3406 * CVE-2012-3480 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-glibc-7110 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-glibc-7110 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-glibc-7110 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-glibc-7110 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): glibc-html-2.11.3-17.43.1 glibc-info-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 i686 x86_64): glibc-2.11.3-17.43.1 glibc-devel-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): glibc-html-2.11.3-17.43.1 glibc-i18ndata-2.11.3-17.43.1 glibc-info-2.11.3-17.43.1 glibc-locale-2.11.3-17.43.1 glibc-profile-2.11.3-17.43.1 nscd-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): glibc-32bit-2.11.3-17.43.1 glibc-devel-32bit-2.11.3-17.43.1 glibc-locale-32bit-2.11.3-17.43.1 glibc-profile-32bit-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.43.1 glibc-devel-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.43.1 glibc-i18ndata-2.11.3-17.43.1 glibc-info-2.11.3-17.43.1 glibc-locale-2.11.3-17.43.1 glibc-profile-2.11.3-17.43.1 nscd-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.43.1 glibc-devel-32bit-2.11.3-17.43.1 glibc-locale-32bit-2.11.3-17.43.1 glibc-profile-32bit-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): glibc-locale-x86-2.11.3-17.43.1 glibc-profile-x86-2.11.3-17.43.1 glibc-x86-2.11.3-17.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 i686 x86_64): glibc-2.11.3-17.43.1 glibc-devel-2.11.3-17.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): glibc-i18ndata-2.11.3-17.43.1 glibc-locale-2.11.3-17.43.1 nscd-2.11.3-17.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): glibc-32bit-2.11.3-17.43.1 glibc-devel-32bit-2.11.3-17.43.1 glibc-locale-32bit-2.11.3-17.43.1 References: http://support.novell.com/security/cve/CVE-2012-3404.html http://support.novell.com/security/cve/CVE-2012-3405.html http://support.novell.com/security/cve/CVE-2012-3406.html http://support.novell.com/security/cve/CVE-2012-3480.html https://bugzilla.novell.com/750741 https://bugzilla.novell.com/767266 https://bugzilla.novell.com/770891 https://bugzilla.novell.com/775690 https://bugzilla.novell.com/777233 https://bugzilla.novell.com/783060 http://download.novell.com/patch/finder/?keywords=9fecd6bf7ccef88c72b5e69256e9ec44 From sle-updates at lists.suse.com Tue Dec 18 13:08:32 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Dec 2012 21:08:32 +0100 (CET) Subject: SUSE-SU-2012:1667-1: moderate: Security update for glibc Message-ID: <20121218200832.6D18B32174@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1667-1 Rating: moderate References: #775690 Cross-References: CVE-2012-3480 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for GNU C library (glibc) fixes multiple integer overflows in strtod and related functions. Security Issue reference: * CVE-2012-3480 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 i686 ia64 ppc s390x x86_64): glibc-2.4-31.107.1 glibc-devel-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-html-2.4-31.107.1 glibc-i18ndata-2.4-31.107.1 glibc-info-2.4-31.107.1 glibc-locale-2.4-31.107.1 glibc-profile-2.4-31.107.1 nscd-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): glibc-32bit-2.4-31.107.1 glibc-devel-32bit-2.4-31.107.1 glibc-locale-32bit-2.4-31.107.1 glibc-profile-32bit-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): glibc-locale-x86-2.4-31.107.1 glibc-profile-x86-2.4-31.107.1 glibc-x86-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): glibc-64bit-2.4-31.107.1 glibc-devel-64bit-2.4-31.107.1 glibc-locale-64bit-2.4-31.107.1 glibc-profile-64bit-2.4-31.107.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 i686 x86_64): glibc-2.4-31.107.1 glibc-devel-2.4-31.107.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): glibc-html-2.4-31.107.1 glibc-i18ndata-2.4-31.107.1 glibc-info-2.4-31.107.1 glibc-locale-2.4-31.107.1 nscd-2.4-31.107.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): glibc-32bit-2.4-31.107.1 glibc-devel-32bit-2.4-31.107.1 glibc-locale-32bit-2.4-31.107.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-dceext-2.4-31.107.1 glibc-html-2.4-31.107.1 glibc-profile-2.4-31.107.1 - SLE SDK 10 SP4 (s390x x86_64): glibc-dceext-32bit-2.4-31.107.1 glibc-profile-32bit-2.4-31.107.1 - SLE SDK 10 SP4 (ia64): glibc-dceext-x86-2.4-31.107.1 glibc-profile-x86-2.4-31.107.1 - SLE SDK 10 SP4 (ppc): glibc-dceext-64bit-2.4-31.107.1 glibc-profile-64bit-2.4-31.107.1 References: http://support.novell.com/security/cve/CVE-2012-3480.html https://bugzilla.novell.com/775690 http://download.novell.com/patch/finder/?keywords=2fc8aabbc955d43968edab9c35bd650e From sle-updates at lists.suse.com Tue Dec 18 14:08:24 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Dec 2012 22:08:24 +0100 (CET) Subject: SUSE-RU-2012:1668-1: moderate: Recommended update for perl-Bootloader Message-ID: <20121218210824.F0CD732174@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1668-1 Rating: moderate References: #788356 #788391 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This collective update for perl-Bootloader includes fixes for the following reports: * 788356: perl-Bootloader creates empty label for Xen in elilo.conf * 788391: parmfile in zipl.conf is not carried over with a kernel update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-perl-Bootloader-7079 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-perl-Bootloader-7079 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-perl-Bootloader-7079 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.4.89.46]: perl-Bootloader-0.4.89.46-0.5.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.4.89.46]: perl-Bootloader-0.4.89.46-0.5.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.4.89.46]: perl-Bootloader-0.4.89.46-0.5.2 References: https://bugzilla.novell.com/788356 https://bugzilla.novell.com/788391 http://download.novell.com/patch/finder/?keywords=3cc9355b20c9d803b7a0921fe6ecfd55 From sle-updates at lists.suse.com Tue Dec 18 15:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Dec 2012 23:08:31 +0100 (CET) Subject: SUSE-RU-2012:1669-1: Recommended update for strace Message-ID: <20121218220831.9823832174@maintenance.suse.de> SUSE Recommended Update: Recommended update for strace ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1669-1 Rating: low References: #734576 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for strace fixes the decoding of the semtimedop() system call on the s390 architecture. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-strace-7158 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-strace-7158 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-strace-7158 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): strace-4.5.18-10.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): strace-32bit-4.5.18-10.22.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): strace-4.5.18-10.22.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): strace-32bit-4.5.18-10.22.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): strace-x86-4.5.18-10.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): strace-4.5.18-10.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): strace-32bit-4.5.18-10.22.1 References: https://bugzilla.novell.com/734576 http://download.novell.com/patch/finder/?keywords=f92b1382e59b66bc217e8b874234b32a From sle-updates at lists.suse.com Tue Dec 18 15:08:46 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Dec 2012 23:08:46 +0100 (CET) Subject: SUSE-RU-2012:1670-1: Recommended update for strace Message-ID: <20121218220846.0FDAD32176@maintenance.suse.de> SUSE Recommended Update: Recommended update for strace ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1670-1 Rating: low References: #734575 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for strace fixes the decoding of the semtimedop() system call on the s390 architecture. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): strace-4.5.14-15.14.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): strace-32bit-4.5.14-15.14.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): strace-x86-4.5.14-15.14.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): strace-64bit-4.5.14-15.14.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): strace-4.5.14-15.14.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): strace-32bit-4.5.14-15.14.1 References: https://bugzilla.novell.com/734575 http://download.novell.com/patch/finder/?keywords=736cc4744764d84ec378842b19e08cb9 From sle-updates at lists.suse.com Tue Dec 18 20:08:30 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Dec 2012 04:08:30 +0100 (CET) Subject: SUSE-OU-2012:1671-1: Optional update for WALinuxAgent Message-ID: <20121219030830.5200032174@maintenance.suse.de> SUSE Optional Update: Optional update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-OU-2012:1671-1 Rating: low References: #794490 Affected Products: SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The Windows Azure Linux Agent supports the provisioning and running of Linux VMs in the Windows Azure cloud. This package should be installed on Linux disk images that are built to run in the Windows Azure environment. Indications: Every Windows Azure user should install this update Contraindications: Indications: Every Windows Azure user should install this update Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-WALinuxAgent-7163 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (noarch): WALinuxAgent-1.2-0.7.1 References: https://bugzilla.novell.com/794490 http://download.novell.com/patch/finder/?keywords=a5eb8fa7e05ac01f7744956a8f1a6648 From sle-updates at lists.suse.com Tue Dec 18 20:08:44 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Dec 2012 04:08:44 +0100 (CET) Subject: SUSE-RU-2012:1672-1: Recommended update for openstack-nova Message-ID: <20121219030844.82A6A32174@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1672-1 Rating: low References: #782732 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update to openstack-nova provides the following fixes: * fixed_ip_get_by_address read_deleted from context * deallocate_fixed_ip attempts to update deleted ip * Avoid RPC calls while holding iptables lock. * Added nova-bnc-780991-fix.patch to force hard reboots when an instance is no longer active (because the compute node was rebooted, for example). This will then reconnect the volumes. * Fix node reboot with volume failing (bnc#782732) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-nova-7148 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-nova-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-api-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-cert-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-compute-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-network-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-objectstore-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-scheduler-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-vncproxy-2012.1+git.1351668974.0edd3cb-0.5.1 openstack-nova-volume-2012.1+git.1351668974.0edd3cb-0.5.1 python-nova-2012.1+git.1351668974.0edd3cb-0.5.1 References: https://bugzilla.novell.com/782732 http://download.novell.com/patch/finder/?keywords=373d5fc6300b9972f237ef90a260c987 From sle-updates at lists.suse.com Tue Dec 18 20:08:59 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Dec 2012 04:08:59 +0100 (CET) Subject: SUSE-RU-2012:1673-1: Recommended update for Hyper-V Message-ID: <20121219030859.3358B32176@maintenance.suse.de> SUSE Recommended Update: Recommended update for Hyper-V ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1673-1 Rating: low References: #676890 #761200 #790469 #791605 Affected Products: SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update to hyper-v adds support for KVP IP injection, a feature to set the clients IP address from the host. Additionally, two denial-of-service vulnerabilities (CVE-2012-2669, CVE-2012-5532) are fixed with this update and packaging has been improved. Security Issues: * CVE-2012-2669 * CVE-2012-5532 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-hyper-v-7106 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): hyper-v-4-0.9.1 References: http://support.novell.com/security/cve/CVE-2012-2669.html http://support.novell.com/security/cve/CVE-2012-5532.html https://bugzilla.novell.com/676890 https://bugzilla.novell.com/761200 https://bugzilla.novell.com/790469 https://bugzilla.novell.com/791605 http://download.novell.com/patch/finder/?keywords=b055c4ea76eadfabe6535941b609474c From sle-updates at lists.suse.com Wed Dec 19 09:08:27 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Dec 2012 17:08:27 +0100 (CET) Subject: SUSE-RU-2012:1674-1: Recommended update for grep Message-ID: <20121219160828.0532032175@maintenance.suse.de> SUSE Recommended Update: Recommended update for grep ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1674-1 Rating: low References: #774868 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the grep utility resolves a problem that could have make it show the same error message in an endless loop after receiving an EPIPE error if the SIGPIPE signal was blocked. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-grep-7164 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-grep-7164 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-grep-7164 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): grep-2.7-5.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): grep-2.7-5.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): grep-2.7-5.7.1 References: https://bugzilla.novell.com/774868 http://download.novell.com/patch/finder/?keywords=a910be879bb7813ef7861e15e463aff9 From sle-updates at lists.suse.com Wed Dec 19 10:08:36 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Dec 2012 18:08:36 +0100 (CET) Subject: SUSE-SU-2012:1675-1: moderate: Security update for openstack-keystone Message-ID: <20121219170836.7E84532175@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1675-1 Rating: moderate References: #783036 #783200 #791203 Cross-References: CVE-2012-5571 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This bug fixes an EC2-style credentials invalidation issue in openstack-keystone. Only setups enabling EC2-style credentials are affected. CVE-2012-5571 has been assigned to this issue. Security Issue reference: * CVE-2012-5571 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-keystone-7107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-keystone-2012.1+git.1353613280.c17a999-0.5.1 openstack-keystone-doc-2012.1+git.1353613280.c17a999-0.5.1 python-keystone-2012.1+git.1353613280.c17a999-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-5571.html https://bugzilla.novell.com/783036 https://bugzilla.novell.com/783200 https://bugzilla.novell.com/791203 http://download.novell.com/patch/finder/?keywords=dbf3db6412aaa4632a18755f9b98d548 From sle-updates at lists.suse.com Wed Dec 19 14:08:33 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Dec 2012 22:08:33 +0100 (CET) Subject: SUSE-YU-2012:1676-1: important: YOU update for libzypp Message-ID: <20121219210833.6363A32176@maintenance.suse.de> SUSE YOU Update: YOU update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-YU-2012:1676-1 Rating: important References: #779177 #792901 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two YOU fixes can now be installed. It includes one version update. Description: This update provides a mitigation for unstable connections to the update server due to the BEAST attack fix in libcurl (bnc#779177). Additionally, it enables zypper to remove zypp locks without evaluating the query (bnc#792901). Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE YOU Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libzypp-7165 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libzypp-7165 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libzypp-7165 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libzypp-7165 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.12.11]: libzypp-devel-9.12.11-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.12.11]: libzypp-9.12.11-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.12.11]: libzypp-9.12.11-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.12.11]: libzypp-9.12.11-0.5.1 References: https://bugzilla.novell.com/779177 https://bugzilla.novell.com/792901 http://download.novell.com/patch/finder/?keywords=7b6790ca43c448c83c50e8e22f9ea638 From sle-updates at lists.suse.com Wed Dec 19 16:09:07 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Dec 2012 00:09:07 +0100 (CET) Subject: SUSE-RU-2012:1677-1: moderate: Recommended update for X.org video drivers Message-ID: <20121219230907.BC05A32176@maintenance.suse.de> SUSE Recommended Update: Recommended update for X.org video drivers ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1677-1 Rating: moderate References: #758040 #784441 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update for X.Org video drivers (xorg-x11-driver-video) provides the following fixes: * Disable DRI2 and 2D acceleration on Intel i830/i845G chipsets. Due to issues with the TLBs the chip stalls randomly reading data from batchbuffers (bnc#758040) * Fix X crash when handling large image. (bnc#784441). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-driver-video-7132 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-driver-video-7132 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-driver-video-7132 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-driver-video-7.4.0.1-0.54.54.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 x86_64): xorg-x11-driver-video-7.4.0.1-0.54.54.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-driver-video-7.4.0.1-0.54.54.1 References: https://bugzilla.novell.com/758040 https://bugzilla.novell.com/784441 http://download.novell.com/patch/finder/?keywords=8ef2eaeba32c2e89dca71c97e00f2c5b From sle-updates at lists.suse.com Wed Dec 19 16:09:22 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Dec 2012 00:09:22 +0100 (CET) Subject: SUSE-YU-2012:1678-1: important: YOU update for libzypp Message-ID: <20121219230922.DAAFE3217C@maintenance.suse.de> SUSE YOU Update: YOU update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-YU-2012:1678-1 Rating: important References: #779177 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has one YOU fix can now be installed. It includes one version update. Description: This update provides a mitigation for unstable connections to the update server due to the BEAST attack fix in libcurl (bnc#779177). Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 2.100.10]: libzypp-2.100.10-0.7.1 libzypp-devel-2.100.10-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 2.100.10]: libzypp-2.100.10-0.7.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 2.100.10]: libzypp-devel-2.100.10-0.7.1 References: https://bugzilla.novell.com/779177 http://download.novell.com/patch/finder/?keywords=3e3f0df861203815f91f3157df825dbc From sle-updates at lists.suse.com Wed Dec 19 17:08:24 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Dec 2012 01:08:24 +0100 (CET) Subject: SUSE-SU-2012:1679-1: moderate: Security update for Linux kernel Message-ID: <20121220000824.9D6613216D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1679-1 Rating: moderate References: #705551 #708296 #722560 #723776 #725152 #725355 #730660 #731739 #739728 #741814 #744692 #748896 #752067 #752544 #754898 #760833 #762158 #762214 #762259 #763628 #763654 #763858 #763954 #766410 #766654 #767469 #767610 #769251 #772427 #772454 #772483 #773267 #773383 #773699 #773831 #774500 #774523 #774612 #774859 #774964 #775394 #775577 #776044 #776081 #776127 #776144 #777024 #777283 #778334 #778630 #779294 #779462 #779699 #779750 #779969 #780008 #780012 #780216 #780461 #780876 #781018 #781327 #781484 #781574 #782369 #783965 #784192 #784334 #784576 #785100 #785496 #785554 #785851 #786976 #787168 #787202 #787821 #787848 #788277 #788452 #789010 #789235 #789703 #789836 #789993 #790457 #790498 #790920 #790935 #791498 #791853 Cross-References: CVE-2012-1601 CVE-2012-2372 CVE-2012-3412 CVE-2012-3430 CVE-2012-4461 CVE-2012-4508 CVE-2012-5517 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 84 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements: * The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. * The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. * The tipc kernel module is now externally supported (FATE#305033). * Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. * Intel Lynx Point PCH chipset support was added. (FATE#313409) * Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed: * CVE-2012-5517: A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. * CVE-2012-4461: A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. * CVE-2012-1601: The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. * CVE-2012-2372: Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. * CVE-2012-4508: Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file will get exposed to anyone with read access to the file. * CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. * CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. The following non-security issues have been fixed: BTRFS: * btrfs: fix double mntput() in mount_subvol(). * btrfs: use common work instead of delayed work * btrfs: limit fallocate extent reservation to 256MB * btrfs: fix a double free on pending snapshots in error handling * btrfs: Do not trust the superblock label and simply printk("%s") it * patches.suse/btrfs-update-message-levels.patch: Refresh. * patches.suse/btrfs-enospc-debugging-messages.patch: Minor updates. * patches.suse/btrfs-update-message-levels.patch: Minor updates. * btrfs: continue after abort during snapshot drop (bnc#752067). * btrfs: Return EINVAL when length to trim is less than FSB. * btrfs: fix unnecessary while loop when search the free space, cache. * btrfs: Use btrfs_update_inode_fallback when creating a snapshot. * btrfs: do not bug when we fail to commit the transaction. * btrfs: fill the global reserve when unpinning space. * btrfs: do not allow degraded mount if too many devices are missing. * patches.suse/btrfs-8112-resume-balance-on-rw-re-mounts-prope rly.patch: fix mismerge. * btrfs: do not allocate chunks as agressively. * btrfs: btrfs_drop_extent_cache should never fail. * btrfs: fix full backref problem when inserting shared block reference. * btrfs: wait on async pages when shrinking delalloc. * btrfs: remove bytes argument from do_chunk_alloc. * btrfs: cleanup of error processing in btree_get_extent(). * btrfs: remove unnecessary code in btree_get_extent(). * btrfs: kill obsolete arguments in btrfs_wait_ordered_extents. * btrfs: do not do anything in our ->freeze_fs and ->unfreeze_fs. * btrfs: do not async metadata csumming in certain situations. * btrfs: do not hold the file extent leaf locked when adding extent item. * btrfs: cache extent state when writing out dirty metadata pages. * btrfs: do not lookup csums for prealloc extents. * btrfs: be smarter about dropping things from the tree log. * btrfs: confirmation of value is added before trace_btrfs_get_extent() is called. * btrfs: make filesystem read-only when submitting barrier fails. * btrfs: cleanup pages properly when ENOMEM in compression. * btrfs: do not bug on enomem in readpage. * btrfs: do not warn_on when we cannot alloc a page for an extent buffer. * btrfs: enospc debugging messages. S/390: * smsgiucv: reestablish IUCV path after resume (bnc#786976,LTC#86245). * dasd: move wake_up call (bnc#786976,LTC#86252). * kernel: fix get_user_pages_fast() page table walk (bnc#786976,LTC#86307). * qeth: Fix IPA_CMD_QIPASSIST return code handling (bnc#785851,LTC#86101). * mm: Fix XFS oops due to dirty pages without buffers on s390 (bnc#762259). * zfcp: only access zfcp_scsi_dev for valid scsi_device (bnc#781484,LTC#85285). * dasd: check count address during online setting (bnc#781484,LTC#85346). * hugetlbfs: fix deadlock in unmap_hugepage_range() (bnc#781484,LTC#85449). * kernel: make user-access pagetable walk code huge page aware (bnc#781484,LTC#85455). * hugetlbfs: add missing TLB invalidation (bnc#781484,LTC#85463). * zfcp: fix adapter (re)open recovery while link to SAN is down (bnc#789010,LTC#86283). * qeth: set new mac even if old mac is gone (bnc#789010,LTC#86643). * qdio: fix kernel panic for zfcp 31-bit (bnc#789010,LTC#86623). * crypto: msgType50 (RSA-CRT) Fix (bnc#789010,LTC#86378). DRM: * drm/915: Update references, fixed a missing patch chunk (bnc#725355). * drm/dp: Document DP spec versions for various DPCD registers (bnc#780461). * drm/dp: Make sink count DP 1.2 aware (bnc#780461). * DRM/i915: Restore sdvo_flags after dtd->mode->dtd Roundrtrip (bnc#775577). * DRM/i915: Do not clone SDVO LVDS with analog (bnc#766410). * DRM/radeon: For single CRTC GPUs move handling of CRTC_CRT_ON to crtc_dpms() (bnc#725152). * DRM/Radeon: Fix TV DAC Load Detection for single CRTC chips (bnc#725152). * DRM/Radeon: Clean up code in TV DAC load detection (bnc#725152). * DRM/Radeon: On DVI-I use Load Detection when EDID is bogus (bnc#725152). * DRM/Radeon: Fix primary DAC Load Detection for RV100 chips (bnc#725152). * DRM/Radeon: Fix Load Detection on legacy primary DAC (bnc#725152). * drm/i915: enable plain RC6 on Sandy Bridge by default (bnc#725355). Hyper-V: * Hyper-V KVP IP injection (fate#31441): * drivers: net: Remove casts to same type. * drivers: hv: remove IRQF_SAMPLE_RANDOM which is now a no-op. * hyperv: Move wait completion msg code into rndis_filter_halt_device(). * hyperv: Add comments for the extended buffer after RNDIS message. * Drivers: hv: Cleanup the guest ID computation. * Drivers: hv: vmbus: Use the standard format string to format GUIDs. * Drivers: hv: Add KVP definitions for IP address injection. * Drivers: hv: kvp: Cleanup error handling in KVP. * Drivers: hv: kvp: Support the new IP injection messages. * Tools: hv: Prepare to expand kvp_get_ip_address() functionality. * Tools: hv: Further refactor kvp_get_ip_address(). * Tools: hv: Gather address family information. * Tools: hv: Gather subnet information. * Tools: hv: Represent the ipv6 mask using CIDR notation. * Tools: hv: Gather ipv[4,6] gateway information. * hv: fail the probing immediately when we are not in hyperv platform. * hv: vmbus_drv: detect hyperv through x86_hyper. * Tools: hv: Get rid of some unused variables. * Tools: hv: Correctly type string variables. * Tools: hv: Add an example script to retrieve DNS entries. * Tools: hv: Gather DNS information. * Drivers: hv: kvp: Copy the address family information. * Tools: hv: Add an example script to retrieve dhcp state. * Tools: hv: Gather DHCP information. * Tools: hv: Add an example script to configure an interface. * Tools: hv: Implement the KVP verb - KVP_OP_SET_IP_INFO. * Tools: hv: Rename the function kvp_get_ip_address(). * Tools: hv: Implement the KVP verb - KVP_OP_GET_IP_INFO. * tools/hv: Fix file handle leak. * tools/hv: Fix exit() error code. * tools/hv: Check for read/write errors. * tools/hv: Parse /etc/os-release. * hyperv: Fix the max_xfer_size in RNDIS initialization. * hyperv: Fix the missing return value in rndis_filter_set_packet_filter(). * hyperv: Fix page buffer handling in rndis_filter_send_request(). * hyperv: Remove extra allocated space for recv_pkt_list elements. * hyperv: Report actual status in receive completion packet. * hyperv: Add buffer for extended info after the RNDIS response message. Other: * net: prevent NULL dereference in check_peer_redir() (bnc#776044 bnc#784576). * patches.fixes/mm-hotplug-correctly-add-zone-to-other-nodes-l ist.patch: Refresh. * igb: fix recent VLAN changes that would leave VLANs disabled after reset (bnc#787168). * md: Change goto target to avoid pointless bug messages in normal error cases. (bnc#787848) * intel_idle: IVB support (fate#313719). * x86 cpufreq: Do not complain on missing cpufreq tables on ProLiants (bnc#787202). * hpilo: remove pci_disable_device (bnc#752544). * ixgbe: Address fact that RSC was not setting GSO size for incoming frames (bnc#776144). * hv: Cleanup error handling in vmbus_open(). * [SCSI] storvsc: Account for in-transit packets in the RESET path. * sg: remove sg_mutex. (bnc#785496) * perf: Do no try to schedule task events if there are none (bnc#781574). * perf: Do not set task_ctx pointer in cpuctx if there are no events in the context (bnc#781574). * mm: swap: Implement generic handlers for swap-related address ops fix. (bnc#778334) * hpwdt: Only BYTE reads/writes to WD Timer port 0x72. * xenbus: fix overflow check in xenbus_dev_write(). * xen/x86: do not corrupt %eip when returning from a signal handler. * Update Xen patches to 3.0.46. * Update Xen patches to 3.0.51. * mm: Check if PTE is already allocated during page fault. * rpm/kernel-binary.spec.in: Revert f266e647f to allow building with icecream again, as patches.rpmify/kbuild-fix-gcc-x-syntax.patch is a real fix now. * ipmi: decrease the IPMI message transaction time in interrupt mode (bnc#763654). * ipmi: simplify locking (bnc#763654). * ipmi: use a tasklet for handling received messages (bnc#763654). * cxgb3: Set vlan_feature on net_device (bnc#776127, LTC#84260). * qlge: Add offload features to vlan interfaces (bnc#776081,LTC#84322). * mlx4_en: Added missing iounmap upon releasing a device (bnc#774964,LTC#82768). * mlx4: allow device removal by fixing dma unmap size (bnc#774964,LTC#82768). * qeth: fix deadlock between recovery and bonding driver (bnc#785100,LTC#85905). * SCSI st: add st_nowait_eof param to module (bnc#775394). * patches.fixes/sched-fix-migration-thread-accounting-woes.pat ch: Update references (bnc#773699, bnc#769251). * memcg: oom: fix totalpages calculation for swappiness==0 (bnc#783965). * fs: cachefiles: add support for large files in filesystem caching (FATE#312793, bnc#782369). * mm/mempolicy.c: use enum value MPOL_REBIND_ONCE in mpol_rebind_policy(). * mm, mempolicy: fix mbind() to do synchronous migration. * revert "mm: mempolicy: Let vma_merge and vma_split handle vma->vm_policy linkages". * mempolicy: fix a race in shared_policy_replace(). * mempolicy: fix refcount leak in mpol_set_shared_policy(). * mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma(). * mempolicy: remove mempolicy sharing. Memory policy enhancements for robustness against fuzz attacks and force mbind to use synchronous migration. * Update scsi_dh_alua to mainline version (bnc#708296, bnc#784334): o scsi_dh_alua: Enable STPG for unavailable ports o scsi_dh_alua: Re-enable STPG for unavailable ports o scsi_dh_alua: backoff alua rtpg retry linearly vs. geometrically o scsi_dh_alua: implement implied transition timeout o scsi_dh_alua: retry alua rtpg extended header for illegal request response * Revert removal of ACPI procfs entries (bnc#777283). * x86: Clear HPET configuration registers on startup (bnc#748896). * mlx4: Fixed build warning, update references (bnc#774500,LTC#83966). * xen/frontends: handle backend CLOSED without CLOSING. * xen/pciback: properly clean up after calling pcistub_device_find(). * xen/netfront: add netconsole support (bnc#763858 fate#313830). * netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments (bnc#779750). * ipv6, xfrm: use conntrack-reassembled packet for policy lookup (bnc#780216). * inetpeer: add namespace support for inetpeer (bnc#779969). * inetpeer: add parameter net for inet_getpeer_v4,v6 (bnc#779969). * inetpeer: make unused_peers list per-netns (bnc#779969). * kABI: use net_generic to protect struct netns_ipv{4,6} (bnc#779969). * patches.rpmify/kbuild-fix-gcc-x-syntax.patch: kbuild: Fix gcc -x syntax (bnc#773831). * patches.suse/supported-flag: Re-enabled warning on unsupported module loading. * nbd: clear waiting_queue on shutdown (bnc#778630). * nohz: fix idle ticks in cpu summary line of /proc/stat (follow up fix for bnc#767469, bnc#705551). * fix TAINT_NO_SUPPORT handling on module load. * NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate (bnc#780008). * svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping (bnc at 779462). * net: do not disable sg for packets requiring no checksum (bnc#774859). * sfc: prevent extreme TSO parameters from stalling TX queues (bnc#774523 CVE-2012-3412). * X86 MCE: Fix correct ring/severity identification in V86 case (bnc#773267). * scsi_dh_rdac: Add a new netapp vendor/product string (bnc#772483). * scsi_dh_rdac : Consolidate rdac strings together (bnc#772483). * scsi_dh_rdac : minor return fix for rdac (bnc#772483). * dh_rdac: Associate HBA and storage in rdac_controller to support partitions in storage (bnc#772454). * scsi_dh_rdac: Fix error path (bnc#772454). * scsi_dh_rdac: Fix for unbalanced reference count (bnc#772454). * sd: Ensure we correctly disable devices with unknown protection type (bnc#780876). * netfilter: ipset: timeout can be modified for already added elements (bnc#790457). * netfilter: ipset: fix adding ranges to hash types (bnc#790498). * workqueue: exit rescuer_thread() as TASK_RUNNING (bnc#789993). * xhci: Add Lynx Point LP to list of Intel switchable hosts (bnc#791853). * tg3: Introduce separate functions to allocate/free RX/TX rings (bnc#785554). * net-next: Add netif_get_num_default_rss_queues (bnc#785554). * tg3: set maximal number of default RSS queues (bnc#785554). * tg3: Allow number of rx and tx rings to be set independently (bnc#785554). * tg3: Separate coalescing setup for rx and tx (bnc#785554). * tg3: Refactor tg3_open() (bnc#785554). * tg3: Refactor tg3_close() (bnc#785554). * tg3: Add support for ethtool -L|-l to get/set the number of rings (bnc#785554). * tg3: Disable multiple TX rings by default due to hardware flaw (bnc#785554). * x86, microcode, AMD: Add support for family 16h processors (bnc#791498,fate#314145). * scsi_remove_target: fix softlockup regression on hot remove (bnc#789836). * autofs4: allow autofs to work outside the initial PID namespace (bnc#779294). * autofs4: translate pids to the right namespace for the daemon (bnc#779294). * vfs: dont chain pipe/anon/socket on superblock s_inodes list (bnc#789703) * reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). * reiserfs: fix double-lock while chowning setuid file w/ xattrs (bnc#790920). * ALSA: hda - Fix SSYNC register value for non-Intel controllers (fate#313409,bnc#760833). * ALSA: hda: option to enable arbitrary buffer/period sizes (fate#313409,bnc#760833). * ALSA: hda - Fix buffer-alignment regression with Nvidia HDMI (fate#313409,bnc#760833). * ALSA: hda - explicitly set buffer-align flag for Nvidia controllers (fate#313409,bnc#760833). * ALSA: hda - Add Lynx Point HD Audio Controller DeviceIDs (fate#313409,bnc#760833). * ALSA: hda_intel: Add Device IDs for Intel Lynx Point-LP PCH (fate#313409,bnc#760833). * USB: OHCI: workaround for hardware bug: retired TDs not added to the Done Queue (bnc#762158). * watchdog: iTCO_wdt: clean-up PCI device IDs (fate#313409, bnc#760833). * watchdog: iTCO_wdt: add Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). * ahci: AHCI-mode SATA patch for Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). * ata_piix: IDE-mode SATA patch for Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). * i2c-i801: Add device IDs for Intel Lynx Point (fate#313409, bnc#760833). * jbd: Fix lock ordering bug in journal_unmap_buffer() (bnc#790935). * usb: host: xhci: Fix Compliance Mode on SN65LVPE502CP Hardware (bnc#788277). * usb: host: xhci: Fix Null pointer dereferencing with 71c731a for non-x86 systems (bnc#788277). * Do not remove fillup from the buildsystem (bnc#781327) * ibmvfc: Fix double completion on abort timeout (bnc#788452) * ibmvfc: Ignore fabric RSCNs when link is dead (bnc#788452). * fs: only send IPI to invalidate LRU BH when needed (bnc#763628 bnc#744692). * smp: add func to IPI cpus based on parameter func (bnc#763628 bnc#744692). * smp: introduce a generic on_each_cpu_mask() function (bnc#763628 bnc#744692). Security Issue references: * CVE-2012-1601 * CVE-2012-2372 * CVE-2012-3412 * CVE-2012-3430 * CVE-2012-4461 * CVE-2012-5517 * CVE-2012-4508 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7123 slessp2-kernel-7127 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7123 slessp2-kernel-7124 slessp2-kernel-7125 slessp2-kernel-7127 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7123 sleshasp2-kernel-7124 sleshasp2-kernel-7125 sleshasp2-kernel-7127 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7123 sledsp2-kernel-7127 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.51]: kernel-default-3.0.51-0.7.9.1 kernel-default-base-3.0.51-0.7.9.1 kernel-default-devel-3.0.51-0.7.9.1 kernel-source-3.0.51-0.7.9.1 kernel-syms-3.0.51-0.7.9.1 kernel-trace-3.0.51-0.7.9.1 kernel-trace-base-3.0.51-0.7.9.1 kernel-trace-devel-3.0.51-0.7.9.1 kernel-xen-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.51]: kernel-pae-3.0.51-0.7.9.1 kernel-pae-base-3.0.51-0.7.9.1 kernel-pae-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 x86_64) [New Version: 3.0.51]: kernel-default-3.0.51-0.7.9.1 kernel-default-base-3.0.51-0.7.9.1 kernel-default-devel-3.0.51-0.7.9.1 kernel-source-3.0.51-0.7.9.1 kernel-syms-3.0.51-0.7.9.1 kernel-trace-3.0.51-0.7.9.1 kernel-trace-base-3.0.51-0.7.9.1 kernel-trace-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.51]: kernel-ec2-3.0.51-0.7.9.1 kernel-ec2-base-3.0.51-0.7.9.1 kernel-ec2-devel-3.0.51-0.7.9.1 kernel-xen-3.0.51-0.7.9.1 kernel-xen-base-3.0.51-0.7.9.1 kernel-xen-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.51]: kernel-ppc64-3.0.51-0.7.9.1 kernel-ppc64-base-3.0.51-0.7.9.1 kernel-ppc64-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.51]: kernel-pae-3.0.51-0.7.9.1 kernel-pae-base-3.0.51-0.7.9.1 kernel-pae-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 x86_64): cluster-network-kmp-default-1.4_3.0.51_0.7.9-2.18.12 cluster-network-kmp-trace-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-default-2_3.0.51_0.7.9-0.7.47 gfs2-kmp-trace-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-default-1.6_3.0.51_0.7.9-0.11.11 ocfs2-kmp-trace-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-xen-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-xen-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-ppc64-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-ppc64-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-pae-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-pae-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.51]: kernel-default-3.0.51-0.7.9.1 kernel-default-base-3.0.51-0.7.9.1 kernel-default-devel-3.0.51-0.7.9.1 kernel-default-extra-3.0.51-0.7.9.1 kernel-source-3.0.51-0.7.9.1 kernel-syms-3.0.51-0.7.9.1 kernel-trace-3.0.51-0.7.9.1 kernel-trace-base-3.0.51-0.7.9.1 kernel-trace-devel-3.0.51-0.7.9.1 kernel-trace-extra-3.0.51-0.7.9.1 kernel-xen-3.0.51-0.7.9.1 kernel-xen-base-3.0.51-0.7.9.1 kernel-xen-devel-3.0.51-0.7.9.1 kernel-xen-extra-3.0.51-0.7.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.51]: kernel-pae-3.0.51-0.7.9.1 kernel-pae-base-3.0.51-0.7.9.1 kernel-pae-devel-3.0.51-0.7.9.1 kernel-pae-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64): ext4-writeable-kmp-default-0_3.0.51_0.7.9-0.14.28 ext4-writeable-kmp-trace-0_3.0.51_0.7.9-0.14.28 kernel-default-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.51_0.7.9-0.14.28 kernel-xen-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.51_0.7.9-0.14.28 kernel-ppc64-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.51_0.7.9-0.14.28 kernel-pae-extra-3.0.51-0.7.9.1 References: http://support.novell.com/security/cve/CVE-2012-1601.html http://support.novell.com/security/cve/CVE-2012-2372.html http://support.novell.com/security/cve/CVE-2012-3412.html http://support.novell.com/security/cve/CVE-2012-3430.html http://support.novell.com/security/cve/CVE-2012-4461.html http://support.novell.com/security/cve/CVE-2012-4508.html http://support.novell.com/security/cve/CVE-2012-5517.html https://bugzilla.novell.com/705551 https://bugzilla.novell.com/708296 https://bugzilla.novell.com/722560 https://bugzilla.novell.com/723776 https://bugzilla.novell.com/725152 https://bugzilla.novell.com/725355 https://bugzilla.novell.com/730660 https://bugzilla.novell.com/731739 https://bugzilla.novell.com/739728 https://bugzilla.novell.com/741814 https://bugzilla.novell.com/744692 https://bugzilla.novell.com/748896 https://bugzilla.novell.com/752067 https://bugzilla.novell.com/752544 https://bugzilla.novell.com/754898 https://bugzilla.novell.com/760833 https://bugzilla.novell.com/762158 https://bugzilla.novell.com/762214 https://bugzilla.novell.com/762259 https://bugzilla.novell.com/763628 https://bugzilla.novell.com/763654 https://bugzilla.novell.com/763858 https://bugzilla.novell.com/763954 https://bugzilla.novell.com/766410 https://bugzilla.novell.com/766654 https://bugzilla.novell.com/767469 https://bugzilla.novell.com/767610 https://bugzilla.novell.com/769251 https://bugzilla.novell.com/772427 https://bugzilla.novell.com/772454 https://bugzilla.novell.com/772483 https://bugzilla.novell.com/773267 https://bugzilla.novell.com/773383 https://bugzilla.novell.com/773699 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/774500 https://bugzilla.novell.com/774523 https://bugzilla.novell.com/774612 https://bugzilla.novell.com/774859 https://bugzilla.novell.com/774964 https://bugzilla.novell.com/775394 https://bugzilla.novell.com/775577 https://bugzilla.novell.com/776044 https://bugzilla.novell.com/776081 https://bugzilla.novell.com/776127 https://bugzilla.novell.com/776144 https://bugzilla.novell.com/777024 https://bugzilla.novell.com/777283 https://bugzilla.novell.com/778334 https://bugzilla.novell.com/778630 https://bugzilla.novell.com/779294 https://bugzilla.novell.com/779462 https://bugzilla.novell.com/779699 https://bugzilla.novell.com/779750 https://bugzilla.novell.com/779969 https://bugzilla.novell.com/780008 https://bugzilla.novell.com/780012 https://bugzilla.novell.com/780216 https://bugzilla.novell.com/780461 https://bugzilla.novell.com/780876 https://bugzilla.novell.com/781018 https://bugzilla.novell.com/781327 https://bugzilla.novell.com/781484 https://bugzilla.novell.com/781574 https://bugzilla.novell.com/782369 https://bugzilla.novell.com/783965 https://bugzilla.novell.com/784192 https://bugzilla.novell.com/784334 https://bugzilla.novell.com/784576 https://bugzilla.novell.com/785100 https://bugzilla.novell.com/785496 https://bugzilla.novell.com/785554 https://bugzilla.novell.com/785851 https://bugzilla.novell.com/786976 https://bugzilla.novell.com/787168 https://bugzilla.novell.com/787202 https://bugzilla.novell.com/787821 https://bugzilla.novell.com/787848 https://bugzilla.novell.com/788277 https://bugzilla.novell.com/788452 https://bugzilla.novell.com/789010 https://bugzilla.novell.com/789235 https://bugzilla.novell.com/789703 https://bugzilla.novell.com/789836 https://bugzilla.novell.com/789993 https://bugzilla.novell.com/790457 https://bugzilla.novell.com/790498 https://bugzilla.novell.com/790920 https://bugzilla.novell.com/790935 https://bugzilla.novell.com/791498 https://bugzilla.novell.com/791853 http://download.novell.com/patch/finder/?keywords=04916b40a174e136e84bd6bf146087b4 http://download.novell.com/patch/finder/?keywords=18b577ef642d4139c38be698b463eb5f http://download.novell.com/patch/finder/?keywords=4b267bc55902aa5c7ac3045e90addc0a http://download.novell.com/patch/finder/?keywords=60ae57a921e812799992d7e2cdb10be2 http://download.novell.com/patch/finder/?keywords=86bed550f5d8ade87da027c780377d92 http://download.novell.com/patch/finder/?keywords=96d3f57b021d0513268039a847f1bbad http://download.novell.com/patch/finder/?keywords=c1acdbd1c386e0806d555bd2e8270957 http://download.novell.com/patch/finder/?keywords=d68b7b15a93ce00198155abc1df29bc6 From sle-updates at lists.suse.com Wed Dec 19 17:08:44 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Dec 2012 01:08:44 +0100 (CET) Subject: SUSE-OU-2012:1680-1: Optional update for ipset Message-ID: <20121220000844.B80B632174@maintenance.suse.de> SUSE Optional Update: Optional update for ipset ______________________________________________________________________________ Announcement ID: SUSE-OU-2012:1680-1 Rating: low References: #788137 #790521 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update provides ipset, which is a utility for administering IP sets. Depending on the type, an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. ipset can: * store multiple IP addresses or port numbers and match against the collection by iptables at one swoop * dynamically update iptables rules against IP addresses or ports without performance penalty * express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets. Indications: Every interested user can install these packages. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ipset-libmnl-7113 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ipset-libmnl-7113 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ipset-libmnl-7113 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ipset-devel-6.12-0.7.7.1 libmnl-devel-1.0.3-0.5.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ipset-6.12-0.7.7.1 libipset2-6.12-0.7.7.1 libmnl0-1.0.3-0.5.4 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ipset-6.12-0.7.7.1 libipset2-6.12-0.7.7.1 libmnl0-1.0.3-0.5.4 References: https://bugzilla.novell.com/788137 https://bugzilla.novell.com/790521 http://download.novell.com/patch/finder/?keywords=e6678ef3c5d45fbff03cfca2d79ecf43 From sle-updates at lists.suse.com Fri Dec 21 09:08:36 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Dec 2012 17:08:36 +0100 (CET) Subject: SUSE-SU-2012:1683-1: Security update for libproxy Message-ID: <20121221160836.530D53216F@maintenance.suse.de> SUSE Security Update: Security update for libproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1683-1 Rating: low References: #761626 #784523 Cross-References: CVE-2012-4505 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libproxy fixes a heap-based buffer overflow that could have allowed remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request (CVE-2012-4505). Additionally, it fixes parsing of the $no_proxy environment variable when it contains more than one URL separated by white-spaces. Security Issue reference: * CVE-2012-4505 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libproxy-7092 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libproxy-7092 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libproxy-7092 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libproxy-7092 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libproxy-devel-0.3.1-2.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libproxy0-0.3.1-2.6.1 libproxy0-config-gnome-0.3.1-2.6.3 libproxy0-config-kde4-0.3.1-2.6.3 libproxy0-networkmanager-0.3.1-2.6.3 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libproxy0-32bit-0.3.1-2.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libproxy0-0.3.1-2.6.1 libproxy0-config-gnome-0.3.1-2.6.3 libproxy0-config-kde4-0.3.1-2.6.3 libproxy0-networkmanager-0.3.1-2.6.3 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libproxy0-32bit-0.3.1-2.6.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libproxy0-x86-0.3.1-2.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libproxy0-0.3.1-2.6.1 libproxy0-config-gnome-0.3.1-2.6.3 libproxy0-config-kde4-0.3.1-2.6.3 libproxy0-networkmanager-0.3.1-2.6.3 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libproxy0-32bit-0.3.1-2.6.1 libproxy0-config-gnome-32bit-0.3.1-2.6.3 libproxy0-networkmanager-32bit-0.3.1-2.6.3 References: http://support.novell.com/security/cve/CVE-2012-4505.html https://bugzilla.novell.com/761626 https://bugzilla.novell.com/784523 http://download.novell.com/patch/finder/?keywords=d0726c9cb57f5519861776d61fc3891c From sle-updates at lists.suse.com Fri Dec 21 14:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Dec 2012 22:08:31 +0100 (CET) Subject: SUSE-RU-2012:1684-1: Recommended update for Samba Message-ID: <20121221210831.56E0132167@maintenance.suse.de> SUSE Recommended Update: Recommended update for Samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1684-1 Rating: low References: #769957 #770056 #770262 #771516 #779269 #783719 #787983 #788159 #790741 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This collective update to Samba includes the following fixes and improvements: * ACL masks incorrectly applied when setting ACLs (bso#9236) * s3-kerberos: also try with AES keys, when decrypting tickets (bso#9272) * lib/replace: replace all *printf function if we replace snprintf (bso#9390) * lib/addns: don't depend on the order in resp->answers[] (bso#9402) * s4:torture/smb2: improve the smb2.create.blob test (bso#9209) * lib/krb5_wrap: request enc_types in the correct order (bso#9272) * Fix net ads join message for the dns domain (bso#9326) * docs-xml: fix use of tag (bso#9345) * s3-aio_pthread: Optimize aio_pthread_handle_completion (bso#9359) * s3:winbind: Failover if netlogon pipe is not available (bso#9386) * Ensure adding the winbind group never can fail * Create ntadmin group only if it doesn't yet exist * quota: Don't force the block size to 512 (bso#3272) * Fix poll replacement to become a msleep replacement (bso#8107) * Fix wrong test == syntax in configure (bso#8146) * Fix --with(out)-sendfile-support option handling in autoconf (bso#8344) * Fix builtin forms order to match Windows again (bso#8632) * Fix RAW printing for normal users (bso#8769, bnc#790741) * Initialise ticket to ensure we do not invalid memory (bso#8788) * Fix 'net rpc share allowedusers' to work with 2008r2 (bso#8966) * Fix crash on null pam change pw response (bso#9013) * Connection to outbound trusted domain goes offline (bso#9016) * Increase debug level for info that the db is empty (bso#9112) * 'smbclient' can't connect to a Windows 7 server using NTLMv2 (bso#9117) * Winbind can't fetch user or group info from AD via LDAP (bso#9147) * Open printers with the right access mask (bso#9154) * Remove non-existent option '-Y' from winbindd manpage (bso#9171) * Add quota support for gfs2 (bso#9172) * Make SMB2 compound request create/delete_on_close/close work as Windows (bso#9173) * Empty SPNEGO packet can cause smbd to crash (bso#9174) * pam_winbind: Match more return codes when wbcGetPwnam has failed (bso#9177) * Fix crash bug in idmap_hash (bso#9188, bnc#788159) * SMB2 Create doesn't return correct MAX ACCESS access mask in blob (bso#9189) * Fix service control for non-internal services (bso#9192) * Don't take 'state->te' as indication for "was_deferred" (bso#9196) * Parse of invalid SMB2 create blob can cause smbd crash (bso#9209) * Bad ASN.1 NegTokenInit packet can cause invalid free (bso#9213) * Fix segfault in smbd if user specified ports out for range (bso#9218) * Signing cannot be disabled for SMB2 by design, so fix the documentation instead (bso#9222) * Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry (bso#9231) * When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries (bso#9236) * lib-addns: ensure that allocated buffer are pre set to 0 (bso#9259) * Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart (bso#9268) * Add support for reloading systemd services (bso#9280) * Warn via the smbd log if AppArmor and "wide links" are in use (bnc#783719) * Backport FSCTL codes and fix segfault in smbstatus from master (bso#9058) * Fix bad call to memcpy source3/registry/regfio.c (bso#9065) * "Domain Users" incorrectly added as additional group on domain members (bso#9066) * Use correct RID for "Domain Guests" primary group (bso#9067) * Fix crash bug in smbd caused by a blocking lock followed by close (bso#9084) * Fix smbclient/tarmode panic when connecting to Windows 2000 clients (bso#9088) * Fix refreshing of Kerberos tickets in Winbind (bso#9098) * Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors (bso#9104) * Fix compilation with newer MIT Kerberos which hides internal symbols (bso#9111) * Fix flooding the logs with records we don't find in pcap (bso#9112) * Initialize the print backend after we setup winreg (bso#9122) * Fix lprng job tracking errors (bso#9123) * Fix setting of "inherited" bit on inherited ACE's (bso#9124) * Fix Winbind panic if we couldn't find the domain (bso#9135) * Make 'smbclient allinfo' show the snapshot list (bso#9137) * Fix nfs quota support with Linux nfs4 mounts (bso#9144) * Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests (bso#9150) * NMB registration for a duplicate workstation fails with registration refuse (bso#9085, bnc#770056) * Correct documentation of "case sensitive" (bso#8552) * Printing fails in function cups_job_submit (bso#8719) * Fix kernel oplocks when uid(file) != uid(process) (bso#8974) * Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set (bso#8989) * Fix build without ads support (bso#8996) * Don't turn negative cache entries into valid idmappings (bso#9002) * Fix posix acl on gpfs (bso#9003) * Make vfs_gpfs less verbose in get/set_xattr functions (bso#9022) * Fix migrating printers while upgrading from 3.5.x (bso#9026) * Fix typo in set_re_uid() call when USE_SETRESUID selected in configure (bso#9034) * Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead of NT_STATUS_FILE_LOCK_CONFLICT (bso#9040) * Fix resolving our own "Domain Local" groups (bso#9052, bnc#779269) * Fix build against CUPS 1.6 (bso#9055) * Fix bugs in SMB2 credit handling code (bso#9057) * rpcclient: Fix bad call to data_blob_const (bso#9062) * BuildRequire gcc, make, and patch (bnc#771516) * ndr: fix push/pull DATA_BLOB with NDR_NOALIGN (bso#9026, bnc#770262) * Fix shell syntax in dhcpcd hook script (bnc#769957) * resolve_ads() code can return zero addresses and miss valid DC IP addresses (bso#8910) * Can't join XP Pro workstations to 3.6.1 DC (bso#8373, bnc#787983) * winbind can hang as nbt_getdc() has no timeout (bso#8953) * Fix crash bug in dns_create_probe when dns_create_update fails (bso#8627) * s3-pid: Catch with pid filename's change when config file is not smb.conf (bso#8714) * Possible memory leaks in the main Samba process (bso#8970) * Treat exit_server_cleanly() as a "clean" shutdown (bso#8971) * Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute() (bso#8988) * Winzip occasionally can not read files out of an open winzip dialog (bso#8311) * s3-winbindd: call dump_core_setup after command line option has been parsed (bso#8975) * Directory group write permission bit is set if unix extensions are enabled (bso#8972) * s3: remove dependency on automake for "make everything" (bso#8978) * sd_has_inheritable_components segfaults on an SD that se_access_check accepts (bso#8811) * smbclient's tarmode insists on listing excluded directories (bso#8922) * Notify code can miss a ChDir (bso#8998) * s3:smbd: add a fsp_persistent_id() function (bso#8995) * s3: Fix a segfault with debug level 3 on Solaris (bso#8861) * s3: wbinfo --lookup-sids "" crashes winbind (bso#8904) * smbd crashes when deleting directory and veto files are enabled (bso#8837) * winbind_krb5_locator only returns one IP address (bso#8897) * Wrong assertion/comparison: Compare value not pointer (bso#8859) * Inconsistent (with manpage) command-line switch for "help" in smbtree (bso#8831) * Setting traverse rights fails to enable directory traversal when acl_xattr in use (bso#8857) * Syslog broken owing to mistyping of debug_settings.syslog (bso#8877) * s3/ldap: remove outdated netscape ds 5 schema file (bso#8869) * s3-docs: fixes several typos (bso#7938) * s3-VFS: Fix building out-of-tree modules (bso#8822) * s3-docs: Add hint that setting "profile acls = yes" on normal shares can cause trouble (bso#7930) * s3-pam_winbind: Fix the build with a newer iniparser library (bso#8915) * Avoid null dereference in initialize_password_db() (bso#8920) * s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend * s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs * s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler() * s3:registry: multiple cleanups, fixes, and optimisations * s3:auth/server_info: the primary rid should be in the groups rid array (bso#8798) * s3-printing: Add new printers to registry (bso#8554, bso#8612, bso#8748) * Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it (bso#8945) * s3-auth: Don't lookup the system user in pdb (bso#8944) * s3-passdb: Fix negative SID->uid/gid cache handling (bso#8952) * Fix typo in pam_winbindd code (bso#8957) * Fix remove_duplicate_addrs2 previously it could leave zero addresses in the list (bso#8910) * Slow but responsive DC can lock up winbindd (bso#8943) * Broken processing of %U with vfs_full_audit when force user is set (bso#8882) * Fix lsa_LookupSids3 and lsa_LookupNames4 arguments. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cifs-mount-7087 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cifs-mount-7087 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cifs-mount-7087 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cifs-mount-7087 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.28.1 libnetapi-devel-3.6.3-0.28.1 libnetapi0-3.6.3-0.28.1 libsmbclient-devel-3.6.3-0.28.1 libsmbsharemodes-devel-3.6.3-0.28.1 libsmbsharemodes0-3.6.3-0.28.1 libtalloc-devel-3.6.3-0.28.1 libtdb-devel-3.6.3-0.28.1 libtevent-devel-3.6.3-0.28.1 libwbclient-devel-3.6.3-0.28.1 samba-devel-3.6.3-0.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.28.1 libldb1-3.6.3-0.28.1 libsmbclient0-3.6.3-0.28.1 libtalloc1-3.4.3-1.42.6 libtalloc2-3.6.3-0.28.1 libtdb1-3.6.3-0.28.1 libtevent0-3.6.3-0.28.1 libwbclient0-3.6.3-0.28.1 samba-3.6.3-0.28.1 samba-client-3.6.3-0.28.1 samba-krb-printing-3.6.3-0.28.1 samba-winbind-3.6.3-0.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.28.1 libtalloc1-32bit-3.4.3-1.42.6 libtalloc2-32bit-3.6.3-0.28.1 libtdb1-32bit-3.6.3-0.28.1 libwbclient0-32bit-3.6.3-0.28.1 samba-32bit-3.6.3-0.28.1 samba-client-32bit-3.6.3-0.28.1 samba-winbind-32bit-3.6.3-0.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.28.1 libldb1-3.6.3-0.28.1 libsmbclient0-3.6.3-0.28.1 libtalloc1-3.4.3-1.42.6 libtalloc2-3.6.3-0.28.1 libtdb1-3.6.3-0.28.1 libtevent0-3.6.3-0.28.1 libwbclient0-3.6.3-0.28.1 samba-3.6.3-0.28.1 samba-client-3.6.3-0.28.1 samba-krb-printing-3.6.3-0.28.1 samba-winbind-3.6.3-0.28.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.28.1 libtalloc1-32bit-3.4.3-1.42.6 libtalloc2-32bit-3.6.3-0.28.1 libtdb1-32bit-3.6.3-0.28.1 libwbclient0-32bit-3.6.3-0.28.1 samba-32bit-3.6.3-0.28.1 samba-client-32bit-3.6.3-0.28.1 samba-winbind-32bit-3.6.3-0.28.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.28.1 libtalloc1-x86-3.4.3-1.42.6 libtalloc2-x86-3.6.3-0.28.1 libtdb1-x86-3.6.3-0.28.1 libwbclient0-x86-3.6.3-0.28.1 samba-client-x86-3.6.3-0.28.1 samba-winbind-x86-3.6.3-0.28.1 samba-x86-3.6.3-0.28.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.28.1 libsmbclient0-3.6.3-0.28.1 libtalloc1-3.4.3-1.42.6 libtalloc2-3.6.3-0.28.1 libtdb1-3.6.3-0.28.1 libtevent0-3.6.3-0.28.1 libwbclient0-3.6.3-0.28.1 samba-3.6.3-0.28.1 samba-client-3.6.3-0.28.1 samba-krb-printing-3.6.3-0.28.1 samba-winbind-3.6.3-0.28.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.28.1 libsmbclient0-32bit-3.6.3-0.28.1 libtalloc1-32bit-3.4.3-1.42.6 libtalloc2-32bit-3.6.3-0.28.1 libtdb1-32bit-3.6.3-0.28.1 libtevent0-32bit-3.6.3-0.28.1 libwbclient0-32bit-3.6.3-0.28.1 samba-32bit-3.6.3-0.28.1 samba-client-32bit-3.6.3-0.28.1 samba-winbind-32bit-3.6.3-0.28.1 References: https://bugzilla.novell.com/769957 https://bugzilla.novell.com/770056 https://bugzilla.novell.com/770262 https://bugzilla.novell.com/771516 https://bugzilla.novell.com/779269 https://bugzilla.novell.com/783719 https://bugzilla.novell.com/787983 https://bugzilla.novell.com/788159 https://bugzilla.novell.com/790741 http://download.novell.com/patch/finder/?keywords=ef0a97f30ded58bb5811aa39a6b48a97 From sle-updates at lists.suse.com Thu Dec 27 10:08:35 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Dec 2012 18:08:35 +0100 (CET) Subject: SUSE-RU-2012:1703-1: moderate: Recommended update for yast2-dbus-server Message-ID: <20121227170835.5A7443216F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-dbus-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1703-1 Rating: moderate References: #790274 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for yast2-dbus-server provides the following fix: * Do not log the results of method calls by default, as the data might contain sensitive information. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yast2-dbus-server-7141 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yast2-dbus-server-7141 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-yast2-dbus-server-7141 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.17.5]: yast2-dbus-server-2.17.5-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.5]: yast2-dbus-server-2.17.5-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.17.5]: yast2-dbus-server-2.17.5-0.5.1 References: https://bugzilla.novell.com/790274 http://download.novell.com/patch/finder/?keywords=071a5cb3a59a27208e39886f98bbad52 From sle-updates at lists.suse.com Thu Dec 27 10:08:51 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Dec 2012 18:08:51 +0100 (CET) Subject: SUSE-RU-2012:1704-1: moderate: Recommended update for avahi Message-ID: <20121227170851.C31C53216F@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1704-1 Rating: moderate References: #773989 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Avahi resolves a problem that could cause a hang in the daemon when many service files are registered. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-avahi-7101 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-avahi-7101 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-avahi-7101 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-avahi-7101 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): avahi-compat-howl-devel-0.6.23-11.23.1 avahi-compat-mDNSResponder-devel-0.6.23-11.23.1 libavahi-devel-0.6.23-11.23.1 libhowl0-0.6.23-11.23.1 python-avahi-0.6.23-11.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): avahi-0.6.23-11.23.1 avahi-lang-0.6.23-11.23.1 avahi-utils-0.6.23-11.23.1 libavahi-client3-0.6.23-11.23.1 libavahi-common3-0.6.23-11.23.1 libavahi-core5-0.6.23-11.23.1 libdns_sd-0.6.23-11.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libavahi-client3-32bit-0.6.23-11.23.1 libavahi-common3-32bit-0.6.23-11.23.1 libdns_sd-32bit-0.6.23-11.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): avahi-0.6.23-11.23.1 avahi-lang-0.6.23-11.23.1 avahi-utils-0.6.23-11.23.1 libavahi-client3-0.6.23-11.23.1 libavahi-common3-0.6.23-11.23.1 libavahi-core5-0.6.23-11.23.1 libdns_sd-0.6.23-11.23.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libavahi-client3-32bit-0.6.23-11.23.1 libavahi-common3-32bit-0.6.23-11.23.1 libdns_sd-32bit-0.6.23-11.23.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libavahi-client3-x86-0.6.23-11.23.1 libavahi-common3-x86-0.6.23-11.23.1 libdns_sd-x86-0.6.23-11.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): avahi-0.6.23-11.23.1 avahi-lang-0.6.23-11.23.1 libavahi-client3-0.6.23-11.23.1 libavahi-common3-0.6.23-11.23.1 libavahi-core5-0.6.23-11.23.1 libdns_sd-0.6.23-11.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libavahi-client3-32bit-0.6.23-11.23.1 libavahi-common3-32bit-0.6.23-11.23.1 libdns_sd-32bit-0.6.23-11.23.1 References: https://bugzilla.novell.com/773989 http://download.novell.com/patch/finder/?keywords=dbfe49caa68e4dad0182ce7579e26e9b From sle-updates at lists.suse.com Fri Dec 28 01:08:34 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Dec 2012 09:08:34 +0100 (CET) Subject: SUSE-SU-2012:1705-1: moderate: Security update for openCryptoki Message-ID: <20121228080834.9861532172@maintenance.suse.de> SUSE Security Update: Security update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1705-1 Rating: moderate References: #769412 #779211 Cross-References: CVE-2012-4454 CVE-2012-4455 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: openCryptoki had insecure lock file handling, which might have allowed local users with pkcs11 privileges to look at other local users pkcs11 credentials. Some additional small fixes in pkcsslotd were fixed: * Set pkcsslotd pid to /var/run/pkcsslotd.pid * Removed spurious '-' before no-header option on ps * Sending output of pkcs11_startup to syslog via logger Security Issue references: * CVE-2012-4454 * CVE-2012-4455 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-openCryptoki-7053 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openCryptoki-7053 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openCryptoki-7053 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): openCryptoki-devel-2.4-0.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): openCryptoki-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openCryptoki-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): openCryptoki-64bit-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): openCryptoki-32bit-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): openCryptoki-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): openCryptoki-64bit-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc s390): openCryptoki-32bit-2.4-0.11.1 References: http://support.novell.com/security/cve/CVE-2012-4454.html http://support.novell.com/security/cve/CVE-2012-4455.html https://bugzilla.novell.com/769412 https://bugzilla.novell.com/779211 http://download.novell.com/patch/finder/?keywords=3d89df77a465676cbc083fecea39d16f From sle-updates at lists.suse.com Fri Dec 28 02:08:32 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Dec 2012 10:08:32 +0100 (CET) Subject: SUSE-RU-2012:1706-1: Recommended update for inst-source-utils Message-ID: <20121228090832.C1B7D32172@maintenance.suse.de> SUSE Recommended Update: Recommended update for inst-source-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1706-1 Rating: low References: #792914 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update to inst-source-utils fixes create_sha1sums for signing to write correct pubkey. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-inst-source-utils-7147 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-inst-source-utils-7147 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-inst-source-utils-7147 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-inst-source-utils-7147 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch) [New Version: 2012.12.12]: inst-source-utils-2012.12.12-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2012.12.12]: inst-source-utils-2012.12.12-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2012.12.12]: inst-source-utils-2012.12.12-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 2012.12.12]: inst-source-utils-2012.12.12-0.5.1 References: https://bugzilla.novell.com/792914 http://download.novell.com/patch/finder/?keywords=34fb1e7ce4ae1e15b062d85d4a68ac79 From sle-updates at lists.suse.com Fri Dec 28 02:08:48 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Dec 2012 10:08:48 +0100 (CET) Subject: SUSE-RU-2012:1707-1: Recommended update for gnutls Message-ID: <20121228090848.2B9BC32172@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1707-1 Rating: low References: #760265 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the GNU Transport Layer Security Library (gnutls) provides the following fix: * Do not reject root CAs that do not have CA:True set in Basic Constraints (bnc#760265). Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-gnutls-7169 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gnutls-7169 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gnutls-7169 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gnutls-7169 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.43.1 libgnutls-extra-devel-2.4.1-24.39.43.1 libgnutls-extra26-2.4.1-24.39.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gnutls-2.4.1-24.39.43.1 libgnutls26-2.4.1-24.39.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgnutls26-32bit-2.4.1-24.39.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.43.1 libgnutls-extra26-2.4.1-24.39.43.1 libgnutls26-2.4.1-24.39.43.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.43.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgnutls26-x86-2.4.1-24.39.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gnutls-2.4.1-24.39.43.1 libgnutls26-2.4.1-24.39.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgnutls26-32bit-2.4.1-24.39.43.1 References: https://bugzilla.novell.com/760265 http://download.novell.com/patch/finder/?keywords=c3d5d3f7f49049c898a2fe437d963fba From sle-updates at lists.suse.com Fri Dec 28 03:08:30 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Dec 2012 11:08:30 +0100 (CET) Subject: SUSE-SU-2012:1708-1: moderate: Security update for ofed Message-ID: <20121228100830.F3C5C320F0@maintenance.suse.de> SUSE Security Update: Security update for ofed ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1708-1 Rating: moderate References: #676724 #678795 #706175 #721597 #773383 Cross-References: CVE-2012-3430 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update of ofed fixed multiple issues (including security related flaws): * sdp: move histogram allocation from stack to heap (bnc#706175) * cma: Fix crash in request handlers (bnc#678795, CVE-2011-0695) * rds: set correct msg_namelen (bnc#773383, CVE-2012-3430) * cm: Bump reference count on cm_id before invoking (bnc#678795, CVE-2011-0695) * sdp / ipath: Added fixes for 64bit divide on 32bit builds * updated Infiniband sysconfig file to match openibd (bnc#721597) Security Issue reference: * CVE-2012-3430 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): ofed-1.5.2-0.12.1 ofed-cxgb3-NIC-kmp-default-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-doc-1.5.2-0.12.1 ofed-kmp-default-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): ofed-cxgb3-NIC-kmp-debug-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-debug-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): ofed-cxgb3-NIC-kmp-kdump-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-kdump-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): ofed-cxgb3-NIC-kmp-smp-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-smp-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586): ofed-cxgb3-NIC-kmp-bigsmp-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-cxgb3-NIC-kmp-kdumppae-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-cxgb3-NIC-kmp-vmi-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-cxgb3-NIC-kmp-vmipae-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-bigsmp-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-kdumppae-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-vmi-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-vmipae-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): ofed-cxgb3-NIC-kmp-ppc64-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-ppc64-1.5.2_2.6.16.60_0.99.13-0.12.1 - SLE SDK 10 SP4 (i586 ia64 ppc x86_64): ofed-devel-1.5.2-0.12.1 References: http://support.novell.com/security/cve/CVE-2012-3430.html https://bugzilla.novell.com/676724 https://bugzilla.novell.com/678795 https://bugzilla.novell.com/706175 https://bugzilla.novell.com/721597 https://bugzilla.novell.com/773383 http://download.novell.com/patch/finder/?keywords=e928539d6bca959aca91d810ff33a425 From sle-updates at lists.suse.com Fri Dec 28 10:08:33 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Dec 2012 18:08:33 +0100 (CET) Subject: SUSE-RU-2012:1709-1: moderate: Recommended update for yast2-storage Message-ID: <20121228170833.86E8832174@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:1709-1 Rating: moderate References: #751780 #772044 #781402 #788556 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This collective update for YaST's Storage Configuration module includes the following fixes: * Removed deactivation of MD RAIDs using DM during installation (bnc#751780) * Wait for pending udev events to prevent errors when deleting LVM volumes during installation (bnc#781402) * Fixed list of available physical volumes when creating new volume group (bnc#772044) * Fixed available mount-by methods for newly created partitions (bnc#788556). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-yast2-storage-7090 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yast2-storage-7090 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yast2-storage-7090 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-yast2-storage-7090 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.127.2]: yast2-storage-devel-2.17.127.2-0.5.3 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.17.127.2]: yast2-storage-2.17.127.2-0.5.3 yast2-storage-lib-2.17.127.2-0.5.3 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.127.2]: yast2-storage-2.17.127.2-0.5.3 yast2-storage-lib-2.17.127.2-0.5.3 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.17.127.2]: yast2-storage-2.17.127.2-0.5.3 yast2-storage-lib-2.17.127.2-0.5.3 References: https://bugzilla.novell.com/751780 https://bugzilla.novell.com/772044 https://bugzilla.novell.com/781402 https://bugzilla.novell.com/788556 http://download.novell.com/patch/finder/?keywords=1f96d68f377c31c0465230439365ae5c