From sle-updates at lists.suse.com Thu Aug 1 07:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2013 15:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1287-1: moderate: Security update for glibc Message-ID: <20130801130411.8643932076@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1287-1 Rating: moderate References: #661460 #676178 #691365 #732110 #735850 #743689 #747768 #753756 #760216 #770891 #774467 #775690 #783196 #796982 #805899 #813121 #818630 #828637 Cross-References: CVE-2009-5029 CVE-2010-4756 CVE-2011-1089 CVE-2012-0864 CVE-2012-3480 CVE-2013-1914 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 12 fixes is now available. Description: This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) - Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed: - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) - Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216] - Fix problem with TLS and dlopen. [#732110] - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689] - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689] - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460] Security Issues: * CVE-2009-5029 * CVE-2010-4756 * CVE-2011-1089 * CVE-2012-0864 * CVE-2012-3480 * CVE-2013-1914 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 i686 s390x x86_64): glibc-2.4-31.77.102.1 glibc-devel-2.4-31.77.102.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): glibc-html-2.4-31.77.102.1 glibc-i18ndata-2.4-31.77.102.1 glibc-info-2.4-31.77.102.1 glibc-locale-2.4-31.77.102.1 glibc-profile-2.4-31.77.102.1 nscd-2.4-31.77.102.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): glibc-32bit-2.4-31.77.102.1 glibc-devel-32bit-2.4-31.77.102.1 glibc-locale-32bit-2.4-31.77.102.1 glibc-profile-32bit-2.4-31.77.102.1 References: http://support.novell.com/security/cve/CVE-2009-5029.html http://support.novell.com/security/cve/CVE-2010-4756.html http://support.novell.com/security/cve/CVE-2011-1089.html http://support.novell.com/security/cve/CVE-2012-0864.html http://support.novell.com/security/cve/CVE-2012-3480.html http://support.novell.com/security/cve/CVE-2013-1914.html https://bugzilla.novell.com/661460 https://bugzilla.novell.com/676178 https://bugzilla.novell.com/691365 https://bugzilla.novell.com/732110 https://bugzilla.novell.com/735850 https://bugzilla.novell.com/743689 https://bugzilla.novell.com/747768 https://bugzilla.novell.com/753756 https://bugzilla.novell.com/760216 https://bugzilla.novell.com/770891 https://bugzilla.novell.com/774467 https://bugzilla.novell.com/775690 https://bugzilla.novell.com/783196 https://bugzilla.novell.com/796982 https://bugzilla.novell.com/805899 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/818630 https://bugzilla.novell.com/828637 http://download.novell.com/patch/finder/?keywords=17c15337eaf4f28f28cdc9f9d3d731ec From sle-updates at lists.suse.com Thu Aug 1 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2013 20:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1289-1: moderate: Recommended update for release-notes-ha-geo Message-ID: <20130801180409.F2CC932060@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha-geo ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1289-1 Rating: moderate References: #827790 Affected Products: SUSE Linux Enterprise High Availability Geographic Cluster 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest version of the Release Notes for Geo Clustering for SUSE Linux Enterprise Server High Availability Extension. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Geographic Cluster 11 SP3: zypper in -t patch sleshagsp3-release-notes-ha-geo-8012 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Geographic Cluster 11 SP3 (s390x x86_64): release-notes-ha-geo-11.3.1-0.10.22 References: https://bugzilla.novell.com/827790 http://download.novell.com/patch/finder/?keywords=9519921a7a75919008162b67633932cf From sle-updates at lists.suse.com Thu Aug 1 12:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2013 20:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1237-3: moderate: Security update for strongswan Message-ID: <20130801180413.94D2B32276@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1237-3 Rating: moderate References: #815236 Cross-References: CVE-2013-2944 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the ECDSA signature vulnerability in strongswan. CVE-2013-2944 was assigned to this issue. Security Issue references: * CVE-2013-2944 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-strongswan-8021 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-strongswan-8021 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-strongswan-8021 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): strongswan-4.4.0-6.17.5 strongswan-doc-4.4.0-6.17.5 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.17.5 strongswan-doc-4.4.0-6.17.5 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): strongswan-4.4.0-6.17.5 strongswan-doc-4.4.0-6.17.5 References: http://support.novell.com/security/cve/CVE-2013-2944.html https://bugzilla.novell.com/815236 http://download.novell.com/patch/finder/?keywords=3a772836080f180531c4b38e258c1b04 From sle-updates at lists.suse.com Fri Aug 2 00:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2013 08:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1290-1: important: Recommended update for release-notes-sles Message-ID: <20130802060409.7DA6932276@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1290-1 Rating: important References: #830904 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This announcement marks the end of the security and maintenance patch period for SUSE Linux Enterprise Server 10 Service Pack 4 and the end of General Support for SUSE Linux Enterprise 10. In order to keep your systems up to date and secure, please migrate your systems to SUSE Linux Enterprise Server 11 Service Pack 3. All customers with active SUSE Linux Enterprise Server subscriptions can migrate to SUSE Linux Enterprise Server 11 Service Pack 3 at no additional cost. For more information on how to upgrade to SUSE Linux Enterprise Server 11 Service Pack 3, please read: https://www.suse.com/support/kb/doc.php?id=7012368 Please make sure that you applied all maintenance updates provided for SUSE Linux Enterprise Server 10 Service Pack 4 before starting the migration. If you want to receive continued support for SUSE Linux Enterprise Server 10 Service Pack 4, SUSE offers an optional Long Term Service Pack Support program. For more information about this, please see: https://www.suse.com/support/programs/long-term-service-pack -support.html Contact your SUSE sales representative if you would like to purchase Long Term Service Pack Support. Indications: End of General Maintenance for SLE10 SP4 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 10.4.12]: release-notes-sles-10.4.12-0.10.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 10.4.12]: release-notes-sles-10.4.12-0.10.1 References: https://bugzilla.novell.com/830904 http://download.novell.com/patch/finder/?keywords=117a7d994165867c67e75c19ad259f01 From sle-updates at lists.suse.com Fri Aug 2 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2013 20:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1292-1: moderate: Security update for openstack-nova Message-ID: <20130802180409.7225032076@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1292-1 Rating: moderate References: #817181 #821879 #829068 Cross-References: CVE-2013-2096 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: A local DoS condition in openstack-nova's qcow2 virtual image size handling has been fixed. CVE-2013-2096 was assigned to this issue. Security Issue reference: * CVE-2013-2096 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-nova-8097 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-nova-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-api-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-cert-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-compute-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-network-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-objectstore-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-scheduler-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-vncproxy-2012.1+git.1364234478.e52e691-0.7.1 openstack-nova-volume-2012.1+git.1364234478.e52e691-0.7.1 python-nova-2012.1+git.1364234478.e52e691-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-2096.html https://bugzilla.novell.com/817181 https://bugzilla.novell.com/821879 https://bugzilla.novell.com/829068 http://download.novell.com/patch/finder/?keywords=e57190d51898cdc8d8e87a413912b595 From sle-updates at lists.suse.com Fri Aug 2 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Aug 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1293-1: important: Security update for IBMJava5 JRE and IBMJava5 SDK Message-ID: <20130802210410.56F9532076@maintenance.suse.de> SUSE Security Update: Security update for IBMJava5 JRE and IBMJava5 SDK ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1293-1 Rating: important References: #823034 #829212 Affected Products: SUSE CORE 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and security issues: CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002 CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-3743, CVE-2013-2448, CVE-2013-2454, CVE-2013-2456 CVE-2013-2457, CVE-2013-2455, CVE-2013-2443, CVE-2013-2447 CVE-2013-2444, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1571, CVE-2013-1500 Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Package List: - SUSE CORE 9 (i586 s390 s390x x86_64): IBMJava2-JRE-1.4.2_sr13.18-0.4 IBMJava2-SDK-1.4.2_sr13.18-0.4 IBMJava5-JRE-1.5.0_sr16.3-0.4 IBMJava5-SDK-1.5.0_sr16.3-0.4 References: https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=7680f8140c62f26ce3174024373514a1 http://download.novell.com/patch/finder/?keywords=bf6c59989a94daa5af11dc7d56857d21 From sle-updates at lists.suse.com Mon Aug 5 11:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2013 19:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1290-2: important: Recommended update for release-notes-sled Message-ID: <20130805170410.7A8B032071@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1290-2 Rating: important References: #830904 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This announcement marks the end of the security and maintenance patch period for SUSE Linux Enterprise Desktop 10 Service Pack 4 and the end of General Support for SUSE Linux Enterprise 10. In order to keep your systems up to date and secure, please migrate your systems to SUSE Linux Enterprise Desktop 11 Service Pack 3. All customers with active SUSE Linux Enterprise Desktop subscriptions can migrate to SUSE Linux Enterprise Desktop 11 Service Pack 3 at no additional cost. For more information on how to upgrade to SUSE Linux Enterprise Desktop 11 Service Pack 3, please read: https://www.suse.com/support/kb/doc.php?id=7012368 Please make sure that you applied all maintenance updates provided for SUSE Linux Enterprise Desktop 10 Service Pack 4 before starting the migration. Indications: End of General Maintenance for SLE10 SP4 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 10.4.9]: release-notes-sled-10.4.9-0.10.1 References: https://bugzilla.novell.com/830904 http://download.novell.com/patch/finder/?keywords=742c1867788603e1164998b5fa8cd70e From sle-updates at lists.suse.com Mon Aug 5 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Aug 2013 20:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1293-2: important: Security update for IBM Java 1.4.2 Message-ID: <20130805180409.6B8BC32060@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1293-2 Rating: important References: #823034 #829212 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues: CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1500 Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-java-1_4_2-ibm-8113 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_4_2-ibm-8113 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.7.1 java-1_4_2-ibm-devel-1.4.2_sr13.18-0.7.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.7.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.7.1 References: https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=218af645ef5f0082097200b5e9788a5a http://download.novell.com/patch/finder/?keywords=76ae3ed7fc780d986eebf8b71a352ade From sle-updates at lists.suse.com Tue Aug 6 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2013 20:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1304-1: critical: Security update for puppet Message-ID: <20130806180409.5D0083204F@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1304-1 Rating: critical References: #825878 Cross-References: CVE-2013-3567 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This puppet update fixes a remote code execution issue: * Unauthenticated Remote Code Execution Vulnerability with YAML and REST API calls (bug#825878, CVE-2013-3567) Security Issue reference: * CVE-2013-3567 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-puppet-8132 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-puppet-8132 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-puppet-8131 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-puppet-8131 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-puppet-8132 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-puppet-8131 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): puppet-2.6.18-0.6.1 puppet-server-2.6.18-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): puppet-2.6.18-0.6.1 puppet-server-2.6.18-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.6.1 puppet-server-2.6.18-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.6.1 puppet-server-2.6.18-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): puppet-2.6.18-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-3567.html https://bugzilla.novell.com/825878 http://download.novell.com/patch/finder/?keywords=257dd8125d8a1d0ff79cfbc990fb2583 http://download.novell.com/patch/finder/?keywords=3cee502500023425010c6abfb51fa21e From sle-updates at lists.suse.com Tue Aug 6 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Aug 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1305-1: important: Security update for IBM Java 1.6.0 Message-ID: <20130806210410.353E33204E@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1305-1 Rating: important References: #817062 #823034 #829212 #831936 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) * check if installed qa_filelist is not empty (bnc#831936) Security Issue references: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2468 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2466 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2442 * CVE-2013-2407 * CVE-2013-2454 * CVE-2013-2456 * CVE-2013-2453 * CVE-2013-2457 * CVE-2013-2455 * CVE-2013-2412 * CVE-2013-2443 * CVE-2013-2447 * CVE-2013-2437 * CVE-2013-2444 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-2451 * CVE-2013-1500 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.6.6.1 java-1_6_0-ibm-devel-1.6.0_sr14.0-0.6.6.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.6.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.6.6.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr14.0-0.6.6.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr14.0-0.6.6.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.6.6.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr14.0-0.6.6.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr14.0-0.6.6.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.6.6.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2437.html http://support.novell.com/security/cve/CVE-2013-2442.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2466.html http://support.novell.com/security/cve/CVE-2013-2468.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 https://bugzilla.novell.com/831936 http://download.novell.com/patch/finder/?keywords=83286d2f8367035fc1294114aff55891 From sle-updates at lists.suse.com Wed Aug 7 13:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Aug 2013 21:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1310-1: important: Security update for bind Message-ID: <20130807190409.5CA4332276@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1310-1 Rating: important References: #831899 Cross-References: CVE-2013-4854 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A specially crafted query with malicious rdata could have caused a crash (DoS) in named. Security Issue reference: * CVE-2013-4854 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind-8161 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-8160 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind-8161 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind-8161 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-8160 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-8160 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind-8161 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-8160 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.3P2]: bind-devel-9.9.3P2-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.3P2]: bind-devel-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.3P2]: bind-devel-9.9.3P2-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.9.3P2]: bind-devel-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.3P2]: bind-9.9.3P2-0.5.1 bind-chrootenv-9.9.3P2-0.5.1 bind-doc-9.9.3P2-0.5.1 bind-libs-9.9.3P2-0.5.1 bind-utils-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.3P2]: bind-libs-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.3P2]: bind-9.9.3P2-0.5.1 bind-chrootenv-9.9.3P2-0.5.1 bind-doc-9.9.3P2-0.5.1 bind-libs-9.9.3P2-0.5.1 bind-utils-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.3P2]: bind-libs-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.3P2]: bind-libs-x86-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.9.3P2]: bind-9.9.3P2-0.5.1 bind-chrootenv-9.9.3P2-0.5.1 bind-doc-9.9.3P2-0.5.1 bind-libs-9.9.3P2-0.5.1 bind-utils-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.9.3P2]: bind-libs-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.3P2]: bind-9.9.3P2-0.5.1 bind-chrootenv-9.9.3P2-0.5.1 bind-doc-9.9.3P2-0.5.1 bind-libs-9.9.3P2-0.5.1 bind-utils-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.9.3P2]: bind-libs-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.9.3P2]: bind-libs-x86-9.9.3P2-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.3P2]: bind-libs-9.9.3P2-0.5.1 bind-utils-9.9.3P2-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.3P2]: bind-libs-32bit-9.9.3P2-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.9.3P2]: bind-libs-9.9.3P2-0.5.1 bind-utils-9.9.3P2-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.9.3P2]: bind-libs-32bit-9.9.3P2-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-4854.html https://bugzilla.novell.com/831899 http://download.novell.com/patch/finder/?keywords=6b7570508ab209647dc76ea23518d5e9 http://download.novell.com/patch/finder/?keywords=b60df9afc37de4b5115de94bdcd07cce From sle-updates at lists.suse.com Wed Aug 7 16:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2013 00:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1311-1: moderate: Recommended update for AppArmor Message-ID: <20130807220409.E05313204E@maintenance.suse.de> SUSE Recommended Update: Recommended update for AppArmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1311-1 Rating: moderate References: #826643 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: AppArmor has been rebuilt to enable a new set of capabilities available on SUSE Linux Enterprise 11 SP3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_apparmor-8068 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_apparmor-8068 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_apparmor-8068 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-apache2-mod_apparmor-8068 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libapparmor-devel-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.62.3 apparmor-docs-2.5.1.r1445-55.62.3 apparmor-parser-2.5.1.r1445-55.62.3 apparmor-utils-2.5.1.r1445-55.62.3 libapparmor1-2.5.1.r1445-55.62.3 pam_apparmor-2.5.1.r1445-55.62.3 perl-apparmor-2.5.1.r1445-55.62.3 tomcat_apparmor-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libapparmor1-32bit-2.5.1.r1445-55.62.3 pam_apparmor-32bit-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_apparmor-2.5.1.r1445-55.62.3 apparmor-docs-2.5.1.r1445-55.62.3 apparmor-parser-2.5.1.r1445-55.62.3 apparmor-utils-2.5.1.r1445-55.62.3 libapparmor1-2.5.1.r1445-55.62.3 pam_apparmor-2.5.1.r1445-55.62.3 perl-apparmor-2.5.1.r1445-55.62.3 tomcat_apparmor-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libapparmor1-32bit-2.5.1.r1445-55.62.3 pam_apparmor-32bit-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Server 11 SP3 (ia64): libapparmor1-x86-2.5.1.r1445-55.62.3 pam_apparmor-x86-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): apparmor-docs-2.5.1.r1445-55.62.3 apparmor-parser-2.5.1.r1445-55.62.3 apparmor-utils-2.5.1.r1445-55.62.3 libapparmor1-2.5.1.r1445-55.62.3 pam_apparmor-2.5.1.r1445-55.62.3 perl-apparmor-2.5.1.r1445-55.62.3 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libapparmor1-32bit-2.5.1.r1445-55.62.3 pam_apparmor-32bit-2.5.1.r1445-55.62.3 References: https://bugzilla.novell.com/826643 http://download.novell.com/patch/finder/?keywords=5106d62366bce294707abe5ec378a54c From sle-updates at lists.suse.com Wed Aug 7 16:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2013 00:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1312-1: Recommended update for yelp Message-ID: <20130807220413.BB5223227A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yelp ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1312-1 Rating: low References: #754658 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Yelp fixes the search path of the F-Spot documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yelp-7942 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yelp-7942 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yelp-7883 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yelp-7883 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yelp-7942 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-yelp-7883 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): yelp-2.28.1-1.12.111 yelp-lang-2.28.1-1.12.111 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): yelp-2.28.1-1.12.111 yelp-lang-2.28.1-1.12.111 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): yelp-2.28.1-1.12.110 yelp-lang-2.28.1-1.12.110 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): yelp-2.28.1-1.12.110 yelp-lang-2.28.1-1.12.110 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): yelp-2.28.1-1.12.111 yelp-lang-2.28.1-1.12.111 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): yelp-2.28.1-1.12.110 yelp-lang-2.28.1-1.12.110 References: https://bugzilla.novell.com/754658 http://download.novell.com/patch/finder/?keywords=c402c5e591f362d1eded237254d759eb http://download.novell.com/patch/finder/?keywords=f6d40f81aac962d807c1c634b81779db From sle-updates at lists.suse.com Wed Aug 7 16:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Aug 2013 00:04:17 +0200 (CEST) Subject: SUSE-RU-2013:1313-1: Recommended update for GNOME Power Manager Message-ID: <20130807220417.9240E3227A@maintenance.suse.de> SUSE Recommended Update: Recommended update for GNOME Power Manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1313-1 Rating: low References: #752245 #759846 #766725 #796435 #807057 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for GNOME Power Manager provides the following fixes: * Implements synchronization with GNOME Screen Saver's unlock dialog so that it can be serialized to pm-utils hooks. * The battery charge percentage printed in the "Device Information" dialog and in the panel icon's tool tip is not up to date. * Turn off the monitor backlight on the lid-close event to avoid a screen flicker in some machines. * Fix the idle status in after waking up from S3/S4 when the screen lock is disabled explicitly. * Fix the missing back light control for NVidia graphics drivers. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gnome-applets-brightness-7898 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gnome-applets-brightness-7898 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gnome-applets-brightness-7898 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gnome-power-manager-2.24.1-17.67.1 gnome-power-manager-lang-2.24.1-17.67.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gnome-power-manager-2.24.1-17.67.1 gnome-power-manager-lang-2.24.1-17.67.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gnome-applets-brightness-2.24.1-17.67.1 gnome-applets-inhibit-powersave-2.24.1-17.67.1 gnome-power-manager-2.24.1-17.67.1 gnome-power-manager-lang-2.24.1-17.67.1 References: https://bugzilla.novell.com/752245 https://bugzilla.novell.com/759846 https://bugzilla.novell.com/766725 https://bugzilla.novell.com/796435 https://bugzilla.novell.com/807057 http://download.novell.com/patch/finder/?keywords=a7884bcf730c3c59cf20d076120c2d54 From sle-updates at lists.suse.com Fri Aug 9 08:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2013 16:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1314-1: important: Security update for Xen Message-ID: <20130809140411.20B5C32085@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1314-1 Rating: important References: #801663 #808085 #808269 #817210 #820917 #820919 #820920 #823011 #823608 Cross-References: CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues: The following security issues have been addressed: * CVE-2013-2194: Various integer overflows in the ELF loader were fixed. (XSA-55) * CVE-2013-2195: Various pointer dereferences issues in the ELF loader were fixed. (XSA-55) * CVE-2013-2196: Various other problems in the ELF loader were fixed. (XSA-55) * CVE-2013-2078: A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54) * CVE-2013-2077: A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53) * CVE-2013-2211: libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57) * CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. Also the following bugs have been fixed: * performance issues in mirror lvm (bnc#801663) * aacraid driver panics mapping INT A when booting kernel-xen (bnc#808085) * Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel (bnc#808269) * Did not boot with i915 graphics controller with VT-d enabled (bnc#817210) Security Issue references: * CVE-2013-2194 * CVE-2013-2195 * CVE-2013-2196 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xen-201307-8063 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xen-201307-8063 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xen-201307-8063 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): xen-devel-4.2.2_06-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1 xen-libs-4.2.2_06-0.7.1 xen-tools-domU-4.2.2_06-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-4.2.2_06-0.7.1 xen-doc-html-4.2.2_06-0.7.1 xen-doc-pdf-4.2.2_06-0.7.1 xen-libs-32bit-4.2.2_06-0.7.1 xen-tools-4.2.2_06-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586): xen-kmp-pae-4.2.2_06_3.0.82_0.7-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1 xen-libs-4.2.2_06-0.7.1 xen-tools-domU-4.2.2_06-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-4.2.2_06-0.7.1 xen-doc-html-4.2.2_06-0.7.1 xen-doc-pdf-4.2.2_06-0.7.1 xen-libs-32bit-4.2.2_06-0.7.1 xen-tools-4.2.2_06-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): xen-kmp-pae-4.2.2_06_3.0.82_0.7-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-2194.html http://support.novell.com/security/cve/CVE-2013-2195.html http://support.novell.com/security/cve/CVE-2013-2196.html https://bugzilla.novell.com/801663 https://bugzilla.novell.com/808085 https://bugzilla.novell.com/808269 https://bugzilla.novell.com/817210 https://bugzilla.novell.com/820917 https://bugzilla.novell.com/820919 https://bugzilla.novell.com/820920 https://bugzilla.novell.com/823011 https://bugzilla.novell.com/823608 http://download.novell.com/patch/finder/?keywords=6f245c857571421a6701c20d04b046cb From sle-updates at lists.suse.com Fri Aug 9 14:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2013 22:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1315-1: important: Security update for PHP5 Message-ID: <20130809200411.7AFB232085@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1315-1 Rating: important References: #775852 #778003 #783239 #807707 #828020 #829207 Cross-References: CVE-2013-4113 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. It includes one version update. Description: The following security issues have been fixed in PHP5: * CVE-2013-4635: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP allowed context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. * CVE-2013-1635: ext/soap/soap.c in PHP did not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allowed remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. * CVE-2013-1643: The SOAP parser in PHP allowed remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. * CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. * CVE-2011-1398 / CVE-2012-4388: The sapi_header_op function in main/SAPI.c in PHP did not check for %0D sequences (aka carriage return characters), which allowed remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. A hardening measure has been implemented without CVE: * use FilesMatch with 'SetHandler' rather than 'AddHandler' [bnc#775852] * fixed php bug #43200 (Interface implementation / inheritence not possible in abstract classes) [bnc#783239] Security Issue reference: * CVE-2013-4113 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-apache2-mod_php5-8112 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-apache2-mod_php5-8112 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.48.1 php5-5.2.14-0.7.30.48.1 php5-bcmath-5.2.14-0.7.30.48.1 php5-bz2-5.2.14-0.7.30.48.1 php5-calendar-5.2.14-0.7.30.48.1 php5-ctype-5.2.14-0.7.30.48.1 php5-curl-5.2.14-0.7.30.48.1 php5-dba-5.2.14-0.7.30.48.1 php5-dbase-5.2.14-0.7.30.48.1 php5-dom-5.2.14-0.7.30.48.1 php5-exif-5.2.14-0.7.30.48.1 php5-fastcgi-5.2.14-0.7.30.48.1 php5-ftp-5.2.14-0.7.30.48.1 php5-gd-5.2.14-0.7.30.48.1 php5-gettext-5.2.14-0.7.30.48.1 php5-gmp-5.2.14-0.7.30.48.1 php5-hash-5.2.14-0.7.30.48.1 php5-iconv-5.2.14-0.7.30.48.1 php5-json-5.2.14-0.7.30.48.1 php5-ldap-5.2.14-0.7.30.48.1 php5-mbstring-5.2.14-0.7.30.48.1 php5-mcrypt-5.2.14-0.7.30.48.1 php5-mysql-5.2.14-0.7.30.48.1 php5-odbc-5.2.14-0.7.30.48.1 php5-openssl-5.2.14-0.7.30.48.1 php5-pcntl-5.2.14-0.7.30.48.1 php5-pdo-5.2.14-0.7.30.48.1 php5-pear-5.2.14-0.7.30.48.1 php5-pgsql-5.2.14-0.7.30.48.1 php5-pspell-5.2.14-0.7.30.48.1 php5-shmop-5.2.14-0.7.30.48.1 php5-snmp-5.2.14-0.7.30.48.1 php5-soap-5.2.14-0.7.30.48.1 php5-suhosin-5.2.14-0.7.30.48.1 php5-sysvmsg-5.2.14-0.7.30.48.1 php5-sysvsem-5.2.14-0.7.30.48.1 php5-sysvshm-5.2.14-0.7.30.48.1 php5-tokenizer-5.2.14-0.7.30.48.1 php5-wddx-5.2.14-0.7.30.48.1 php5-xmlreader-5.2.14-0.7.30.48.1 php5-xmlrpc-5.2.14-0.7.30.48.1 php5-xmlwriter-5.2.14-0.7.30.48.1 php5-xsl-5.2.14-0.7.30.48.1 php5-zip-5.2.14-0.7.30.48.1 php5-zlib-5.2.14-0.7.30.48.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.48.1 php5-5.2.14-0.7.30.48.1 php5-bcmath-5.2.14-0.7.30.48.1 php5-bz2-5.2.14-0.7.30.48.1 php5-calendar-5.2.14-0.7.30.48.1 php5-ctype-5.2.14-0.7.30.48.1 php5-curl-5.2.14-0.7.30.48.1 php5-dba-5.2.14-0.7.30.48.1 php5-dbase-5.2.14-0.7.30.48.1 php5-dom-5.2.14-0.7.30.48.1 php5-exif-5.2.14-0.7.30.48.1 php5-fastcgi-5.2.14-0.7.30.48.1 php5-ftp-5.2.14-0.7.30.48.1 php5-gd-5.2.14-0.7.30.48.1 php5-gettext-5.2.14-0.7.30.48.1 php5-gmp-5.2.14-0.7.30.48.1 php5-hash-5.2.14-0.7.30.48.1 php5-iconv-5.2.14-0.7.30.48.1 php5-json-5.2.14-0.7.30.48.1 php5-ldap-5.2.14-0.7.30.48.1 php5-mbstring-5.2.14-0.7.30.48.1 php5-mcrypt-5.2.14-0.7.30.48.1 php5-mysql-5.2.14-0.7.30.48.1 php5-odbc-5.2.14-0.7.30.48.1 php5-openssl-5.2.14-0.7.30.48.1 php5-pcntl-5.2.14-0.7.30.48.1 php5-pdo-5.2.14-0.7.30.48.1 php5-pear-5.2.14-0.7.30.48.1 php5-pgsql-5.2.14-0.7.30.48.1 php5-pspell-5.2.14-0.7.30.48.1 php5-shmop-5.2.14-0.7.30.48.1 php5-snmp-5.2.14-0.7.30.48.1 php5-soap-5.2.14-0.7.30.48.1 php5-suhosin-5.2.14-0.7.30.48.1 php5-sysvmsg-5.2.14-0.7.30.48.1 php5-sysvsem-5.2.14-0.7.30.48.1 php5-sysvshm-5.2.14-0.7.30.48.1 php5-tokenizer-5.2.14-0.7.30.48.1 php5-wddx-5.2.14-0.7.30.48.1 php5-xmlreader-5.2.14-0.7.30.48.1 php5-xmlrpc-5.2.14-0.7.30.48.1 php5-xmlwriter-5.2.14-0.7.30.48.1 php5-xsl-5.2.14-0.7.30.48.1 php5-zip-5.2.14-0.7.30.48.1 php5-zlib-5.2.14-0.7.30.48.1 References: http://support.novell.com/security/cve/CVE-2013-4113.html https://bugzilla.novell.com/775852 https://bugzilla.novell.com/778003 https://bugzilla.novell.com/783239 https://bugzilla.novell.com/807707 https://bugzilla.novell.com/828020 https://bugzilla.novell.com/829207 http://download.novell.com/patch/finder/?keywords=2ab3ed25399f2e9a36f4f4b0da18d493 From sle-updates at lists.suse.com Fri Aug 9 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1316-1: important: Security update for PHP5 Message-ID: <20130809210410.CB2963236C@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1316-1 Rating: important References: #828020 #829207 Cross-References: CVE-2013-4113 CVE-2013-4635 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml Security Issues: * CVE-2013-4113 * CVE-2013-4635 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53-8088 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53-8088 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53-8088 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.15.1 php53-imap-5.3.17-0.15.1 php53-posix-5.3.17-0.15.1 php53-readline-5.3.17-0.15.1 php53-sockets-5.3.17-0.15.1 php53-sqlite-5.3.17-0.15.1 php53-tidy-5.3.17-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.15.1 php53-5.3.17-0.15.1 php53-bcmath-5.3.17-0.15.1 php53-bz2-5.3.17-0.15.1 php53-calendar-5.3.17-0.15.1 php53-ctype-5.3.17-0.15.1 php53-curl-5.3.17-0.15.1 php53-dba-5.3.17-0.15.1 php53-dom-5.3.17-0.15.1 php53-exif-5.3.17-0.15.1 php53-fastcgi-5.3.17-0.15.1 php53-fileinfo-5.3.17-0.15.1 php53-ftp-5.3.17-0.15.1 php53-gd-5.3.17-0.15.1 php53-gettext-5.3.17-0.15.1 php53-gmp-5.3.17-0.15.1 php53-iconv-5.3.17-0.15.1 php53-intl-5.3.17-0.15.1 php53-json-5.3.17-0.15.1 php53-ldap-5.3.17-0.15.1 php53-mbstring-5.3.17-0.15.1 php53-mcrypt-5.3.17-0.15.1 php53-mysql-5.3.17-0.15.1 php53-odbc-5.3.17-0.15.1 php53-openssl-5.3.17-0.15.1 php53-pcntl-5.3.17-0.15.1 php53-pdo-5.3.17-0.15.1 php53-pear-5.3.17-0.15.1 php53-pgsql-5.3.17-0.15.1 php53-pspell-5.3.17-0.15.1 php53-shmop-5.3.17-0.15.1 php53-snmp-5.3.17-0.15.1 php53-soap-5.3.17-0.15.1 php53-suhosin-5.3.17-0.15.1 php53-sysvmsg-5.3.17-0.15.1 php53-sysvsem-5.3.17-0.15.1 php53-sysvshm-5.3.17-0.15.1 php53-tokenizer-5.3.17-0.15.1 php53-wddx-5.3.17-0.15.1 php53-xmlreader-5.3.17-0.15.1 php53-xmlrpc-5.3.17-0.15.1 php53-xmlwriter-5.3.17-0.15.1 php53-xsl-5.3.17-0.15.1 php53-zip-5.3.17-0.15.1 php53-zlib-5.3.17-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.15.1 php53-5.3.17-0.15.1 php53-bcmath-5.3.17-0.15.1 php53-bz2-5.3.17-0.15.1 php53-calendar-5.3.17-0.15.1 php53-ctype-5.3.17-0.15.1 php53-curl-5.3.17-0.15.1 php53-dba-5.3.17-0.15.1 php53-dom-5.3.17-0.15.1 php53-exif-5.3.17-0.15.1 php53-fastcgi-5.3.17-0.15.1 php53-fileinfo-5.3.17-0.15.1 php53-ftp-5.3.17-0.15.1 php53-gd-5.3.17-0.15.1 php53-gettext-5.3.17-0.15.1 php53-gmp-5.3.17-0.15.1 php53-iconv-5.3.17-0.15.1 php53-intl-5.3.17-0.15.1 php53-json-5.3.17-0.15.1 php53-ldap-5.3.17-0.15.1 php53-mbstring-5.3.17-0.15.1 php53-mcrypt-5.3.17-0.15.1 php53-mysql-5.3.17-0.15.1 php53-odbc-5.3.17-0.15.1 php53-openssl-5.3.17-0.15.1 php53-pcntl-5.3.17-0.15.1 php53-pdo-5.3.17-0.15.1 php53-pear-5.3.17-0.15.1 php53-pgsql-5.3.17-0.15.1 php53-pspell-5.3.17-0.15.1 php53-shmop-5.3.17-0.15.1 php53-snmp-5.3.17-0.15.1 php53-soap-5.3.17-0.15.1 php53-suhosin-5.3.17-0.15.1 php53-sysvmsg-5.3.17-0.15.1 php53-sysvsem-5.3.17-0.15.1 php53-sysvshm-5.3.17-0.15.1 php53-tokenizer-5.3.17-0.15.1 php53-wddx-5.3.17-0.15.1 php53-xmlreader-5.3.17-0.15.1 php53-xmlrpc-5.3.17-0.15.1 php53-xmlwriter-5.3.17-0.15.1 php53-xsl-5.3.17-0.15.1 php53-zip-5.3.17-0.15.1 php53-zlib-5.3.17-0.15.1 References: http://support.novell.com/security/cve/CVE-2013-4113.html http://support.novell.com/security/cve/CVE-2013-4635.html https://bugzilla.novell.com/828020 https://bugzilla.novell.com/829207 http://download.novell.com/patch/finder/?keywords=b35f4744a67f955b03d2752b14164d9a From sle-updates at lists.suse.com Fri Aug 9 15:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2013 23:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1285-2: important: Security update for PHP5 Message-ID: <20130809210414.811E03236C@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1285-2 Rating: important References: #807707 #828020 #829207 Cross-References: CVE-2013-1635 CVE-2013-1643 CVE-2013-4113 CVE-2013-4635 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml Security Issue references: * CVE-2013-4113 * CVE-2013-4635 * CVE-2013-1635 * CVE-2013-1643 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-8087 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-8087 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-8087 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.41.1 php53-imap-5.3.8-0.41.1 php53-posix-5.3.8-0.41.1 php53-readline-5.3.8-0.41.1 php53-sockets-5.3.8-0.41.1 php53-sqlite-5.3.8-0.41.1 php53-tidy-5.3.8-0.41.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.41.1 php53-5.3.8-0.41.1 php53-bcmath-5.3.8-0.41.1 php53-bz2-5.3.8-0.41.1 php53-calendar-5.3.8-0.41.1 php53-ctype-5.3.8-0.41.1 php53-curl-5.3.8-0.41.1 php53-dba-5.3.8-0.41.1 php53-dom-5.3.8-0.41.1 php53-exif-5.3.8-0.41.1 php53-fastcgi-5.3.8-0.41.1 php53-fileinfo-5.3.8-0.41.1 php53-ftp-5.3.8-0.41.1 php53-gd-5.3.8-0.41.1 php53-gettext-5.3.8-0.41.1 php53-gmp-5.3.8-0.41.1 php53-iconv-5.3.8-0.41.1 php53-intl-5.3.8-0.41.1 php53-json-5.3.8-0.41.1 php53-ldap-5.3.8-0.41.1 php53-mbstring-5.3.8-0.41.1 php53-mcrypt-5.3.8-0.41.1 php53-mysql-5.3.8-0.41.1 php53-odbc-5.3.8-0.41.1 php53-openssl-5.3.8-0.41.1 php53-pcntl-5.3.8-0.41.1 php53-pdo-5.3.8-0.41.1 php53-pear-5.3.8-0.41.1 php53-pgsql-5.3.8-0.41.1 php53-pspell-5.3.8-0.41.1 php53-shmop-5.3.8-0.41.1 php53-snmp-5.3.8-0.41.1 php53-soap-5.3.8-0.41.1 php53-suhosin-5.3.8-0.41.1 php53-sysvmsg-5.3.8-0.41.1 php53-sysvsem-5.3.8-0.41.1 php53-sysvshm-5.3.8-0.41.1 php53-tokenizer-5.3.8-0.41.1 php53-wddx-5.3.8-0.41.1 php53-xmlreader-5.3.8-0.41.1 php53-xmlrpc-5.3.8-0.41.1 php53-xmlwriter-5.3.8-0.41.1 php53-xsl-5.3.8-0.41.1 php53-zip-5.3.8-0.41.1 php53-zlib-5.3.8-0.41.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.41.1 php53-5.3.8-0.41.1 php53-bcmath-5.3.8-0.41.1 php53-bz2-5.3.8-0.41.1 php53-calendar-5.3.8-0.41.1 php53-ctype-5.3.8-0.41.1 php53-curl-5.3.8-0.41.1 php53-dba-5.3.8-0.41.1 php53-dom-5.3.8-0.41.1 php53-exif-5.3.8-0.41.1 php53-fastcgi-5.3.8-0.41.1 php53-fileinfo-5.3.8-0.41.1 php53-ftp-5.3.8-0.41.1 php53-gd-5.3.8-0.41.1 php53-gettext-5.3.8-0.41.1 php53-gmp-5.3.8-0.41.1 php53-iconv-5.3.8-0.41.1 php53-intl-5.3.8-0.41.1 php53-json-5.3.8-0.41.1 php53-ldap-5.3.8-0.41.1 php53-mbstring-5.3.8-0.41.1 php53-mcrypt-5.3.8-0.41.1 php53-mysql-5.3.8-0.41.1 php53-odbc-5.3.8-0.41.1 php53-openssl-5.3.8-0.41.1 php53-pcntl-5.3.8-0.41.1 php53-pdo-5.3.8-0.41.1 php53-pear-5.3.8-0.41.1 php53-pgsql-5.3.8-0.41.1 php53-pspell-5.3.8-0.41.1 php53-shmop-5.3.8-0.41.1 php53-snmp-5.3.8-0.41.1 php53-soap-5.3.8-0.41.1 php53-suhosin-5.3.8-0.41.1 php53-sysvmsg-5.3.8-0.41.1 php53-sysvsem-5.3.8-0.41.1 php53-sysvshm-5.3.8-0.41.1 php53-tokenizer-5.3.8-0.41.1 php53-wddx-5.3.8-0.41.1 php53-xmlreader-5.3.8-0.41.1 php53-xmlrpc-5.3.8-0.41.1 php53-xmlwriter-5.3.8-0.41.1 php53-xsl-5.3.8-0.41.1 php53-zip-5.3.8-0.41.1 php53-zlib-5.3.8-0.41.1 References: http://support.novell.com/security/cve/CVE-2013-1635.html http://support.novell.com/security/cve/CVE-2013-1643.html http://support.novell.com/security/cve/CVE-2013-4113.html http://support.novell.com/security/cve/CVE-2013-4635.html https://bugzilla.novell.com/807707 https://bugzilla.novell.com/828020 https://bugzilla.novell.com/829207 http://download.novell.com/patch/finder/?keywords=ad593aac1cfc93b29edc0ea5b036ed90 From sle-updates at lists.suse.com Fri Aug 9 15:04:18 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Aug 2013 23:04:18 +0200 (CEST) Subject: SUSE-SU-2013:1317-1: important: Security update for PHP5 Message-ID: <20130809210418.3B9063236C@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1317-1 Rating: important References: #783239 #807707 #828020 #829207 Cross-References: CVE-2013-1635 CVE-2013-1643 CVE-2013-4113 CVE-2013-4635 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml Security Issues: * CVE-2013-4635 * CVE-2013-4113 * CVE-2013-1635 * CVE-2013-1643 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php5-8086 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php5-8086 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php5-8086 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php5-devel-5.2.14-0.7.30.48.1 php5-imap-5.2.14-0.7.30.48.1 php5-ncurses-5.2.14-0.7.30.48.1 php5-posix-5.2.14-0.7.30.48.1 php5-readline-5.2.14-0.7.30.48.1 php5-sockets-5.2.14-0.7.30.48.1 php5-sqlite-5.2.14-0.7.30.48.1 php5-tidy-5.2.14-0.7.30.48.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.48.1 php5-5.2.14-0.7.30.48.1 php5-bcmath-5.2.14-0.7.30.48.1 php5-bz2-5.2.14-0.7.30.48.1 php5-calendar-5.2.14-0.7.30.48.1 php5-ctype-5.2.14-0.7.30.48.1 php5-curl-5.2.14-0.7.30.48.1 php5-dba-5.2.14-0.7.30.48.1 php5-dbase-5.2.14-0.7.30.48.1 php5-dom-5.2.14-0.7.30.48.1 php5-exif-5.2.14-0.7.30.48.1 php5-fastcgi-5.2.14-0.7.30.48.1 php5-ftp-5.2.14-0.7.30.48.1 php5-gd-5.2.14-0.7.30.48.1 php5-gettext-5.2.14-0.7.30.48.1 php5-gmp-5.2.14-0.7.30.48.1 php5-hash-5.2.14-0.7.30.48.1 php5-iconv-5.2.14-0.7.30.48.1 php5-json-5.2.14-0.7.30.48.1 php5-ldap-5.2.14-0.7.30.48.1 php5-mbstring-5.2.14-0.7.30.48.1 php5-mcrypt-5.2.14-0.7.30.48.1 php5-mysql-5.2.14-0.7.30.48.1 php5-odbc-5.2.14-0.7.30.48.1 php5-openssl-5.2.14-0.7.30.48.1 php5-pcntl-5.2.14-0.7.30.48.1 php5-pdo-5.2.14-0.7.30.48.1 php5-pear-5.2.14-0.7.30.48.1 php5-pgsql-5.2.14-0.7.30.48.1 php5-pspell-5.2.14-0.7.30.48.1 php5-shmop-5.2.14-0.7.30.48.1 php5-snmp-5.2.14-0.7.30.48.1 php5-soap-5.2.14-0.7.30.48.1 php5-suhosin-5.2.14-0.7.30.48.1 php5-sysvmsg-5.2.14-0.7.30.48.1 php5-sysvsem-5.2.14-0.7.30.48.1 php5-sysvshm-5.2.14-0.7.30.48.1 php5-tokenizer-5.2.14-0.7.30.48.1 php5-wddx-5.2.14-0.7.30.48.1 php5-xmlreader-5.2.14-0.7.30.48.1 php5-xmlrpc-5.2.14-0.7.30.48.1 php5-xmlwriter-5.2.14-0.7.30.48.1 php5-xsl-5.2.14-0.7.30.48.1 php5-zip-5.2.14-0.7.30.48.1 php5-zlib-5.2.14-0.7.30.48.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.48.1 php5-5.2.14-0.7.30.48.1 php5-bcmath-5.2.14-0.7.30.48.1 php5-bz2-5.2.14-0.7.30.48.1 php5-calendar-5.2.14-0.7.30.48.1 php5-ctype-5.2.14-0.7.30.48.1 php5-curl-5.2.14-0.7.30.48.1 php5-dba-5.2.14-0.7.30.48.1 php5-dbase-5.2.14-0.7.30.48.1 php5-dom-5.2.14-0.7.30.48.1 php5-exif-5.2.14-0.7.30.48.1 php5-fastcgi-5.2.14-0.7.30.48.1 php5-ftp-5.2.14-0.7.30.48.1 php5-gd-5.2.14-0.7.30.48.1 php5-gettext-5.2.14-0.7.30.48.1 php5-gmp-5.2.14-0.7.30.48.1 php5-hash-5.2.14-0.7.30.48.1 php5-iconv-5.2.14-0.7.30.48.1 php5-json-5.2.14-0.7.30.48.1 php5-ldap-5.2.14-0.7.30.48.1 php5-mbstring-5.2.14-0.7.30.48.1 php5-mcrypt-5.2.14-0.7.30.48.1 php5-mysql-5.2.14-0.7.30.48.1 php5-odbc-5.2.14-0.7.30.48.1 php5-openssl-5.2.14-0.7.30.48.1 php5-pcntl-5.2.14-0.7.30.48.1 php5-pdo-5.2.14-0.7.30.48.1 php5-pear-5.2.14-0.7.30.48.1 php5-pgsql-5.2.14-0.7.30.48.1 php5-pspell-5.2.14-0.7.30.48.1 php5-shmop-5.2.14-0.7.30.48.1 php5-snmp-5.2.14-0.7.30.48.1 php5-soap-5.2.14-0.7.30.48.1 php5-suhosin-5.2.14-0.7.30.48.1 php5-sysvmsg-5.2.14-0.7.30.48.1 php5-sysvsem-5.2.14-0.7.30.48.1 php5-sysvshm-5.2.14-0.7.30.48.1 php5-tokenizer-5.2.14-0.7.30.48.1 php5-wddx-5.2.14-0.7.30.48.1 php5-xmlreader-5.2.14-0.7.30.48.1 php5-xmlrpc-5.2.14-0.7.30.48.1 php5-xmlwriter-5.2.14-0.7.30.48.1 php5-xsl-5.2.14-0.7.30.48.1 php5-zip-5.2.14-0.7.30.48.1 php5-zlib-5.2.14-0.7.30.48.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.48.1 php5-5.2.14-0.7.30.48.1 php5-bcmath-5.2.14-0.7.30.48.1 php5-bz2-5.2.14-0.7.30.48.1 php5-calendar-5.2.14-0.7.30.48.1 php5-ctype-5.2.14-0.7.30.48.1 php5-curl-5.2.14-0.7.30.48.1 php5-dba-5.2.14-0.7.30.48.1 php5-dbase-5.2.14-0.7.30.48.1 php5-dom-5.2.14-0.7.30.48.1 php5-exif-5.2.14-0.7.30.48.1 php5-fastcgi-5.2.14-0.7.30.48.1 php5-ftp-5.2.14-0.7.30.48.1 php5-gd-5.2.14-0.7.30.48.1 php5-gettext-5.2.14-0.7.30.48.1 php5-gmp-5.2.14-0.7.30.48.1 php5-hash-5.2.14-0.7.30.48.1 php5-iconv-5.2.14-0.7.30.48.1 php5-json-5.2.14-0.7.30.48.1 php5-ldap-5.2.14-0.7.30.48.1 php5-mbstring-5.2.14-0.7.30.48.1 php5-mcrypt-5.2.14-0.7.30.48.1 php5-mysql-5.2.14-0.7.30.48.1 php5-odbc-5.2.14-0.7.30.48.1 php5-openssl-5.2.14-0.7.30.48.1 php5-pcntl-5.2.14-0.7.30.48.1 php5-pdo-5.2.14-0.7.30.48.1 php5-pear-5.2.14-0.7.30.48.1 php5-pgsql-5.2.14-0.7.30.48.1 php5-pspell-5.2.14-0.7.30.48.1 php5-shmop-5.2.14-0.7.30.48.1 php5-snmp-5.2.14-0.7.30.48.1 php5-soap-5.2.14-0.7.30.48.1 php5-suhosin-5.2.14-0.7.30.48.1 php5-sysvmsg-5.2.14-0.7.30.48.1 php5-sysvsem-5.2.14-0.7.30.48.1 php5-sysvshm-5.2.14-0.7.30.48.1 php5-tokenizer-5.2.14-0.7.30.48.1 php5-wddx-5.2.14-0.7.30.48.1 php5-xmlreader-5.2.14-0.7.30.48.1 php5-xmlrpc-5.2.14-0.7.30.48.1 php5-xmlwriter-5.2.14-0.7.30.48.1 php5-xsl-5.2.14-0.7.30.48.1 php5-zip-5.2.14-0.7.30.48.1 php5-zlib-5.2.14-0.7.30.48.1 References: http://support.novell.com/security/cve/CVE-2013-1635.html http://support.novell.com/security/cve/CVE-2013-1643.html http://support.novell.com/security/cve/CVE-2013-4113.html http://support.novell.com/security/cve/CVE-2013-4635.html https://bugzilla.novell.com/783239 https://bugzilla.novell.com/807707 https://bugzilla.novell.com/828020 https://bugzilla.novell.com/829207 http://download.novell.com/patch/finder/?keywords=983afe97da999c3ed9c81daa3863571b From sle-updates at lists.suse.com Mon Aug 12 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2013 21:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1320-1: moderate: Recommended update for studio-help Message-ID: <20130812190410.89D39323BA@maintenance.suse.de> SUSE Recommended Update: Recommended update for studio-help ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1320-1 Rating: moderate References: #803925 #827779 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update provides the latest version of SUSE Studio documentation. The changes in detail are: * Documents SUSE Cloud integration. (bnc#803925) * Documents SUSE Studio's Amazon ec2 integration. (bnc#827779) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-studio-help-8042 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (noarch) [New Version: 1.3.8]: studio-help-1.3.8-0.5.2 References: https://bugzilla.novell.com/803925 https://bugzilla.novell.com/827779 http://download.novell.com/patch/finder/?keywords=0c4d8f4696aa1b32bd6f77c28e00b26f From sle-updates at lists.suse.com Mon Aug 12 13:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Aug 2013 21:04:14 +0200 (CEST) Subject: SUSE-RU-2013:1321-1: moderate: Recommended update for SUSE Studio Message-ID: <20130812190414.CA099323BA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1321-1 Rating: moderate References: #803925 #811424 #815712 #821204 #828427 #832481 #833017 #833717 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. It includes one version update. Description: This update provides SUSE Studio 1.3.3, including templates for SUSE Studio based on SUSE Linux Enterprise 11 SP3. Additionally, the update includes enhancements for SUSE Cloud integration and bug fixes. * #815712: Support building SLE 11 SP3 images in Onsite * #811424: Copyright notice of Onsite 1.3 still contains 2011 * #821204: OVMF package required for Onsite * #803925: Integrate with SUSE Cloud / OpenStack doesn't work * #828427: Internal Studio repos are visible for users * #832481: 'Error extracting xen stuff' on testdriving 64 bit xen images for 11-SP3 * #833017: Apply SLES-for-VMware.profile to SP3 appliances * #833717: Guru on building kvm image for SLES 10 SP4. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-201308-8177 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.3]: Containment-Studio-SLE11_SP3-5.04.108-20130807183642 OVMF-0.1-0.5.1 susestudio-1.3.3-0.21.2 susestudio-bundled-packages-1.3.3-0.21.2 susestudio-common-1.3.3-0.21.2 susestudio-runner-1.3.3-0.21.2 susestudio-sid-1.3.3-0.21.2 susestudio-ui-server-1.3.3-0.21.2 References: https://bugzilla.novell.com/803925 https://bugzilla.novell.com/811424 https://bugzilla.novell.com/815712 https://bugzilla.novell.com/821204 https://bugzilla.novell.com/828427 https://bugzilla.novell.com/832481 https://bugzilla.novell.com/833017 https://bugzilla.novell.com/833717 http://download.novell.com/patch/finder/?keywords=c770ac0dd445d64f547940bc1b2067dd From sle-updates at lists.suse.com Mon Aug 12 20:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2013 04:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1322-1: Recommended update for SUSE Lifecycle Management Server Message-ID: <20130813020410.5EC3B3204C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Lifecycle Management Server ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1322-1 Rating: low References: #817156 #822006 #823582 #824275 #829039 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This collective update for SLMS provides the following enhancements and fixes: * Detect synchronization against old versions of SUSE Studio. (bnc#822006) * Add support to SLES and SLED 11 SP3. (bnc#824275) * Fix crash in update subscription. (bnc#823582) * Fix appliance purge command for appliances without subscription but with nodes. (bnc#817156) * Fix SLMS purge appliances to not leave orphaned subscription. (bnc#817156) * Run SLMS purge appliances in transaction to prevent DB inconsistencies. (bnc#817156) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-201306-8062 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.4]: slms-1.3.4-0.5.6 slms-core-1.3.4-0.5.6 slms-customer-center-1.3.4-0.5.6 slms-devel-doc-1.3.4-0.5.6 slms-external-1.3.4-0.5.6 slms-registration-1.3.4-0.5.6 slms-testsuite-1.3.4-0.5.6 References: https://bugzilla.novell.com/817156 https://bugzilla.novell.com/822006 https://bugzilla.novell.com/823582 https://bugzilla.novell.com/824275 https://bugzilla.novell.com/829039 http://download.novell.com/patch/finder/?keywords=1e0d3e78463e565ccc42c8db09498021 From sle-updates at lists.suse.com Mon Aug 12 20:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2013 04:04:14 +0200 (CEST) Subject: SUSE-RU-2013:1323-1: important: Recommended update for supportutils Message-ID: <20130813020414.86DBB320EE@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1323-1 Rating: important References: #825767 #829927 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: * disk full on /proc/timer_list (bnc#829927) * failed uploads when using -Qu (bnc#825767) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-supportutils-8159 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-supportutils-8159 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-supportutils-8158 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-supportutils-8158 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-supportutils-8159 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-supportutils-8158 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): supportutils-1.20-0.75.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): supportutils-1.20-0.75.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): supportutils-1.20-0.28.76.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): supportutils-1.20-0.28.76.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): supportutils-1.20-0.75.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): supportutils-1.20-0.28.76.1 References: https://bugzilla.novell.com/825767 https://bugzilla.novell.com/829927 http://download.novell.com/patch/finder/?keywords=75f0412681f1b300e7dc18ddddfc6cae http://download.novell.com/patch/finder/?keywords=bc33364e685b053b62b752a9ae331af8 From sle-updates at lists.suse.com Tue Aug 13 11:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Aug 2013 19:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1324-1: Recommended update for POS_Image-Branchserver3, POS_Image-CDBoot3, POS_Image-DiskNetBoot3, POS_Image-Graphical3, POS_Image-Minimal3, POS_Image-Netboot-hooks, POS_Image-Tools, POS_Image-USBBoot3, POS_Image3, POS_Migration, POS_Server-Admin3, POS_Server-AdminGUI, POS_Server-AdminTools3, POS_Server-BranchTools3, POS_Server-ImageTools3, POS_Server-Modules3, POS_Server3, POS_Server3-debuginfo, POS_Server3-debugsource, admind, admind-client, posbios Message-ID: <20130813170409.B27E53236E@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image-Branchserver3, POS_Image-CDBoot3, POS_Image-DiskNetBoot3, POS_Image-Graphical3, POS_Image-Minimal3, POS_Image-Netboot-hooks, POS_Image-Tools, POS_Image-USBBoot3, POS_Image3, POS_Migration, POS_Server-Admin3, POS_Server-AdminGUI, POS_Server-AdminTools3, POS_Server-BranchTools3, POS_Server-ImageTools3, POS_Server-Modules3, POS_Server3, POS_Server3-debuginfo, POS_Server3-debugsource, admind, admind-client, posbios ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1324-1 Rating: low References: #829016 #832230 #832592 #833110 Affected Products: SUSE Linux Enterprise Point of Service 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for POS_Image3 provides the following fixes: * Fixed exporting LDAP in save_poslogs (bnc#833110) * Fixed reporting of integrity checks in pos.pl (bnc#832230) * Fixed LDAP syncronization between AS and BS (bnc#832592) Indications: Test patchinfo for beta2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Service 11 SP3: zypper in -t patch sleposp3-slepos-201308-8185 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Service 11 SP3 (i586 x86_64): POS_Migration-3.5.2-0.14.1 POS_Server-Admin3-3.5.2-0.14.1 POS_Server-AdminGUI-3.5.2-0.14.1 POS_Server-AdminTools3-3.5.2-0.14.1 POS_Server-BranchTools3-3.5.2-0.14.1 POS_Server-Modules3-3.5.2-0.14.1 POS_Server3-3.5.2-0.14.1 admind-1.9-1.14.1 admind-client-1.9-1.14.1 posbios-1.0-1.14.1 - SUSE Linux Enterprise Point of Service 11 SP3 (noarch): POS_Image-Minimal3-3.4.0-0.14.1 POS_Image-Netboot-hooks-3.4.0-0.14.1 POS_Image-Tools-3.4.0-0.14.1 POS_Image3-3.5.2-0.14.1 References: https://bugzilla.novell.com/829016 https://bugzilla.novell.com/832230 https://bugzilla.novell.com/832592 https://bugzilla.novell.com/833110 http://download.novell.com/patch/finder/?keywords=9e524f43e849612749fc2b70257acea4 From sle-updates at lists.suse.com Tue Aug 13 16:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2013 00:04:12 +0200 (CEST) Subject: SUSE-SU-2013:1325-1: important: Security update for Mozilla Firefox Message-ID: <20130813220412.C7400320F5@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1325-1 Rating: important References: #833389 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: This update to Firefox 17.0.8esr (bnc#833389) addresses: * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734) Miscellaneous memory safety hazards have been fixed (rv:23.0 / rv:17.0.8): * MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater * MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-MozillaFirefox-8191 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-MozillaFirefox-8191 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-MozillaFirefox-8191 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-MozillaFirefox-8187 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-MozillaFirefox-8187 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-MozillaFirefox-8191 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-MozillaFirefox-8187 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-17.0.8esr-0.7.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.7.2 MozillaFirefox-translations-17.0.8esr-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.7.2 MozillaFirefox-translations-17.0.8esr-0.7.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.4.2.1 MozillaFirefox-translations-17.0.8esr-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.4.2.1 MozillaFirefox-translations-17.0.8esr-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.7.2 MozillaFirefox-translations-17.0.8esr-0.7.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.4.2.1 MozillaFirefox-translations-17.0.8esr-0.4.2.1 References: https://bugzilla.novell.com/833389 http://download.novell.com/patch/finder/?keywords=0cfcf5031e62c63bd502567283c781f9 http://download.novell.com/patch/finder/?keywords=5d16f58a1649e09775bbc460079ceeda From sle-updates at lists.suse.com Tue Aug 13 16:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2013 00:04:16 +0200 (CEST) Subject: SUSE-RU-2013:1326-1: moderate: Recommended update for mkinitrd Message-ID: <20130813220416.C0EAF32370@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1326-1 Rating: moderate References: #803760 #805059 #814692 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mkinitrd provides the following fixes: * Add a udev rule to fix HyperV VM migration from Windows 2008/2012 to Windows 2012R2 hosts * Fix network configuration when using iBFT * Do not add duplicate static IPs * Recognize default network interface if more than one is present * Support /dev/md/ subdir in setup-storage. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-mkinitrd-8167 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-mkinitrd-8167 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-mkinitrd-8167 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): mkinitrd-2.4.2-0.57.61.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.57.61.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): mkinitrd-2.4.2-0.57.61.1 References: https://bugzilla.novell.com/803760 https://bugzilla.novell.com/805059 https://bugzilla.novell.com/814692 http://download.novell.com/patch/finder/?keywords=872fe885031891c28f00d8037225383c From sle-updates at lists.suse.com Tue Aug 13 16:04:20 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2013 00:04:20 +0200 (CEST) Subject: SUSE-RU-2013:1327-1: moderate: Recommended update for mkinitrd Message-ID: <20130813220420.68E3332370@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1327-1 Rating: moderate References: #803760 #805059 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mkinitrd provides the following fixes: * Add a udev rule to fix HyperV VM migration from Windows 2008/2012 to Windows 2012R2 hosts * Fix network configuration when using iBFT * Do not add duplicate static IPs * Recognize default network interface if more than one is present. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mkinitrd-8168 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mkinitrd-8168 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mkinitrd-8168 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mkinitrd-2.4.2-0.84.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.84.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mkinitrd-2.4.2-0.84.1 References: https://bugzilla.novell.com/803760 https://bugzilla.novell.com/805059 http://download.novell.com/patch/finder/?keywords=d84062321df819037872d1753b31b8b7 From sle-updates at lists.suse.com Tue Aug 13 17:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2013 01:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1328-1: moderate: Security update for python-httplib2 Message-ID: <20130813230413.1B22932068@maintenance.suse.de> SUSE Security Update: Security update for python-httplib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1328-1 Rating: moderate References: #818100 Cross-References: CVE-2013-2037 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This patch fixes a SSL certificate verification issue in python-httplib2, where remote server certificates would not have validated against the known good root certificates. Security Issue reference: * CVE-2013-2037 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-httplib2-8126 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-python-httplib2-8125 - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-httplib2-8125 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-httplib2-0.7.4-0.7.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.7.4]: python-httplib2-0.7.4-0.7.8.1 - SUSE Cloud 1.0 (x86_64): python-httplib2-0.7.4-0.7.8.1 References: http://support.novell.com/security/cve/CVE-2013-2037.html https://bugzilla.novell.com/818100 http://download.novell.com/patch/finder/?keywords=b51ccf9876436044e5fd3d5ea26dd208 http://download.novell.com/patch/finder/?keywords=fb368653920b3983833fccebdcd862e1 From sle-updates at lists.suse.com Tue Aug 13 17:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2013 01:04:17 +0200 (CEST) Subject: SUSE-SU-2013:1329-1: Security update for automake Message-ID: <20130813230417.6B83C3236D@maintenance.suse.de> SUSE Security Update: Security update for automake ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1329-1 Rating: low References: #559815 #770618 Cross-References: CVE-2012-3386 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of automake fixes a race condition in "distcheck". (CVE-2012-3386) Also a bug where world writeable tarballs were generated during "make dist" has been fixed (CVE-2009-4029). Security Issue references: * CVE-2012-3386 * CVE-2009-4029 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-automake-8197 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-automake-8196 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-automake-8197 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-automake-8197 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-automake-8196 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-automake-8196 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): automake-1.10.1-4.131.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): automake-1.10.1-4.131.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): automake-1.10.1-4.131.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): automake-1.10.1-4.131.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): automake-1.10.1-4.131.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): automake-1.10.1-4.131.9.1 References: http://support.novell.com/security/cve/CVE-2012-3386.html https://bugzilla.novell.com/559815 https://bugzilla.novell.com/770618 http://download.novell.com/patch/finder/?keywords=0d23c7bc183c768d0e0f9b34d192b755 http://download.novell.com/patch/finder/?keywords=c330be8dc6ec3936c86b84317dc3203d From sle-updates at lists.suse.com Wed Aug 14 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Aug 2013 20:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1345-1: Security update for OpenSSH Message-ID: <20130814180409.D4DFB320EF@maintenance.suse.de> SUSE Security Update: Security update for OpenSSH ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1345-1 Rating: low References: #755505 #802639 #821039 #826906 Cross-References: CVE-2010-5107 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for OpenSSH provides the following fixes: * Implement remote denial of service hardening. (bnc#802639, CVE-2010-5107) * Use only FIPS 140-2 approved algorithms when FIPS mode is detected. (bnc#755505, bnc#821039) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) Security Issue reference: * CVE-2010-5107 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openssh-8078 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openssh-8078 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-openssh-8078 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openssh-5.1p1-41.57.1 openssh-askpass-5.1p1-41.57.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): openssh-5.1p1-41.57.1 openssh-askpass-5.1p1-41.57.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): openssh-5.1p1-41.57.1 openssh-askpass-5.1p1-41.57.1 References: http://support.novell.com/security/cve/CVE-2010-5107.html https://bugzilla.novell.com/755505 https://bugzilla.novell.com/802639 https://bugzilla.novell.com/821039 https://bugzilla.novell.com/826906 http://download.novell.com/patch/finder/?keywords=dd7be5574ffe3cd03de79a99d3b6b9f0 From sle-updates at lists.suse.com Fri Aug 16 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2013 21:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1351-1: important: Security update for PHP5 Message-ID: <20130816190410.595A332378@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1351-1 Rating: important References: #699711 #709549 #713652 #728671 #733590 #735613 #736169 #738221 #741520 #741859 #742273 #742806 #743308 #744966 #746661 #749111 #752030 #753778 #760536 #761631 #772580 #772582 #775852 #778003 #783239 #807707 #828020 #829207 Cross-References: CVE-2011-1072 CVE-2011-1398 CVE-2011-1466 CVE-2011-2202 CVE-2011-3182 CVE-2011-4153 CVE-2011-4388 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 CVE-2012-0807 CVE-2012-0830 CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-4113 CVE-2013-4635 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves 27 vulnerabilities and has one errata is now available. It includes one version update. Description: php5 has been updated to roll up all pending security fixes for Long Term Service Pack Support. The Following security issues have been fixed: * CVE-2013-4635: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP allowed context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. * CVE-2013-1635: ext/soap/soap.c in PHP did not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allowed remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. * CVE-2013-1643: The SOAP parser in PHP allowed remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. * CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. * CVE-2011-1398 / CVE-2012-4388: The sapi_header_op function in main/SAPI.c in PHP did not check for %0D sequences (aka carriage return characters), which allowed remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. * CVE-2012-2688: An unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP had unknown impact and remote attack vectors, related to an "overflow." * CVE-2012-3365: The SQLite functionality in PHP before 5.3.15 allowed remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. * CVE-2012-1823: sapi/cgi/cgi_main.c in PHP, when configured as a CGI script (aka php-cgi), did not properly handle query strings that lack an = (equals sign) character, which allowed remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. * CVE-2012-2335: php-wrapper.fcgi did not properly handle command-line arguments, which allowed remote attackers to bypass a protection mechanism in PHP and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. * CVE-2012-2336: sapi/cgi/cgi_main.c in PHP, when configured as a CGI script (aka php-cgi), did not properly handle query strings that lack an = (equals sign) character, which allowed remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. * CVE-2012-2311: sapi/cgi/cgi_main.c in PHP, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. * CVE-2012-1172: The file-upload implementation in rfc1867.c in PHP did not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. * CVE-2012-0830: The php_register_variable_ex function in php_variables.c in PHP allowed remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. * CVE-2012-0807: Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might have allowed remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. * CVE-2012-0057: PHP had improper libxslt security settings, which allowed remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. * CVE-2012-0831: PHP did not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which made it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. * CVE-2011-4153: PHP did not always check the return value of the zend_strndup function, which might have allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. * CVE-2012-0781: The tidy_diagnose function in PHP might have allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. * CVE-2012-0788: The PDORow implementation in PHP did not properly interact with the session feature, which allowed remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. * CVE-2012-0789: Memory leak in the timezone functionality in PHP allowed remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which were not properly handled by the php_date_parse_tzfile cache. * CVE-2011-4885: PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allowed remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. We added a max_input_vars directive to prevent attacks based on hash collisions. * CVE-2011-4566: Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP allowed remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. * CVE-2011-3182: PHP did not properly check the return values of the malloc, calloc, and realloc library functions, which allowed context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. * CVE-2011-1466: Integer overflow in the SdnToJulian function in the Calendar extension in PHP allowed context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. * CVE-2011-1072: The installer in PEAR allowed local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. * CVE-2011-2202: The rfc1867_post_handler function in main/rfc1867.c in PHP did not properly restrict filenames in multipart/form-data POST requests, which allowed remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." Bugfixes: * fixed php bug #43200 (Interface implementation / inheritence not possible in abstract classes) [bnc#783239] * use FilesMatch with 'SetHandler' rather than 'AddHandler' [bnc#775852] * fixed unpredictable unpack()/pack() behaviour [bnc#753778] * memory corruption in parse_ini_string() [bnc#742806] * amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671] * allow uploading files bigger than 2GB for 64bit systems [bnc#709549] Security Issue references: * CVE-2011-1072 * CVE-2011-1398 * CVE-2011-1466 * CVE-2011-2202 * CVE-2011-3182 * CVE-2011-4153 * CVE-2011-4388 * CVE-2011-4566 * CVE-2011-4885 * CVE-2012-0057 * CVE-2012-0781 * CVE-2012-0788 * CVE-2012-0789 * CVE-2012-0807 * CVE-2012-0830 * CVE-2012-0831 * CVE-2012-1172 * CVE-2012-1823 * CVE-2012-2311 * CVE-2012-2335 * CVE-2012-2336 * CVE-2012-2688 * CVE-2012-3365 * CVE-2013-1635 * CVE-2013-1643 * CVE-2013-4113 * CVE-2013-4635 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.42.1 php5-5.2.14-0.42.1 php5-bcmath-5.2.14-0.42.1 php5-bz2-5.2.14-0.42.1 php5-calendar-5.2.14-0.42.1 php5-ctype-5.2.14-0.42.1 php5-curl-5.2.14-0.42.1 php5-dba-5.2.14-0.42.1 php5-dbase-5.2.14-0.42.1 php5-devel-5.2.14-0.42.1 php5-dom-5.2.14-0.42.1 php5-exif-5.2.14-0.42.1 php5-fastcgi-5.2.14-0.42.1 php5-ftp-5.2.14-0.42.1 php5-gd-5.2.14-0.42.1 php5-gettext-5.2.14-0.42.1 php5-gmp-5.2.14-0.42.1 php5-hash-5.2.14-0.42.1 php5-iconv-5.2.14-0.42.1 php5-imap-5.2.14-0.42.1 php5-json-5.2.14-0.42.1 php5-ldap-5.2.14-0.42.1 php5-mbstring-5.2.14-0.42.1 php5-mcrypt-5.2.14-0.42.1 php5-mhash-5.2.14-0.42.1 php5-mysql-5.2.14-0.42.1 php5-ncurses-5.2.14-0.42.1 php5-odbc-5.2.14-0.42.1 php5-openssl-5.2.14-0.42.1 php5-pcntl-5.2.14-0.42.1 php5-pdo-5.2.14-0.42.1 php5-pear-5.2.14-0.42.1 php5-pgsql-5.2.14-0.42.1 php5-posix-5.2.14-0.42.1 php5-pspell-5.2.14-0.42.1 php5-shmop-5.2.14-0.42.1 php5-snmp-5.2.14-0.42.1 php5-soap-5.2.14-0.42.1 php5-sockets-5.2.14-0.42.1 php5-sqlite-5.2.14-0.42.1 php5-suhosin-5.2.14-0.42.1 php5-sysvmsg-5.2.14-0.42.1 php5-sysvsem-5.2.14-0.42.1 php5-sysvshm-5.2.14-0.42.1 php5-tokenizer-5.2.14-0.42.1 php5-wddx-5.2.14-0.42.1 php5-xmlreader-5.2.14-0.42.1 php5-xmlrpc-5.2.14-0.42.1 php5-xsl-5.2.14-0.42.1 php5-zlib-5.2.14-0.42.1 References: http://support.novell.com/security/cve/CVE-2011-1072.html http://support.novell.com/security/cve/CVE-2011-1398.html http://support.novell.com/security/cve/CVE-2011-1466.html http://support.novell.com/security/cve/CVE-2011-2202.html http://support.novell.com/security/cve/CVE-2011-3182.html http://support.novell.com/security/cve/CVE-2011-4153.html http://support.novell.com/security/cve/CVE-2011-4388.html http://support.novell.com/security/cve/CVE-2011-4566.html http://support.novell.com/security/cve/CVE-2011-4885.html http://support.novell.com/security/cve/CVE-2012-0057.html http://support.novell.com/security/cve/CVE-2012-0781.html http://support.novell.com/security/cve/CVE-2012-0788.html http://support.novell.com/security/cve/CVE-2012-0789.html http://support.novell.com/security/cve/CVE-2012-0807.html http://support.novell.com/security/cve/CVE-2012-0830.html http://support.novell.com/security/cve/CVE-2012-0831.html http://support.novell.com/security/cve/CVE-2012-1172.html http://support.novell.com/security/cve/CVE-2012-1823.html http://support.novell.com/security/cve/CVE-2012-2311.html http://support.novell.com/security/cve/CVE-2012-2335.html http://support.novell.com/security/cve/CVE-2012-2336.html http://support.novell.com/security/cve/CVE-2012-2688.html http://support.novell.com/security/cve/CVE-2012-3365.html http://support.novell.com/security/cve/CVE-2013-1635.html http://support.novell.com/security/cve/CVE-2013-1643.html http://support.novell.com/security/cve/CVE-2013-4113.html http://support.novell.com/security/cve/CVE-2013-4635.html https://bugzilla.novell.com/699711 https://bugzilla.novell.com/709549 https://bugzilla.novell.com/713652 https://bugzilla.novell.com/728671 https://bugzilla.novell.com/733590 https://bugzilla.novell.com/735613 https://bugzilla.novell.com/736169 https://bugzilla.novell.com/738221 https://bugzilla.novell.com/741520 https://bugzilla.novell.com/741859 https://bugzilla.novell.com/742273 https://bugzilla.novell.com/742806 https://bugzilla.novell.com/743308 https://bugzilla.novell.com/744966 https://bugzilla.novell.com/746661 https://bugzilla.novell.com/749111 https://bugzilla.novell.com/752030 https://bugzilla.novell.com/753778 https://bugzilla.novell.com/760536 https://bugzilla.novell.com/761631 https://bugzilla.novell.com/772580 https://bugzilla.novell.com/772582 https://bugzilla.novell.com/775852 https://bugzilla.novell.com/778003 https://bugzilla.novell.com/783239 https://bugzilla.novell.com/807707 https://bugzilla.novell.com/828020 https://bugzilla.novell.com/829207 http://download.novell.com/patch/finder/?keywords=052a65bd8d851aef0dd6767bb9f288d8 From sle-updates at lists.suse.com Fri Aug 16 13:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Aug 2013 21:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1352-1: moderate: Security update for libgcrypt Message-ID: <20130816190413.5DF7E32376@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1352-1 Rating: moderate References: #831359 Cross-References: CVE-2013-4242 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libgcrypt-8201 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libgcrypt-8202 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libgcrypt-8201 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libgcrypt-8201 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libgcrypt-8202 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libgcrypt-8202 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libgcrypt-8201 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libgcrypt-8202 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt-devel-1.5.0-0.15.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libgcrypt-devel-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgcrypt-devel-1.5.0-0.15.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libgcrypt-devel-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgcrypt11-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgcrypt11-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt11-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgcrypt11-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgcrypt11-x86-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libgcrypt11-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgcrypt11-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgcrypt11-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgcrypt11-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgcrypt11-x86-1.5.0-0.15.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgcrypt11-1.5.0-0.15.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgcrypt11-32bit-1.5.0-0.15.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libgcrypt11-1.5.0-0.15.2 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgcrypt11-32bit-1.5.0-0.15.2 References: http://support.novell.com/security/cve/CVE-2013-4242.html https://bugzilla.novell.com/831359 http://download.novell.com/patch/finder/?keywords=2b7095211b1ed27d726389d7ecb5c95d http://download.novell.com/patch/finder/?keywords=bd2d0f6f2e8a3076df72f872b6ae9697 From sle-updates at lists.suse.com Mon Aug 19 08:04:28 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2013 16:04:28 +0200 (CEST) Subject: SUSE-RU-2013:1357-1: Recommended update for libcpuset Message-ID: <20130819140428.9637C32085@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcpuset ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1357-1 Rating: low References: #625079 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update enhances libcpuset to dynamically detect where the cpuset file system is mounted (bnc#625079). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libcpuset-8004 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libcpuset-8003 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libcpuset-8004 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libcpuset-8004 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libcpuset-8003 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libcpuset-8003 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcpuset-devel-1.0-8.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): libcpuset1-1.0-8.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcpuset-devel-1.0-8.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): libcpuset1-1.0-8.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libcpuset1-1.0-8.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcpuset1-1.0-8.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libcpuset1-1.0-8.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcpuset1-1.0-8.7.1 References: https://bugzilla.novell.com/625079 http://download.novell.com/patch/finder/?keywords=02258a74ae57416c9dd15d87e3cc77b5 http://download.novell.com/patch/finder/?keywords=17cbe7caf8d31b63d53b3f8c765dd8d7 From sle-updates at lists.suse.com Mon Aug 19 10:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2013 18:04:12 +0200 (CEST) Subject: SUSE-RU-2013:1358-1: Recommended update for rubygem-chef-solr Message-ID: <20130819160412.E36ED3204C@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-solr ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1358-1 Rating: low References: #826646 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides: * Chef-expander now writes correctly to its log file (bnc#826646) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-rubygem-chef-solr-8173 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): rubygem-chef-solr-0.10.8-0.19.1 References: https://bugzilla.novell.com/826646 http://download.novell.com/patch/finder/?keywords=6ab0f725610610ae0473a84747d81de1 From sle-updates at lists.suse.com Mon Aug 19 10:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Aug 2013 18:04:17 +0200 (CEST) Subject: SUSE-RU-2013:1359-1: Recommended update for rubygem-chef Message-ID: <20130819160417.32B5E32085@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1359-1 Rating: low References: #788548 #788794 #791048 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rubygem-chef provides the following fixes: * Drop logrotate user 'chef' and set log owner to root. (bnc#788794) * a quoting issue when handling OPTIONS from /etc/sysconfig/chef-client. (bnc#788548) * Fixed permissions of /etc/chef/certificates/ on admin node. (bnc#791048) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-rubygem-chef-8218 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): rubygem-chef-0.10.8-0.23.1 References: https://bugzilla.novell.com/788548 https://bugzilla.novell.com/788794 https://bugzilla.novell.com/791048 http://download.novell.com/patch/finder/?keywords=3d90e4b3b5e3f0c4bdc168129c99706b From sle-updates at lists.suse.com Mon Aug 19 17:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Aug 2013 01:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1361-1: critical: Recommended update for microcode_ctl Message-ID: <20130819230409.A024032020@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1361-1 Rating: critical References: #825259 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20130808. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-microcode_ctl-8223 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-microcode_ctl-8223 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-microcode_ctl-8222 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-microcode_ctl-8222 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-microcode_ctl-8220 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-microcode_ctl-8220 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-microcode_ctl-8223 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-microcode_ctl-8222 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): microcode_ctl-1.17-102.66.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.66.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): microcode_ctl-1.17-102.57.60.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): microcode_ctl-1.17-102.57.60.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64): microcode_ctl-1.17-102.57.60.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): microcode_ctl-1.17-102.57.60.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.66.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): microcode_ctl-1.17-102.57.60.1 References: https://bugzilla.novell.com/825259 http://download.novell.com/patch/finder/?keywords=0c0e6784afbba17d2ea53eedee48e23d http://download.novell.com/patch/finder/?keywords=30d6afa250c0772fa0a3ee0f25f65f69 http://download.novell.com/patch/finder/?keywords=6d0394bfdf9a0a04394befb7d3ceec7d From sle-updates at lists.suse.com Tue Aug 20 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Aug 2013 21:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1363-1: Recommended update for libfprint and pam_fp Message-ID: <20130820190410.8F82D32068@maintenance.suse.de> SUSE Recommended Update: Recommended update for libfprint and pam_fp ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1363-1 Rating: low References: #793928 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libfprint and pam_fp adds support for the new Validity fingerprint reader VFS495. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-validity-fp-7978 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-validity-fp-7978 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-validity-fp-7978 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libfprint0-0.0.6-18.22.28 pam_fp-0.1-12.34.29 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libfprint0-32bit-0.0.6-18.22.28 pam_fp-32bit-0.1-12.34.29 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libfprint0-0.0.6-18.22.28 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 x86_64): pam_fp-0.1-12.34.29 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libfprint0-32bit-0.0.6-18.22.28 - SUSE Linux Enterprise Server 11 SP3 (ppc64 x86_64): pam_fp-32bit-0.1-12.34.29 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libfprint0-0.0.6-18.22.28 pam_fp-0.1-12.34.29 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libfprint0-32bit-0.0.6-18.22.28 pam_fp-32bit-0.1-12.34.29 References: https://bugzilla.novell.com/793928 http://download.novell.com/patch/finder/?keywords=3fb39c02f381109eb215e451d7893886 From sle-updates at lists.suse.com Tue Aug 20 14:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Aug 2013 22:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1364-1: moderate: Security update for telepathy-idle Message-ID: <20130820200409.E869A320EC@maintenance.suse.de> SUSE Security Update: Security update for telepathy-idle ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1364-1 Rating: moderate References: #817120 Cross-References: CVE-2007-6746 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Telepathy-idle did not check SSL certificates. CVE-2007-6746 was assigned to this issue. Security Issue reference: * CVE-2007-6746 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-telepathy-idle-8216 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-telepathy-idle-8215 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): telepathy-idle-0.1.5-1.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): telepathy-idle-0.1.5-1.5.1 References: http://support.novell.com/security/cve/CVE-2007-6746.html https://bugzilla.novell.com/817120 http://download.novell.com/patch/finder/?keywords=56f3ca0e41170514d59d122cc53ecddd http://download.novell.com/patch/finder/?keywords=5d515619372a90a2b07cccc067e6ec87 From sle-updates at lists.suse.com Wed Aug 21 16:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2013 00:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1368-1: important: Recommended update for studio-help Message-ID: <20130821220409.A70B932047@maintenance.suse.de> SUSE Recommended Update: Recommended update for studio-help ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1368-1 Rating: important References: #827779 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of SUSE Studio documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-studio-help-8203 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (noarch) [New Version: 1.3.9]: studio-help-1.3.9-0.5.1 References: https://bugzilla.novell.com/827779 http://download.novell.com/patch/finder/?keywords=d8968ad5ee665165ed49ff611b9ded00 From sle-updates at lists.suse.com Wed Aug 21 16:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Aug 2013 00:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1369-1: important: Recommended update for susestudio Message-ID: <20130821220413.5454D32246@maintenance.suse.de> SUSE Recommended Update: Recommended update for susestudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1369-1 Rating: important References: #714202 #754362 #822849 #824309 #825986 #827728 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This update provides SUSE Studio 1.3.4. This version brings integration with SUSE Studio's System Z extension, allowing building of appliances for the s390x architecture. * #822849: Build System Z Appliances * #827728: s390x network cards are not brought up * #825986: s390: Upgrade path SP2 -> SP3 * #714202: s390x runner - add firewall rule for runner * #754362: s390 runner does not attempt to make self configuration in case of ui-server change * #824309: when removing or reinstalling AddOn, sudoers file gets inconsistent. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-134-201308-8204 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.4]: susestudio-1.3.4-0.23.2 susestudio-bundled-packages-1.3.4-0.23.2 susestudio-common-1.3.4-0.23.2 susestudio-runner-1.3.4-0.23.2 susestudio-sid-1.3.4-0.23.2 susestudio-ui-server-1.3.4-0.23.2 References: https://bugzilla.novell.com/714202 https://bugzilla.novell.com/754362 https://bugzilla.novell.com/822849 https://bugzilla.novell.com/824309 https://bugzilla.novell.com/825986 https://bugzilla.novell.com/827728 http://download.novell.com/patch/finder/?keywords=94028a5dedb4ba5f4f9970659e853281 From sle-updates at lists.suse.com Thu Aug 22 20:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2013 04:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1373-1: moderate: Security update for libpixman Message-ID: <20130823020409.2ADDB32047@maintenance.suse.de> SUSE Security Update: Security update for libpixman ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1373-1 Rating: moderate References: #815064 Cross-References: CVE-2013-1591 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A stack based buffer overflow in the pixman library has been fixed. (CVE-2013-1591) Security Issue reference: * CVE-2013-1591 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpixman-1-0-8119 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpixman-1-0-8119 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpixman-1-0-8119 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpixman-1-0-8119 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-devel-0.24.4-0.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpixman-1-0-0.24.4-0.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpixman-1-0-32bit-0.24.4-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-0.24.4-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpixman-1-0-32bit-0.24.4-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpixman-1-0-x86-0.24.4-0.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpixman-1-0-0.24.4-0.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpixman-1-0-32bit-0.24.4-0.13.1 References: http://support.novell.com/security/cve/CVE-2013-1591.html https://bugzilla.novell.com/815064 http://download.novell.com/patch/finder/?keywords=78320be449e78c2de4f0552d848c2c92 From sle-updates at lists.suse.com Thu Aug 22 20:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2013 04:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1374-1: moderate: Security update for tomcat6 Message-ID: <20130823020413.0D69C320EC@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1374-1 Rating: moderate References: #768772 #804992 #818948 #822177 #831119 Cross-References: CVE-2012-0022 CVE-2012-3544 CVE-2013-1976 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948) Security Issue references: * CVE-2012-3544 * CVE-2013-1976 * CVE-2012-0022 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-tomcat6-8154 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-tomcat6-8156 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-tomcat6-8156 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-tomcat6-8155 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-tomcat6-8155 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (noarch): tomcat6-6.0.18-20.35.42.1 tomcat6-jsp-2_1-api-6.0.18-20.35.42.1 tomcat6-lib-6.0.18-20.35.42.1 tomcat6-servlet-2_5-api-6.0.18-20.35.42.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): tomcat6-6.0.18-20.35.42.1 tomcat6-admin-webapps-6.0.18-20.35.42.1 tomcat6-docs-webapp-6.0.18-20.35.42.1 tomcat6-javadoc-6.0.18-20.35.42.1 tomcat6-jsp-2_1-api-6.0.18-20.35.42.1 tomcat6-lib-6.0.18-20.35.42.1 tomcat6-servlet-2_5-api-6.0.18-20.35.42.1 tomcat6-webapps-6.0.18-20.35.42.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): tomcat6-6.0.18-20.35.42.1 tomcat6-admin-webapps-6.0.18-20.35.42.1 tomcat6-docs-webapp-6.0.18-20.35.42.1 tomcat6-javadoc-6.0.18-20.35.42.1 tomcat6-jsp-2_1-api-6.0.18-20.35.42.1 tomcat6-lib-6.0.18-20.35.42.1 tomcat6-servlet-2_5-api-6.0.18-20.35.42.1 tomcat6-webapps-6.0.18-20.35.42.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): tomcat6-6.0.18-20.35.42.1 tomcat6-admin-webapps-6.0.18-20.35.42.1 tomcat6-docs-webapp-6.0.18-20.35.42.1 tomcat6-javadoc-6.0.18-20.35.42.1 tomcat6-jsp-2_1-api-6.0.18-20.35.42.1 tomcat6-lib-6.0.18-20.35.42.1 tomcat6-servlet-2_5-api-6.0.18-20.35.42.1 tomcat6-webapps-6.0.18-20.35.42.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): tomcat6-6.0.18-20.35.42.1 tomcat6-admin-webapps-6.0.18-20.35.42.1 tomcat6-docs-webapp-6.0.18-20.35.42.1 tomcat6-javadoc-6.0.18-20.35.42.1 tomcat6-jsp-2_1-api-6.0.18-20.35.42.1 tomcat6-lib-6.0.18-20.35.42.1 tomcat6-servlet-2_5-api-6.0.18-20.35.42.1 tomcat6-webapps-6.0.18-20.35.42.1 References: http://support.novell.com/security/cve/CVE-2012-0022.html http://support.novell.com/security/cve/CVE-2012-3544.html http://support.novell.com/security/cve/CVE-2013-1976.html https://bugzilla.novell.com/768772 https://bugzilla.novell.com/804992 https://bugzilla.novell.com/818948 https://bugzilla.novell.com/822177 https://bugzilla.novell.com/831119 http://download.novell.com/patch/finder/?keywords=12b24e7d9af803f495821f7913c74791 http://download.novell.com/patch/finder/?keywords=a5246128c8e50844e60161cb307cf899 http://download.novell.com/patch/finder/?keywords=ba897d3a71e20b3c4589c544b8b8a1f2 From sle-updates at lists.suse.com Thu Aug 22 21:04:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2013 05:04:08 +0200 (CEST) Subject: SUSE-SU-2013:1325-2: important: Security update for Mozilla Firefox Message-ID: <20130823030408.EC50532047@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1325-2 Rating: important References: #833389 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes four new package versions. Description: This update to Firefox 17.0.8esr (bnc#833389) addresses the following issues: * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734) Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) * MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater * MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-MozillaFirefox-8188 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-MozillaFirefox-8188 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.4.2.1 MozillaFirefox-translations-17.0.8esr-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.4.2.1 MozillaFirefox-translations-17.0.8esr-0.4.2.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.14.3 and 4.9.6]: mozilla-nspr-4.9.6-0.5.7 mozilla-nspr-devel-4.9.6-0.5.7 mozilla-nss-3.14.3-0.5.7 mozilla-nss-devel-3.14.3-0.5.7 mozilla-nss-tools-3.14.3-0.5.7 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.14.3 and 4.9.6]: mozilla-nspr-32bit-4.9.6-0.5.7 mozilla-nss-32bit-3.14.3-0.5.7 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x) [New Version: 17.0.8esr and 7]: MozillaFirefox-17.0.8esr-0.5.3 MozillaFirefox-branding-SLED-7-0.10.34 MozillaFirefox-translations-17.0.8esr-0.5.3 References: https://bugzilla.novell.com/833389 http://download.novell.com/patch/finder/?keywords=27187876975cda4d472350efca85775a http://download.novell.com/patch/finder/?keywords=6795b3750d821e23eeba3d00c98c91e6 From sle-updates at lists.suse.com Fri Aug 23 11:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2013 19:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1378-1: Recommended update for yast2-sound Message-ID: <20130823170411.D135932168@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sound ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1378-1 Rating: low References: #740333 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update of YaST's Sound module resolves the following issue: * Do not restore mixer settings when displaying the main dialog. (bnc#740333) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-sound-7973 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-sound-7973 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yast2-sound-7882 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yast2-sound-7882 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-sound-7973 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-yast2-sound-7882 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.17.21]: yast2-sound-2.17.21-0.5.151 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.21]: yast2-sound-2.17.21-0.5.151 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.17.21]: yast2-sound-2.17.21-0.5.149 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.21]: yast2-sound-2.17.21-0.5.149 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.17.21]: yast2-sound-2.17.21-0.5.151 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.17.21]: yast2-sound-2.17.21-0.5.149 References: https://bugzilla.novell.com/740333 http://download.novell.com/patch/finder/?keywords=1bc729b588f001590488d0bb304f4af8 http://download.novell.com/patch/finder/?keywords=d12c59d6d03f5b0829249b2092cd71a5 From sle-updates at lists.suse.com Fri Aug 23 12:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2013 20:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1379-1: Recommended update for Subscription Management Tool Message-ID: <20130823180410.E885B32168@maintenance.suse.de> SUSE Recommended Update: Recommended update for Subscription Management Tool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1379-1 Rating: low References: #812475 #814663 #815379 #821853 #834782 #834801 Affected Products: Subscription Management Tool 11 SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This update for SMT provides the following fixes and enhancements: * Enhance clientSetup4SMT.sh to accept a CA certificate in a non-interactive way by providing the fingerprint. (bnc#821853) * Set umask to default. (bnc#814663) * Fix escaping of proxy user and password. (bnc#812475) * Do not show errors before values are entered. (bnc#815379) * Make unescape more robust. (bnc#834782) * Fix syntax error while not using auto-accept. (bnc#834801) * Add 10 seconds timeout for DNS and server connection to the wget command, preventing the registration script from hanging if there is an issue with the network. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool 11 SP2: zypper in -t patch slesmtsp0-res-signingkeys-8225 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool 11 SP2 (i586 s390x x86_64) [New Version: 1.2.4]: res-signingkeys-1.2.4-0.7.1 smt-1.2.4-0.7.1 smt-support-1.2.4-0.7.1 References: https://bugzilla.novell.com/812475 https://bugzilla.novell.com/814663 https://bugzilla.novell.com/815379 https://bugzilla.novell.com/821853 https://bugzilla.novell.com/834782 https://bugzilla.novell.com/834801 http://download.novell.com/patch/finder/?keywords=85668abd1d557b13b85b3df7f92e1d47 From sle-updates at lists.suse.com Fri Aug 23 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Aug 2013 21:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1380-1: Recommended update for Subscription Management Tool Message-ID: <20130823190410.7D5EA321E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for Subscription Management Tool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1380-1 Rating: low References: #834782 #834801 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for SMT provides the following fixes and enhancements: * Make unescape more robust. (bnc#834782) * Fix syntax error while not using auto-accept. (bnc#834801) * Add 10 seconds timeout for DNS and server connection to the wget command, preventing the registration script from hanging if there is an issue with the network. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11 SP3: zypper in -t patch slesmtsp3-res-signingkeys-8228 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11 SP3 (i586 s390x x86_64) [New Version: 1.2.4]: res-signingkeys-1.2.4-0.10.1 smt-1.2.4-0.10.1 smt-support-1.2.4-0.10.1 References: https://bugzilla.novell.com/834782 https://bugzilla.novell.com/834801 http://download.novell.com/patch/finder/?keywords=df438c76a6b96e39302f78ff7d0851a2 From sle-updates at lists.suse.com Mon Aug 26 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Aug 2013 17:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1381-1: moderate: Security update for Apache2 Message-ID: <20130826150410.8978F32277@maintenance.suse.de> SUSE Security Update: Security update for Apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1381-1 Rating: moderate References: #791794 #815621 #829056 #829057 Cross-References: CVE-2013-1862 CVE-2013-1896 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This collective update for Apache provides the following fixes: * Make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2) returns 0 and errno is set to -EAGAIN). (bnc#815621) * Close the connection just before an attempted re-negotiation if data has been read with pipelining. This is done by resetting the keepalive status. (bnc#815621) * Reset the renegotiation status of a client<->server connection to RENEG_INIT to prevent falsely assumed status. (bnc#791794) * "OPTIONS *" internal requests are intercepted by a dummy filter that kicks in for the OPTIONS method. Apple iPrint uses "OPTIONS *" to upgrade the connection to TLS/1.0 following RFC 2817. For compatibility, check if an Upgrade request header is present and skip the filter if yes. (bnc#791794) * Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. (bnc#829056, CVE-2013-1896) * Client data written to the RewriteLog must have terminal escape sequences escaped. (bnc#829057, CVE-2013-1862) Security Issue references: * CVE-2013-1896 * CVE-2013-1862 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-8138 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-8137 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-8138 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-8138 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-8137 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-8137 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-2.2.12-1.40.1 apache2-doc-2.2.12-1.40.1 apache2-example-pages-2.2.12-1.40.1 apache2-prefork-2.2.12-1.40.1 apache2-utils-2.2.12-1.40.1 apache2-worker-2.2.12-1.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-2.2.12-1.40.1 apache2-doc-2.2.12-1.40.1 apache2-example-pages-2.2.12-1.40.1 apache2-prefork-2.2.12-1.40.1 apache2-utils-2.2.12-1.40.1 apache2-worker-2.2.12-1.40.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-2.2.12-1.40.1 apache2-doc-2.2.12-1.40.1 apache2-example-pages-2.2.12-1.40.1 apache2-prefork-2.2.12-1.40.1 apache2-utils-2.2.12-1.40.1 apache2-worker-2.2.12-1.40.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.40.1 apache2-doc-2.2.12-1.40.1 apache2-example-pages-2.2.12-1.40.1 apache2-prefork-2.2.12-1.40.1 apache2-utils-2.2.12-1.40.1 apache2-worker-2.2.12-1.40.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-2.2.12-1.40.1 apache2-doc-2.2.12-1.40.1 apache2-example-pages-2.2.12-1.40.1 apache2-prefork-2.2.12-1.40.1 apache2-utils-2.2.12-1.40.1 apache2-worker-2.2.12-1.40.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.40.1 apache2-doc-2.2.12-1.40.1 apache2-example-pages-2.2.12-1.40.1 apache2-prefork-2.2.12-1.40.1 apache2-utils-2.2.12-1.40.1 apache2-worker-2.2.12-1.40.1 References: http://support.novell.com/security/cve/CVE-2013-1862.html http://support.novell.com/security/cve/CVE-2013-1896.html https://bugzilla.novell.com/791794 https://bugzilla.novell.com/815621 https://bugzilla.novell.com/829056 https://bugzilla.novell.com/829057 http://download.novell.com/patch/finder/?keywords=106ec7308fc7232703cf87a5a41c5c46 http://download.novell.com/patch/finder/?keywords=a26f350e03bfdb5e4f778c3a5f45a1ad From sle-updates at lists.suse.com Tue Aug 27 00:04:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Aug 2013 08:04:08 +0200 (CEST) Subject: SUSE-SU-2013:1382-1: important: Security update for Mozilla Firefox Message-ID: <20130827060408.7DF3232047@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1382-1 Rating: important References: #833389 Cross-References: CVE-2013-1701 CVE-2013-1702 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1712 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. It includes one version update. Description: Update to Firefox 17.0.8esr (bnc#833389) to address: * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734) Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) * MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater * MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system Security Issue references: * CVE-2013-1701 * CVE-2013-1702 * CVE-2013-1706 * CVE-2013-1707 * CVE-2013-1709 * CVE-2013-1710 * CVE-2013-1712 * CVE-2013-1713 * CVE-2013-1714 * CVE-2013-1717 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x) [New Version: 17.0.8esr]: MozillaFirefox-17.0.8esr-0.5.1 MozillaFirefox-translations-17.0.8esr-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1701.html http://support.novell.com/security/cve/CVE-2013-1702.html http://support.novell.com/security/cve/CVE-2013-1706.html http://support.novell.com/security/cve/CVE-2013-1707.html http://support.novell.com/security/cve/CVE-2013-1709.html http://support.novell.com/security/cve/CVE-2013-1710.html http://support.novell.com/security/cve/CVE-2013-1712.html http://support.novell.com/security/cve/CVE-2013-1713.html http://support.novell.com/security/cve/CVE-2013-1714.html http://support.novell.com/security/cve/CVE-2013-1717.html https://bugzilla.novell.com/833389 http://download.novell.com/patch/finder/?keywords=4ec72487a7980101b353c16bf1aff155 From sle-updates at lists.suse.com Tue Aug 27 06:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Aug 2013 14:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1383-1: Recommended update for nagios-plugins-rsync Message-ID: <20130827120409.34AE932025@maintenance.suse.de> SUSE Recommended Update: Recommended update for nagios-plugins-rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1383-1 Rating: low References: #825223 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nagios-plugins-rsync adjusts the script to allow monitoring of hidden rsync modules. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nagios-plugins-rsync-7908 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nagios-plugins-rsync-7908 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nagios-plugins-rsync-7876 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nagios-plugins-rsync-7876 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): nagios-plugins-rsync-1.02-2.23.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): nagios-plugins-rsync-1.02-2.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): nagios-plugins-rsync-1.02-2.23.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): nagios-plugins-rsync-1.02-2.23.1 References: https://bugzilla.novell.com/825223 http://download.novell.com/patch/finder/?keywords=735d042b555d41f65f57cbdabba7a4c4 http://download.novell.com/patch/finder/?keywords=e15ad1824e63001a20672f6cd3bff34f From sle-updates at lists.suse.com Tue Aug 27 16:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2013 00:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1384-1: Recommended update for suseRegister Message-ID: <20130827220409.D4A8C320AD@maintenance.suse.de> SUSE Recommended Update: Recommended update for suseRegister ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1384-1 Rating: low References: #812475 #821853 #834801 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suseRegister adds a new command line parameter to clientSetup4SMT.sh, allowing the user to accept a CA certificate in a non-interactive way by providing the fingerprint. (bnc#821853) Additionally, the following issues have been fixed: * Escape special chars from proxy user and password. (bnc#812475) * Pass correct proxy authentication flags to libcurl. (bnc#812475) * Fix syntax errors in clientSetup4SMT.sh. (bnc#834801) * Specify a timeouts while getting the certificate. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-suseRegister-8226 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-suseRegister-8226 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-suseRegister-8226 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): suseRegister-1.4-1.26.5.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): suseRegister-1.4-1.26.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): suseRegister-1.4-1.26.5.1 References: https://bugzilla.novell.com/812475 https://bugzilla.novell.com/821853 https://bugzilla.novell.com/834801 http://download.novell.com/patch/finder/?keywords=cb47e180e2e0b98c6dec32e93ae5fc78 From sle-updates at lists.suse.com Tue Aug 27 16:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2013 00:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1385-1: Recommended update for suseRegister Message-ID: <20130827220413.6C9613236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suseRegister ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1385-1 Rating: low References: #821853 #834801 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for suseRegister adds a new command line parameter to clientSetup4SMT.sh, allowing the user to accept a CA certificate in a non-interactive way by providing the fingerprint. (bnc#821853) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-suseRegister-8227 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-suseRegister-8227 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-suseRegister-8227 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): suseRegister-1.4-1.33.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): suseRegister-1.4-1.33.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): suseRegister-1.4-1.33.1 References: https://bugzilla.novell.com/821853 https://bugzilla.novell.com/834801 http://download.novell.com/patch/finder/?keywords=bf0c06e7e6d50fa107ab4fd932e2e470 From sle-updates at lists.suse.com Wed Aug 28 06:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2013 14:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1386-1: moderate: Security update for OpenSSL Message-ID: <20130828120410.0DD0B32001@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1386-1 Rating: moderate References: #739719 #758060 #802648 #802746 Affected Products: SUSE CORE 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: OpenSSL on SUSE Linux Enterprise Server 9 LTSS has been updated to receive a roll up of security fixes from the last year. The following issues have been fixed: * CVE-2013-0169: The TLS protocol and the DTLS protocol, as used in OpenSSL and other products, did not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allowed remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. * CVE-2013-0166: OpenSSL did not properly perform signature verification for OCSP responses, which allowed remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. * CVE-2012-2110 CVE-2012-2131: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL did not properly interpret integer data, which allowed remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. * CVE-2011-4576: The SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding, which might have allowed remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. * CVE-2011-4619: The Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts, which allowed remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Package List: - SUSE CORE 9 (i586 s390 s390x x86_64): openssl-0.9.7d-15.48 openssl-devel-0.9.7d-15.48 openssl-doc-0.9.7d-15.48 - SUSE CORE 9 (x86_64): openssl-32bit-9-201308121627 openssl-devel-32bit-9-201308121627 - SUSE CORE 9 (s390x): openssl-32bit-9-201308121642 openssl-devel-32bit-9-201308121642 References: https://bugzilla.novell.com/739719 https://bugzilla.novell.com/758060 https://bugzilla.novell.com/802648 https://bugzilla.novell.com/802746 http://download.novell.com/patch/finder/?keywords=bea1b3ef15108e5f9d7fc35575cbb857 From sle-updates at lists.suse.com Wed Aug 28 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Aug 2013 17:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1387-1: Recommended update for PulseAudio Message-ID: <20130828150410.84B3632020@maintenance.suse.de> SUSE Recommended Update: Recommended update for PulseAudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1387-1 Rating: low References: #746879 #754615 #797080 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for PulseAudio provides the following fixes: * Silence noise when moving streams among sinks/sources * Fix wrong extension check in parecord * Fix poll event and mmap checks in ALSA backend * Make bluetooth A2DP audio more robust under poor radio conditions * Fix corrupted sound on channel panning. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpulse-browse0-7966 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpulse-browse0-7966 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpulse-browse0-7966 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpulse-browse0-7966 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-devel-0.9.23-0.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpulse-browse0-0.9.23-0.13.1 libpulse-mainloop-glib0-0.9.23-0.13.1 libpulse0-0.9.23-0.13.1 pulseaudio-0.9.23-0.13.1 pulseaudio-esound-compat-0.9.23-0.13.1 pulseaudio-gdm-hooks-0.9.23-0.13.1 pulseaudio-lang-0.9.23-0.13.1 pulseaudio-module-x11-0.9.23-0.13.1 pulseaudio-module-zeroconf-0.9.23-0.13.1 pulseaudio-utils-0.9.23-0.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpulse0-32bit-0.9.23-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpulse-browse0-0.9.23-0.13.1 libpulse-mainloop-glib0-0.9.23-0.13.1 libpulse0-0.9.23-0.13.1 pulseaudio-0.9.23-0.13.1 pulseaudio-esound-compat-0.9.23-0.13.1 pulseaudio-gdm-hooks-0.9.23-0.13.1 pulseaudio-lang-0.9.23-0.13.1 pulseaudio-module-x11-0.9.23-0.13.1 pulseaudio-module-zeroconf-0.9.23-0.13.1 pulseaudio-utils-0.9.23-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpulse0-32bit-0.9.23-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpulse0-x86-0.9.23-0.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpulse-browse0-0.9.23-0.13.1 libpulse-mainloop-glib0-0.9.23-0.13.1 libpulse0-0.9.23-0.13.1 pulseaudio-0.9.23-0.13.1 pulseaudio-esound-compat-0.9.23-0.13.1 pulseaudio-gdm-hooks-0.9.23-0.13.1 pulseaudio-lang-0.9.23-0.13.1 pulseaudio-module-bluetooth-0.9.23-0.13.1 pulseaudio-module-gconf-0.9.23-0.13.1 pulseaudio-module-jack-0.9.23-0.13.1 pulseaudio-module-lirc-0.9.23-0.13.1 pulseaudio-module-x11-0.9.23-0.13.1 pulseaudio-module-zeroconf-0.9.23-0.13.1 pulseaudio-utils-0.9.23-0.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpulse0-32bit-0.9.23-0.13.1 References: https://bugzilla.novell.com/746879 https://bugzilla.novell.com/754615 https://bugzilla.novell.com/797080 http://download.novell.com/patch/finder/?keywords=a14e3b949bb06bee42914e70893d402c From sle-updates at lists.suse.com Thu Aug 29 11:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Aug 2013 19:04:27 +0200 (CEST) Subject: SUSE-RU-2013:1389-1: Recommended update for ethtool Message-ID: <20130829170427.3AA6E321B9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1389-1 Rating: low References: #820278 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ethtool improves reporting of KR PHY link modes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ethtool-8048 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ethtool-8048 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ethtool-8048 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ethtool-6.2.6.39-0.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ethtool-6.2.6.39-0.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ethtool-6.2.6.39-0.18.1 References: https://bugzilla.novell.com/820278 http://download.novell.com/patch/finder/?keywords=1f64b6d5fd5d6cf27195b2394f8a4bfb From sle-updates at lists.suse.com Thu Aug 29 16:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Aug 2013 00:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1390-1: important: Security update for MySQL Message-ID: <20130829220410.8A103320AD@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1390-1 Rating: important References: #734436 #768832 #780019 #789263 #791863 #803040 #830086 #834028 #834967 Cross-References: CVE-2013-1861 CVE-2013-3783 CVE-2013-3793 CVE-2013-3794 CVE-2013-3795 CVE-2013-3796 CVE-2013-3798 CVE-2013-3801 CVE-2013-3802 CVE-2013-3804 CVE-2013-3805 CVE-2013-3806 CVE-2013-3807 CVE-2013-3808 CVE-2013-3809 CVE-2013-3810 CVE-2013-3811 CVE-2013-3812 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. It includes one version update. Description: This version upgrade of mysql to 5.5.32 fixes multiple security issues: CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3795, CVE-2013-3796, CVE-2013-3798, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808, CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812 Additionally, it contains numerous bug fixes and improvements.: * making mysqldump work with MySQL 5.0 (bnc#768832) * fixed log rights (bnc#789263 and bnc#803040) * binlog disabled in default configuration (bnc#791863) * fixed dependencies for client package (bnc#780019) * minor polishing of spec/installation * avoiding file conflicts with mytop * better fix for hardcoded libdir issue * fix hardcoded plugin paths (bnc#834028) * Use chown --no-dereference instead of chown to improve security (bnc#834967) * Adjust to spell !includedir correctly in /etc/my.cnf (bnc#734436) Security Issue references: * CVE-2013-1861 * CVE-2013-3783 * CVE-2013-3793 * CVE-2013-3794 * CVE-2013-3795 * CVE-2013-3796 * CVE-2013-3798 * CVE-2013-3801 * CVE-2013-3802 * CVE-2013-3804 * CVE-2013-3805 * CVE-2013-3806 * CVE-2013-3807 * CVE-2013-3808 * CVE-2013-3809 * CVE-2013-3810 * CVE-2013-3811 * CVE-2013-3812 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmysql55client18-8217 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmysql55client18-8217 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmysql55client18-8217 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmysql55client18-8217 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.32-0.9.1 libmysqlclient_r15-32bit-5.0.96-0.6.9 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libmysql55client_r18-x86-5.5.32-0.9.1 libmysqlclient_r15-x86-5.0.96-0.6.9 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.32]: libmysql55client18-5.5.32-0.9.1 libmysql55client_r18-5.5.32-0.9.1 libmysqlclient15-5.0.96-0.6.9 libmysqlclient_r15-5.0.96-0.6.9 mysql-5.5.32-0.9.1 mysql-client-5.5.32-0.9.1 mysql-tools-5.5.32-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.32]: libmysql55client18-32bit-5.5.32-0.9.1 libmysqlclient15-32bit-5.0.96-0.6.9 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.32]: libmysql55client18-5.5.32-0.9.1 libmysql55client_r18-5.5.32-0.9.1 libmysqlclient15-5.0.96-0.6.9 libmysqlclient_r15-5.0.96-0.6.9 mysql-5.5.32-0.9.1 mysql-client-5.5.32-0.9.1 mysql-tools-5.5.32-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.32]: libmysql55client18-32bit-5.5.32-0.9.1 libmysqlclient15-32bit-5.0.96-0.6.9 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.32]: libmysql55client18-x86-5.5.32-0.9.1 libmysqlclient15-x86-5.0.96-0.6.9 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.32]: libmysql55client18-5.5.32-0.9.1 libmysql55client_r18-5.5.32-0.9.1 libmysqlclient15-5.0.96-0.6.9 libmysqlclient_r15-5.0.96-0.6.9 mysql-5.5.32-0.9.1 mysql-client-5.5.32-0.9.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.32]: libmysql55client18-32bit-5.5.32-0.9.1 libmysql55client_r18-32bit-5.5.32-0.9.1 libmysqlclient15-32bit-5.0.96-0.6.9 libmysqlclient_r15-32bit-5.0.96-0.6.9 References: http://support.novell.com/security/cve/CVE-2013-1861.html http://support.novell.com/security/cve/CVE-2013-3783.html http://support.novell.com/security/cve/CVE-2013-3793.html http://support.novell.com/security/cve/CVE-2013-3794.html http://support.novell.com/security/cve/CVE-2013-3795.html http://support.novell.com/security/cve/CVE-2013-3796.html http://support.novell.com/security/cve/CVE-2013-3798.html http://support.novell.com/security/cve/CVE-2013-3801.html http://support.novell.com/security/cve/CVE-2013-3802.html http://support.novell.com/security/cve/CVE-2013-3804.html http://support.novell.com/security/cve/CVE-2013-3805.html http://support.novell.com/security/cve/CVE-2013-3806.html http://support.novell.com/security/cve/CVE-2013-3807.html http://support.novell.com/security/cve/CVE-2013-3808.html http://support.novell.com/security/cve/CVE-2013-3809.html http://support.novell.com/security/cve/CVE-2013-3810.html http://support.novell.com/security/cve/CVE-2013-3811.html http://support.novell.com/security/cve/CVE-2013-3812.html https://bugzilla.novell.com/734436 https://bugzilla.novell.com/768832 https://bugzilla.novell.com/780019 https://bugzilla.novell.com/789263 https://bugzilla.novell.com/791863 https://bugzilla.novell.com/803040 https://bugzilla.novell.com/830086 https://bugzilla.novell.com/834028 https://bugzilla.novell.com/834967 http://download.novell.com/patch/finder/?keywords=ee1853a305dde831618306e6f92a3e78 From sle-updates at lists.suse.com Fri Aug 30 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Aug 2013 20:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1394-1: moderate: Recommended update for libvirt Message-ID: <20130830180410.00D1532025@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1394-1 Rating: moderate References: #819976 #828502 #828506 #828508 #829203 #831709 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This update of libvirt from version 1.0.5.1 to 1.0.5.4 contains fixes for the following reports: * virsh memtune command fails to execute (bnc#819976) * libvirt crashes on migration of graphics-less clients (bnc#828502) * libvirt fails on block migration (bnc#828508) * libvirt reads out of bounds (bnc#828506) * virsh snapshot fails with "virDomainSnapshotFree" (bnc#829203) * virsh vcpupin fails on UV server with 4048 physical cpus (bnc#831709). For the complete change log please go to http://wiki.libvirt.org/page/Maintenance_Releases#1.0.5_seri es Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libvirt-8164 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libvirt-8164 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libvirt-8164 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.4]: libvirt-devel-1.0.5.4-0.9.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.4]: libvirt-devel-32bit-1.0.5.4-0.9.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.4]: libvirt-1.0.5.4-0.9.2 libvirt-client-1.0.5.4-0.9.2 libvirt-doc-1.0.5.4-0.9.2 libvirt-lock-sanlock-1.0.5.4-0.9.2 libvirt-python-1.0.5.4-0.9.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 1.0.5.4]: libvirt-client-32bit-1.0.5.4-0.9.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.4]: libvirt-1.0.5.4-0.9.2 libvirt-client-1.0.5.4-0.9.2 libvirt-doc-1.0.5.4-0.9.2 libvirt-python-1.0.5.4-0.9.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.4]: libvirt-client-32bit-1.0.5.4-0.9.2 References: https://bugzilla.novell.com/819976 https://bugzilla.novell.com/828502 https://bugzilla.novell.com/828506 https://bugzilla.novell.com/828508 https://bugzilla.novell.com/829203 https://bugzilla.novell.com/831709 http://download.novell.com/patch/finder/?keywords=048a4087598feb786dc7dac919141525 From sle-updates at lists.suse.com Fri Aug 30 21:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Aug 2013 05:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1395-1: moderate: Recommended update for ipmitool Message-ID: <20130831030409.8A9AB32023@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1395-1 Rating: moderate References: #828711 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update changes the default cipher suite used on IPMIv2 lanplus connections to RAKP-HMAC-SHA1 (authentication), HMAC-SHA1-96 (integrity) and AES-CBC-128 (encryption). These are the same algorithms used by ipmitool on SUSE Linux Enterprise 11 SP2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ipmitool-8073 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ipmitool-8073 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ipmitool-8073 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ipmitool-1.8.12-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 x86_64): ipmitool-1.8.12-0.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ipmitool-1.8.12-0.17.1 References: https://bugzilla.novell.com/828711 http://download.novell.com/patch/finder/?keywords=0daef82bf5aab2f29e62f0245572d716