From sle-updates at lists.suse.com Fri Feb 1 09:04:21 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2013 17:04:21 +0100 (CET) Subject: SUSE-SU-2013:0226-1: moderate: Security update for tomcat6 Message-ID: <20130201160421.D6352321C0@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0226-1 Rating: moderate References: #789406 #791423 #791424 #791426 #791679 #793391 #793394 #794548 Cross-References: CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update of tomcat6 fixes the following security issues: * CVE-2012-4534: denial of service * CVE-2012-2733: tomcat: HTTP NIO connector OOM DoS via a request with large headers * CVE-2012-5885: tomcat: cnonce tracking weakness * CVE-2012-5886: tomcat: authentication caching weakness * CVE-2012-5887: tomcat: stale nonce weakness * CVE-2012-5568: tomcat: affected by slowloris DoS * CVE-2012-3546: tomcat: Bypass of security constraints * CVE-2012-4431: tomcat: bypass of CSRF prevention filter Security Issue references: * CVE-2012-5885 * CVE-2012-4431 * CVE-2012-3546 * CVE-2012-5887 * CVE-2012-4534 * CVE-2012-2733 * CVE-2012-5886 * CVE-2012-5568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-tomcat6-7209 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-tomcat6-7208 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-tomcat6-7208 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (noarch): tomcat6-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): tomcat6-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-webapps-6.0.18-20.35.40.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): tomcat6-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-webapps-6.0.18-20.35.40.1 References: http://support.novell.com/security/cve/CVE-2012-2733.html http://support.novell.com/security/cve/CVE-2012-3546.html http://support.novell.com/security/cve/CVE-2012-4431.html http://support.novell.com/security/cve/CVE-2012-4534.html http://support.novell.com/security/cve/CVE-2012-5568.html http://support.novell.com/security/cve/CVE-2012-5885.html http://support.novell.com/security/cve/CVE-2012-5886.html http://support.novell.com/security/cve/CVE-2012-5887.html https://bugzilla.novell.com/789406 https://bugzilla.novell.com/791423 https://bugzilla.novell.com/791424 https://bugzilla.novell.com/791426 https://bugzilla.novell.com/791679 https://bugzilla.novell.com/793391 https://bugzilla.novell.com/793394 https://bugzilla.novell.com/794548 http://download.novell.com/patch/finder/?keywords=10aa6410688bd05f48407e1b055f53e6 http://download.novell.com/patch/finder/?keywords=8caabee36d66ff05a162522ac84c989a From sle-updates at lists.suse.com Fri Feb 1 10:04:23 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2013 18:04:23 +0100 (CET) Subject: SUSE-RU-2013:0227-1: Recommended update for atftp Message-ID: <20130201170423.C0BE8321C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for atftp ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0227-1 Rating: low References: #507011 #774376 #793265 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the Advanced TFTP Server and Client (atftp) implements an heuristic algorithm for packet retransmission. The RFC1350 compliant behavior is still available and can be enabled if necessary. Additionally, the update provides the following fixes and improvements: * Update manual regarding the default server directory * Create /srv/tftpboot on installation * Enable Perl Compatible Regular Expressions (PCRE) support Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-atftp-7223 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-atftp-7223 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): atftp-0.7.0-135.14.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): atftp-0.7.0-135.14.1 References: https://bugzilla.novell.com/507011 https://bugzilla.novell.com/774376 https://bugzilla.novell.com/793265 http://download.novell.com/patch/finder/?keywords=f557052db166f08a412e43d85a1889c6 From sle-updates at lists.suse.com Fri Feb 1 10:04:28 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2013 18:04:28 +0100 (CET) Subject: SUSE-SU-2013:0228-1: moderate: Security update for tomcat5 Message-ID: <20130201170428.4D7FD321C0@maintenance.suse.de> SUSE Security Update: Security update for tomcat5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0228-1 Rating: moderate References: #791423 #791424 #791426 #791679 #793394 Cross-References: CVE-2012-5887 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update of tomcat5 fixed the following security issues: * CVE-2012-5885: tomcat: cnonce tracking weakness * CVE-2012-5887: tomcat: stale nonce weakness * CVE-2012-5886: tomcat: authentication caching weakness * CVE-2012-5568: tomcat: affected by slowloris DoS * CVE-2012-3546: tomcat: Bypass of security constraints Security Issue reference: * CVE-2012-5887 Package List: - SUSE Linux Enterprise Server 10 SP4 (noarch): tomcat5-5.5.27-0.22.1 tomcat5-admin-webapps-5.5.27-0.22.1 tomcat5-webapps-5.5.27-0.22.1 - SLE SDK 10 SP4 (noarch): tomcat5-5.5.27-0.22.1 tomcat5-admin-webapps-5.5.27-0.22.1 tomcat5-webapps-5.5.27-0.22.1 References: http://support.novell.com/security/cve/CVE-2012-5887.html https://bugzilla.novell.com/791423 https://bugzilla.novell.com/791424 https://bugzilla.novell.com/791426 https://bugzilla.novell.com/791679 https://bugzilla.novell.com/793394 http://download.novell.com/patch/finder/?keywords=cb28ebabe41577ce7048bf358c8a158f From sle-updates at lists.suse.com Fri Feb 1 16:04:56 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Feb 2013 00:04:56 +0100 (CET) Subject: SUSE-RU-2013:0229-1: Recommended update for e2fsprogs Message-ID: <20130201230456.E112F321B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0229-1 Rating: low References: #750736 #769256 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for e2fsprogs fixes e2fsck so it can successfully repair file systems with a corrupted journal inode. Additionally, package dependencies were corrected to avoid side-effects caused by version mismatch between libraries and applications. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-e2fsprogs-7185 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-e2fsprogs-7185 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-e2fsprogs-7185 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-e2fsprogs-7185 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): e2fsprogs-devel-1.41.9-2.9.1 libcom_err-devel-1.41.9-2.9.1 libext2fs-devel-1.41.9-2.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libcom_err-devel-32bit-1.41.9-2.9.1 libext2fs-devel-32bit-1.41.9-2.9.1 libext2fs2-32bit-1.41.9-2.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ia64): libext2fs2-x86-1.41.9-2.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): e2fsprogs-1.41.9-2.9.1 libcom_err2-1.41.9-2.9.1 libext2fs2-1.41.9-2.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcom_err2-32bit-1.41.9-2.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): e2fsprogs-1.41.9-2.9.1 libcom_err2-1.41.9-2.9.1 libext2fs2-1.41.9-2.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcom_err2-32bit-1.41.9-2.9.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcom_err2-x86-1.41.9-2.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): e2fsprogs-1.41.9-2.9.1 libcom_err2-1.41.9-2.9.1 libext2fs2-1.41.9-2.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcom_err2-32bit-1.41.9-2.9.1 References: https://bugzilla.novell.com/750736 https://bugzilla.novell.com/769256 http://download.novell.com/patch/finder/?keywords=63ba0e2dde677d75dfde0ce265e29507 From sle-updates at lists.suse.com Fri Feb 1 17:04:28 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Feb 2013 01:04:28 +0100 (CET) Subject: SUSE-RU-2013:0230-1: : Recommended update for e2fsprogs Message-ID: <20130202000428.508E4321B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0230-1 Rating: References: #769256 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs fixes e2fsck so it can successfully repair file systems with a corrupted journal inode. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): e2fsprogs-1.38-25.42.1 e2fsprogs-devel-1.38-25.42.1 libcom_err-1.38-25.42.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): e2fsprogs-32bit-1.38-25.42.1 e2fsprogs-devel-32bit-1.38-25.42.1 libcom_err-32bit-1.38-25.42.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): e2fsprogs-x86-1.38-25.42.1 libcom_err-x86-1.38-25.42.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): e2fsprogs-64bit-1.38-25.42.1 e2fsprogs-devel-64bit-1.38-25.42.1 libcom_err-64bit-1.38-25.42.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): e2fsprogs-1.38-25.42.1 e2fsprogs-devel-1.38-25.42.1 libcom_err-1.38-25.42.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): e2fsprogs-32bit-1.38-25.42.1 e2fsprogs-devel-32bit-1.38-25.42.1 libcom_err-32bit-1.38-25.42.1 References: https://bugzilla.novell.com/769256 http://download.novell.com/patch/finder/?keywords=68ab74991da603de87ca1d18150807cc From sle-updates at lists.suse.com Mon Feb 4 10:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Feb 2013 18:04:24 +0100 (CET) Subject: SUSE-SU-2013:0238-1: moderate: Security update for wireshark Message-ID: <20130204170424.D93A63213C@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0238-1 Rating: moderate References: #792005 Cross-References: CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes one version update. Description: This update to 1.8.4 fixes the following issues: * Wireshark could leak potentially sensitive host name resolution information when working with multiple pcap-ng files. (wnpa-sec-2012-30, CVE-2012-5592 ) * The USB dissector could go into an infinite loop. (wnpa-sec-2012-31, CVE-2012-5593 ) * The sFlow dissector could go into an infinite loop. (npa-sec-2012-32, CVE-2012-5594 ) * The SCTP dissector could go into an infinite loop. (wnpa-sec-2012-33, CVE-2012-5595 ) * The EIGRP dissector could go into an infinite loop. (wnpa-sec-2012-34, CVE-2012-5596 ) * The ISAKMP dissector could crash. (wnpa-sec-2012-35, CVE-2012-5597 ) * The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36, CVE-2012-5598 ) * The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37, CVE-2012-5599 ) * The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38, CVE-2012-5600 ) * The 3GPP2 A11 dissector could go into an infinite loop. (wnpa-sec-2012-39, CVE-2012-5601 ) * The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40, CVE-2012-5602 ) Further bug fixes and updated protocol support as listed at http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-7240 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-7240 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-7240 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-7240 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.4]: wireshark-devel-1.8.4-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.4]: wireshark-1.8.4-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.4]: wireshark-1.8.4-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.4]: wireshark-1.8.4-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.4]: wireshark-1.8.4-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-5592.html http://support.novell.com/security/cve/CVE-2012-5593.html http://support.novell.com/security/cve/CVE-2012-5594.html http://support.novell.com/security/cve/CVE-2012-5595.html http://support.novell.com/security/cve/CVE-2012-5596.html http://support.novell.com/security/cve/CVE-2012-5597.html http://support.novell.com/security/cve/CVE-2012-5598.html http://support.novell.com/security/cve/CVE-2012-5599.html http://support.novell.com/security/cve/CVE-2012-5600.html http://support.novell.com/security/cve/CVE-2012-5601.html http://support.novell.com/security/cve/CVE-2012-5602.html https://bugzilla.novell.com/792005 http://download.novell.com/patch/finder/?keywords=5ca5c5a9d5146cf9db535109cf9e12c5 From sle-updates at lists.suse.com Mon Feb 4 11:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Feb 2013 19:04:27 +0100 (CET) Subject: SUSE-RU-2013:0239-1: Recommended update for yast2-iplb Message-ID: <20130204180427.A0A713213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-iplb ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0239-1 Rating: low References: #743111 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for YaST's IP Load Balance configuration module (yast2-iplb) fixes some translations of the user interface. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-yast2-iplb-7178 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (noarch): yast2-iplb-2.15.0-0.17.3.3 References: https://bugzilla.novell.com/743111 http://download.novell.com/patch/finder/?keywords=e8caab863bbaf081e97d4c922f3e24c6 From sle-updates at lists.suse.com Mon Feb 4 17:04:26 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2013 01:04:26 +0100 (CET) Subject: SUSE-RU-2013:0240-1: Recommended update for Clustered LVM2 Message-ID: <20130205000426.E3E1D321CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for Clustered LVM2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0240-1 Rating: low References: #785467 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Clustered LVM2 (lvm2-clvm) fixes excessive logging of messages when the daemon is not running in debug mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-lvm2-clvm-7176 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-2.02.84-3.39.1 References: https://bugzilla.novell.com/785467 http://download.novell.com/patch/finder/?keywords=a4f31843836fa2e152213e8eeae1f51c From sle-updates at lists.suse.com Tue Feb 5 11:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2013 19:04:25 +0100 (CET) Subject: SUSE-RU-2013:0246-1: Recommended update for ipmitool Message-ID: <20130205180425.37108280B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0246-1 Rating: low References: #604896 #614916 #729514 #739377 #761203 #767413 #788393 #789624 #794160 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This collective update for ipmitool provides the following fixes: * Fix reading of FRU data from servers where FRU/SDR device #0, LUN 0 is absent (bnc#789624) * Fix a string handling problem in ipmi_sel.c that could cause a segmentation fault (bnc#788393) * Fix reading of sensors from some specific servers over lanplus (bnc#794160) * Handle "BCDplus" fields in FRU descriptors correctly * Retrieve and print sensor data records (sdr) correctly (bnc#761203) * Do not crash in fru command if the lanplus password is wrong (bnc#767413) * Do not crash (assert(0)/abort) when BMC replies with the wrong session id (bnc#729514) * Fix detection if it is no longer connected to BMC (bnc#739377) * Fix ipmitool on UV10 systems (bnc#614916) * Add sanity checks for erroneous SDR data (bnc#604896). Contraindications: Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): ipmitool-1.8.11-5.10.4 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): ipmitool-1.8.11-5.10.4 References: https://bugzilla.novell.com/604896 https://bugzilla.novell.com/614916 https://bugzilla.novell.com/729514 https://bugzilla.novell.com/739377 https://bugzilla.novell.com/761203 https://bugzilla.novell.com/767413 https://bugzilla.novell.com/788393 https://bugzilla.novell.com/789624 https://bugzilla.novell.com/794160 http://download.novell.com/patch/finder/?keywords=85768369fae57091104464ec9cf82391 From sle-updates at lists.suse.com Tue Feb 5 11:04:30 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2013 19:04:30 +0100 (CET) Subject: SUSE-RU-2013:0247-1: Recommended update for python-sip, python-kde4 and python-qt4 Message-ID: <20130205180430.18B3E280B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-sip, python-kde4 and python-qt4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0247-1 Rating: low References: #793698 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for python-sip fixes code generation for classes that have an alternate mapped type implementation. This problem affected the QSettings class of python-qt4, more specifically the functions that serialize objects and save them to persistent storage. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-python-qt4sip-7279 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-python-qt4sip-7279 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-python-qt4sip-7279 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-python-qt4sip-7279 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.9.3]: python-kde4-4.3.5-0.4.1 python-qt4-devel-4.6.2-0.4.2 python-sip-devel-4.9.3-1.3.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 4.9.3]: python-qt4-4.6.2-0.4.2 python-sip-4.9.3-1.3.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.9.3]: python-qt4-4.6.2-0.4.2 python-sip-4.9.3-1.3.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 4.9.3]: python-qt4-4.6.2-0.4.2 python-sip-4.9.3-1.3.2 References: https://bugzilla.novell.com/793698 http://download.novell.com/patch/finder/?keywords=000c0ea430fb5e5fec6f2327449c9cca From sle-updates at lists.suse.com Tue Feb 5 11:04:39 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2013 19:04:39 +0100 (CET) Subject: SUSE-RU-2013:0249-1: Recommended update for ipmitool Message-ID: <20130205180439.92A05280B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0249-1 Rating: low References: #788393 #789624 #794160 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for ipmitool provides the following fixes: * Fix reading of FRU data from servers where FRU/SDR device #0, LUN 0 is absent (bnc#789624) * Fix a string handling problem in ipmi_sel.c that could cause a segmentation fault (bnc#788393) * Fix reading of sensors from some specific servers over lanplus (bnc#794160) * Handle "BCDplus" fields in FRU descriptors correctly. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ipmitool-7280 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ipmitool-7280 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ipmitool-7280 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ipmitool-1.8.11-0.20.20.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ipmitool-1.8.11-0.20.20.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ipmitool-1.8.11-0.20.20.2 References: https://bugzilla.novell.com/788393 https://bugzilla.novell.com/789624 https://bugzilla.novell.com/794160 http://download.novell.com/patch/finder/?keywords=adab244ad0694f57eb15343770b9a4d8 From sle-updates at lists.suse.com Tue Feb 5 15:04:32 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2013 23:04:32 +0100 (CET) Subject: SUSE-RU-2013:0250-1: Recommended update for WALinuxAgent Message-ID: <20130205220432.2AEE3320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0250-1 Rating: low References: #794736 #800269 Affected Products: SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update provides WALinuxAgent 1.3, which includes the following fixes and enhancements: * Improve error checking and robustness of DVD mounting operation during provisioning * Remove redundant check for IP and Port in LoadBalancerProbe * Add check to self.computername to detect empty host name in configuration * Fix initialization script to start the daemon only once * Fix encoding of the README file by converting it to UTF8 and UNIX format * Add README.SUSE to document how the package should be used Indications: Every Windows Azure user should install this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-WALinuxAgent-7298 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.3]: WALinuxAgent-1.3-0.11.1 References: https://bugzilla.novell.com/794736 https://bugzilla.novell.com/800269 http://download.novell.com/patch/finder/?keywords=114f78d379d07ed7aec23046eaa0a1a1 From sle-updates at lists.suse.com Tue Feb 5 16:04:54 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2013 00:04:54 +0100 (CET) Subject: SUSE-RU-2013:0251-1: moderate: Recommended update for autofs Message-ID: <20130205230454.A94C1320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0251-1 Rating: moderate References: #791402 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for AutoFS enables support to auto-mounting NFS volumes on IPv6 networks. Additionally, it includes the following fixes and improvements: * Fix isspace() wild card substitution * Fix mountd version retry * Mount using address for DNS round robin host names * Fix sanity checks for brackets in server name * Fix simple bind without SASL support * Fix nfs4 contacts portmap * Miscellaneous code analysis fixes Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-autofs-7212 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-autofs-7212 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-autofs-7212 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 5.0.6]: autofs-5.0.6-3.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.6]: autofs-5.0.6-3.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 5.0.6]: autofs-5.0.6-3.4.1 References: https://bugzilla.novell.com/791402 http://download.novell.com/patch/finder/?keywords=00a6a3c2343b9a7af71690df8c6f0e65 From sle-updates at lists.suse.com Tue Feb 5 17:04:26 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2013 01:04:26 +0100 (CET) Subject: SUSE-RU-2013:0252-1: Recommended update for sysconfig Message-ID: <20130206000426.CC736320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0252-1 Rating: low References: #716652 #753387 #775281 #780644 #784952 #787744 #791553 #794720 #798641 #798828 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. It includes one version update. Description: This update for sysconfig provides the following fixes and improvements: * Use dhclient6 in dhcp6_client state variable * Correctly apply STP constrains also to float time values with a 1/100 sec precision * Update bridge documentation link in ifcfg-bridge.5 * Do not report failure while setting unsupported power management option in ifup-wireless * Check and reject too long interface names or names with suspect characters * Do not wait when creation of virtual interface name fails * Do not start dhcp clients too early or they may be unable to send packets * Load af_packet module early and wait for link ready * Check before running a script in netcontrol_services * Allow suffixes in ETHTOOL_OPTIONS variable to apply settings separately * Add ETHTOOL_UP_RETRY and ETHTOOL_UP_WAIT variables to wait until the link has been set up * Updated ifcfg(5) man page * Do not mount file systems with the noauto flag set Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-sysconfig-7291 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-sysconfig-7291 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-sysconfig-7291 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.71.48]: sysconfig-0.71.48-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.71.48]: sysconfig-0.71.48-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.71.48]: sysconfig-0.71.48-0.7.1 References: https://bugzilla.novell.com/716652 https://bugzilla.novell.com/753387 https://bugzilla.novell.com/775281 https://bugzilla.novell.com/780644 https://bugzilla.novell.com/784952 https://bugzilla.novell.com/787744 https://bugzilla.novell.com/791553 https://bugzilla.novell.com/794720 https://bugzilla.novell.com/798641 https://bugzilla.novell.com/798828 http://download.novell.com/patch/finder/?keywords=1ce136506e19a206a1646d3b669a8ccd From sle-updates at lists.suse.com Wed Feb 6 11:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2013 19:04:27 +0100 (CET) Subject: SUSE-RU-2013:0253-1: Recommended update for Ruby on Rails Message-ID: <20130206180427.5380A321D8@maintenance.suse.de> SUSE Recommended Update: Recommended update for Ruby on Rails ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0253-1 Rating: low References: #734530 #797230 #799877 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Cloud 1.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes 6 new package versions. Description: This update provides dependencies required for the Ruby on Rails 3.2 framework. The following modules were updated to newer versions: rubygems, rubygem-mime-types, rubygem-rack-ssl, rubygem-sqlite3, rubygem-pg, rubygem-delayed_job, rubygem-haml, rubygem-json, rubygem-rack-1_4, rubygem-rack-test-0_6, rubygem-activesupport-3_2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-sup-rails-32-7271 - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-sup-rails-32-7271 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.11.0,1.18,1.3.6,1.8.15 and 3.0.3]: rubygem-activesupport-3_2-3.2.11-0.6.4.2 rubygem-delayed_job-3.0.3-0.7.3.2 rubygem-mime-types-1.18-0.7.3.2 rubygem-pg-0.11.0-0.9.3.3 rubygem-rack-1_4-1.4.1-0.9.2.2 rubygem-rack-ssl-1.3.2-0.12.3.2 rubygem-rack-test-0_6-0.6.1-0.12.3.2 rubygem-sqlite3-1.3.6-0.7.3.2 rubygems-1.8.15-0.7.5.1 - SUSE Cloud 1.0 (x86_64) [New Version: 0.11.0,1.18,1.8.15 and 3.1.6]: rubygem-haml-3.1.6-0.9.3.2 rubygem-json-1.6.1-0.11.10.2 rubygem-mime-types-1.18-0.7.3.2 rubygem-pg-0.11.0-0.9.3.3 rubygems-1.8.15-0.7.5.1 References: https://bugzilla.novell.com/734530 https://bugzilla.novell.com/797230 https://bugzilla.novell.com/799877 http://download.novell.com/patch/finder/?keywords=042d987875ab34bf3ae94de7bf81376c From sle-updates at lists.suse.com Wed Feb 6 15:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2013 23:04:24 +0100 (CET) Subject: SUSE-RU-2013:0254-1: Recommended update for Clustered TDB (ctdb) Message-ID: <20130206220424.6FBF0321E9@maintenance.suse.de> SUSE Recommended Update: Recommended update for Clustered TDB (ctdb) ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0254-1 Rating: low References: #694262 #745388 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Clustered TDB (ctdb) provides the following fixes: * Remove stop_on_removal and restart_on_update pre/post uninstall hooks, ctdbd processes are managed by the CTDB resource agent (bnc#745388) * Mark event scripts as %verify(not mode) to ensure rpm --verify does not complain about mode changes made by enablescript (bnc#694262). Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ctdb-7173 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-ctdb-7173 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ctdb-devel-1.0.114.2-0.13.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): ctdb-1.0.114.2-0.13.1 References: https://bugzilla.novell.com/694262 https://bugzilla.novell.com/745388 http://download.novell.com/patch/finder/?keywords=e7baffd7569d38bf73338b617f819450 From sle-updates at lists.suse.com Thu Feb 7 16:04:58 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Feb 2013 00:04:58 +0100 (CET) Subject: SUSE-SU-2013:0259-1: moderate: kernel update for SLE11 SP2 Message-ID: <20130207230458.F390C27EE6@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0259-1 Rating: moderate References: #729854 #731387 #736255 #739728 #745876 #749651 #758104 #762158 #763463 #773487 #773831 #775685 #778136 #779577 #780008 #782721 #783515 #786013 #786976 #787348 #787576 #787848 #789115 #789648 #789993 #790935 #791498 #791853 #791904 #792270 #792500 #792656 #792834 #793104 #793139 #793593 #793671 #794231 #794824 #795354 #797042 #798960 #799209 #799275 #799909 Cross-References: CVE-2012-0957 CVE-2012-4530 CVE-2012-4565 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves three vulnerabilities and has 42 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing various bugs and security issues. It contains the following feature enhancement: - Enable various md/raid10 and DASD enhancements. (FATE#311379) These make is possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues were fixed: - CVE-2012-4565: A division by zero in the TCP Illinois algorithm was fixed. - CVE-2012-0957: The UNAME26 personality leaked kernel memory information. - CVE-2012-4530: Kernel stack content was disclosed via binfmt_script load_script(). Following non security issues were fixed: BTRFS: - btrfs: reset path lock state to zero. - btrfs: fix off-by-one in lseek. - btrfs: fix btrfs_cont_expand() freeing IS_ERR em. - btrfs: update timestamps on truncate(). - btrfs: put csums on the right ordered extent. - btrfs: use existing align macros in btrfs_allocate() - btrfs: fix off-by-one error of the reserved size of btrfs_allocate() - btrfs: add fiemaps flag check - btrfs: fix permissions of empty files not affected by umask - btrfs: do not auto defrag a file when doing directIO - btrfs: fix wrong return value of btrfs_truncate_page() - btrfs: Notify udev when removing device - btrfs: fix permissions of empty files not affected by umask - btrfs: fix hash overflow handling - btrfs: do not delete a subvolume which is in a R/O subvolume - btrfs: remove call to btrfs_wait_ordered_extents to avoid potential deadlock. - btrfs: update the checks for mixed block groups with big metadata blocks - btrfs: Fix use-after-free in __btrfs_end_transaction - btrfs: use commit root when loading free space cache. - btrfs: avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree - btrfs: do not mount when we have a sectorsize unequal to PAGE_SIZE - btrfs: add missing unlocks to transaction abort paths - btrfs: avoid sleeping in verify_parent_transid while atomic - btrfs: disallow unequal data/metadata blocksize for mixed block groups - btrfs: enhance superblock sanity checks (bnc#749651). - btrfs: sanitizing ->fs_info, parts 1-5. - btrfs: make open_ctree() return int. - btrfs: kill pointless reassignment of ->s_fs_info in btrfs_fill_super(). - btrfs: merge free_fs_info() calls on fill_super failures. - btrfs: make free_fs_info() call ->kill_sb() unconditional. - btrfs: consolidate failure exits in btrfs_mount() a bit. - btrfs: let ->s_fs_info point to fs_info, not root... - btrfs: take allocation of ->tree_root into open_ctree(). DASD: - Update DASD blk_timeout patches after review from IBM (FATE#311379): * dasd: Abort all requests from ioctl * dasd: Disable block timeouts per default * dasd: Reduce amount of messages for specific errors * dasd: Rename ioctls * dasd: check blk_noretry_request in dasd_times_out() * dasd: lock ccw queue in dasd_times_out() * dasd: make DASD_FLAG_TIMEOUT setting more robust * dasd: rename flag to abortall LPFC: - Update lpfc version for 8.3.5.48.3p driver release (bnc#793593). - lpfc 8.3.32: Correct successful aborts returning error status (bnc#793593). - lpfc 8.3.34: Correct lock handling to eliminate reset escalation on I/O abort (bnc#793593). - lpfc 8.3.34: Streamline fcp underrun message printing (bnc#793593). DRM/i915: - drm/i915: EBUSY status handling added to i915_gem_fault() (bnc#793139). - drm/i915: Only clear the GPU domains upon a successful finish (bnc#793139). - drm/i915: always use RPNSWREQ for turbo change requests (bnc#793139). - drm/i915: do not call modeset_init_hw in i915_reset (bnc#793139). - drm/i915: do not hang userspace when the gpu reset is stuck (bnc#793139). - drm/i915: do not trylock in the gpu reset code (bnc#793139). - drm/i915: re-init modeset hw state after gpu reset (bnc#793139). HyperV: - x86: Hyper-V: register clocksource only if its advertised (bnc#792500). OTHER: - xfrm: fix freed block size calculation in xfrm_policy_fini() (bnc#798960). - bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). - kernel: broken interrupt statistics (bnc#799275, LTC#87893). - kernel: sched_clock() overflow (bnc#799275, LTC#87978). - mm: call sleep_on_page_killable from __wait_on_page_locked_killable (bnc#799909). - TTY: do not reset masters packet mode (bnc#797042). - patches.suse/kbuild-record-built-in-o: Avoid using printf(1) in Makefile.build - rpm/built-in-where.mk: Do not rely on the *.parts file to be newline-separated. - NFS: Allow sec=none mounts in certain cases (bnc#795354). - NFS: fix recent breakage to NFS error handling (bnc#793104). - bridge: Pull ip header into skb->data before looking into ip header (bnc#799209). - dm mpath: allow ioctls to trigger pg init (bnc#787348). - dm mpath: only retry ioctl when no paths if queue_if_no_path set (bnc#787348). - radix-tree: fix preload vector size (bnc#763463). - sched, rt: Unthrottle rt runqueues in __disable_runtime(). - sched/rt: Fix SCHED_RR across cgroups. - sched/rt: Do not throttle when PI boosting. - sched/rt: Keep period timer ticking when rt throttling is active. - sched/rt: Prevent idle task boosting. - mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT (bnc#791904). - kabi fixup for mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT (bnc#791904). - Refresh Xen patches after update to 3.0.57. - aio: make kiocb->private NUll in init_sync_kiocb() (bnc#794231). - qeth: Fix retry logic in hardsetup (bnc#792656,LTC#87080). - netiucv: reinsert dev_alloc_name for device naming (bnc#792656,LTC#87086). - qeth: set new mac even if old mac is gone (2) (bnc#792656,LTC#87138). - ocfs2: use spinlock irqsave for downconvert lock.patch (bnc#794824). - af_netlink: force credentials passing (bnc#779577). - patches.fixes/af_unix-dnt-send-SCM_CREDENTIALS-by-default: a f_unix: dont send SCM_CREDENTIALS by default (bnc#779577). - sunrpc: increase maximum slots to use (bnc#775685). - bio: bio allocation failure due to bio_get_nr_vecs() (bnc#792270). - bio: do not overflow in bio_get_nr_vecs() (bnc#792270). - md: close race between removing and adding a device (bnc#787848). - thp, memcg: split hugepage for memcg oom on cow (bnc#793671). - bonding: delete migrated IP addresses from the rlb hash table (bnc#729854). - xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror (bnc#736255). - qla2xxx: Determine the number of outstanding commands based on available resources (bnc#782721). - qla2xxx: Ramp down queue depth for attached SCSI devices (bnc#782721). - autofs4: fix lockdep splat in autofs (bnc#792834). - ipv6: tcp: fix panic in SYN processing (bnc#789115). - add splash=black option to bootsplash code, to keep a black background, useful for remote access to VMs (bnc#773487) Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7273 slessp2-kernel-7277 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7273 slessp2-kernel-7274 slessp2-kernel-7275 slessp2-kernel-7276 slessp2-kernel-7277 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7273 sleshasp2-kernel-7274 sleshasp2-kernel-7275 sleshasp2-kernel-7276 sleshasp2-kernel-7277 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7273 sledsp2-kernel-7277 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.58]: kernel-default-3.0.58-0.6.2.1 kernel-default-base-3.0.58-0.6.2.1 kernel-default-devel-3.0.58-0.6.2.1 kernel-source-3.0.58-0.6.2.1 kernel-syms-3.0.58-0.6.2.1 kernel-trace-3.0.58-0.6.2.1 kernel-trace-base-3.0.58-0.6.2.1 kernel-trace-devel-3.0.58-0.6.2.1 kernel-xen-devel-3.0.58-0.6.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.58]: kernel-pae-3.0.58-0.6.2.1 kernel-pae-base-3.0.58-0.6.2.1 kernel-pae-devel-3.0.58-0.6.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.58]: kernel-default-3.0.58-0.6.2.1 kernel-default-base-3.0.58-0.6.2.1 kernel-default-devel-3.0.58-0.6.2.1 kernel-source-3.0.58-0.6.2.1 kernel-syms-3.0.58-0.6.2.1 kernel-trace-3.0.58-0.6.2.1 kernel-trace-base-3.0.58-0.6.2.1 kernel-trace-devel-3.0.58-0.6.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.58]: kernel-ec2-3.0.58-0.6.2.1 kernel-ec2-base-3.0.58-0.6.2.1 kernel-ec2-devel-3.0.58-0.6.2.1 kernel-xen-3.0.58-0.6.2.1 kernel-xen-base-3.0.58-0.6.2.1 kernel-xen-devel-3.0.58-0.6.2.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16 xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.58]: kernel-default-man-3.0.58-0.6.2.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.58]: kernel-ppc64-3.0.58-0.6.2.1 kernel-ppc64-base-3.0.58-0.6.2.1 kernel-ppc64-devel-3.0.58-0.6.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.58]: kernel-pae-3.0.58-0.6.2.1 kernel-pae-base-3.0.58-0.6.2.1 kernel-pae-devel-3.0.58-0.6.2.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.58_0.6.2-2.18.18 cluster-network-kmp-trace-1.4_3.0.58_0.6.2-2.18.18 gfs2-kmp-default-2_3.0.58_0.6.2-0.7.53 gfs2-kmp-trace-2_3.0.58_0.6.2-0.7.53 ocfs2-kmp-default-1.6_3.0.58_0.6.2-0.11.17 ocfs2-kmp-trace-1.6_3.0.58_0.6.2-0.11.17 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.58_0.6.2-2.18.18 gfs2-kmp-xen-2_3.0.58_0.6.2-0.7.53 ocfs2-kmp-xen-1.6_3.0.58_0.6.2-0.11.17 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.58_0.6.2-2.18.18 gfs2-kmp-ppc64-2_3.0.58_0.6.2-0.7.53 ocfs2-kmp-ppc64-1.6_3.0.58_0.6.2-0.11.17 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.58_0.6.2-2.18.18 gfs2-kmp-pae-2_3.0.58_0.6.2-0.7.53 ocfs2-kmp-pae-1.6_3.0.58_0.6.2-0.11.17 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.58]: kernel-default-3.0.58-0.6.2.1 kernel-default-base-3.0.58-0.6.2.1 kernel-default-devel-3.0.58-0.6.2.1 kernel-default-extra-3.0.58-0.6.2.1 kernel-source-3.0.58-0.6.2.1 kernel-syms-3.0.58-0.6.2.1 kernel-trace-3.0.58-0.6.2.1 kernel-trace-base-3.0.58-0.6.2.1 kernel-trace-devel-3.0.58-0.6.2.1 kernel-trace-extra-3.0.58-0.6.2.1 kernel-xen-3.0.58-0.6.2.1 kernel-xen-base-3.0.58-0.6.2.1 kernel-xen-devel-3.0.58-0.6.2.1 kernel-xen-extra-3.0.58-0.6.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16 xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.58]: kernel-pae-3.0.58-0.6.2.1 kernel-pae-base-3.0.58-0.6.2.1 kernel-pae-devel-3.0.58-0.6.2.1 kernel-pae-extra-3.0.58-0.6.2.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.58_0.6.2-0.14.34 ext4-writeable-kmp-trace-0_3.0.58_0.6.2-0.14.34 kernel-default-extra-3.0.58-0.6.2.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.58_0.6.2-0.14.34 kernel-xen-extra-3.0.58-0.6.2.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.58_0.6.2-0.14.34 kernel-ppc64-extra-3.0.58-0.6.2.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.58_0.6.2-0.14.34 kernel-pae-extra-3.0.58-0.6.2.1 References: http://support.novell.com/security/cve/CVE-2012-0957.html http://support.novell.com/security/cve/CVE-2012-4530.html http://support.novell.com/security/cve/CVE-2012-4565.html https://bugzilla.novell.com/729854 https://bugzilla.novell.com/731387 https://bugzilla.novell.com/736255 https://bugzilla.novell.com/739728 https://bugzilla.novell.com/745876 https://bugzilla.novell.com/749651 https://bugzilla.novell.com/758104 https://bugzilla.novell.com/762158 https://bugzilla.novell.com/763463 https://bugzilla.novell.com/773487 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/775685 https://bugzilla.novell.com/778136 https://bugzilla.novell.com/779577 https://bugzilla.novell.com/780008 https://bugzilla.novell.com/782721 https://bugzilla.novell.com/783515 https://bugzilla.novell.com/786013 https://bugzilla.novell.com/786976 https://bugzilla.novell.com/787348 https://bugzilla.novell.com/787576 https://bugzilla.novell.com/787848 https://bugzilla.novell.com/789115 https://bugzilla.novell.com/789648 https://bugzilla.novell.com/789993 https://bugzilla.novell.com/790935 https://bugzilla.novell.com/791498 https://bugzilla.novell.com/791853 https://bugzilla.novell.com/791904 https://bugzilla.novell.com/792270 https://bugzilla.novell.com/792500 https://bugzilla.novell.com/792656 https://bugzilla.novell.com/792834 https://bugzilla.novell.com/793104 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/793593 https://bugzilla.novell.com/793671 https://bugzilla.novell.com/794231 https://bugzilla.novell.com/794824 https://bugzilla.novell.com/795354 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/798960 https://bugzilla.novell.com/799209 https://bugzilla.novell.com/799275 https://bugzilla.novell.com/799909 http://download.novell.com/patch/finder/?keywords=0ba62dbce0c094606981fc3add2accf8 http://download.novell.com/patch/finder/?keywords=1c315e6cfd3ce8087b1899e68e65ae0e http://download.novell.com/patch/finder/?keywords=1fc2bacaf0ca817ef3701dd571d7ad71 http://download.novell.com/patch/finder/?keywords=206afc330e3dbf0d4cc7c90edee812d8 http://download.novell.com/patch/finder/?keywords=2a57cc5f2a5ec70fa191adaddf997939 http://download.novell.com/patch/finder/?keywords=35ebd8d95c6d93e3c6fb100f6d4cb011 http://download.novell.com/patch/finder/?keywords=685b42f17ef53989efa8424d2aed59d0 http://download.novell.com/patch/finder/?keywords=6e8758cce7d593f1b00bbef027636b94 http://download.novell.com/patch/finder/?keywords=cdb80b057dfc85a1205eb7dab68ee993 http://download.novell.com/patch/finder/?keywords=edc95718160c9abca495cef1ddcff568 From sle-updates at lists.suse.com Sat Feb 9 08:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Feb 2013 16:04:15 +0100 (CET) Subject: SUSE-SU-2013:0262-1: important: Security update for MySQL Message-ID: <20130209150415.7A42332068@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0262-1 Rating: important References: #792444 Cross-References: CVE-2012-5611 CVE-2012-5612 CVE-2012-5613 CVE-2012-5615 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code (CVE-2012-5611). Security Issue references: * CVE-2012-5615 * CVE-2012-5615 * CVE-2012-5613 * CVE-2012-5612 * CVE-2012-5611 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libmysqlclient-devel-7251 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libmysqlclient-devel-7251 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libmysqlclient-devel-7251 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libmysqlclient-devel-7251 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient-devel-5.0.96-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient_r15-32bit-5.0.96-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ia64) [New Version: 5.0.96]: libmysqlclient_r15-x86-5.0.96-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.6.1 libmysqlclient_r15-5.0.96-0.6.1 mysql-5.0.96-0.6.1 mysql-Max-5.0.96-0.6.1 mysql-client-5.0.96-0.6.1 mysql-tools-5.0.96-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.6.1 libmysqlclient_r15-5.0.96-0.6.1 mysql-5.0.96-0.6.1 mysql-Max-5.0.96-0.6.1 mysql-client-5.0.96-0.6.1 mysql-tools-5.0.96-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 5.0.96]: libmysqlclient15-x86-5.0.96-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.6.1 libmysqlclient_r15-5.0.96-0.6.1 mysql-5.0.96-0.6.1 mysql-client-5.0.96-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.6.1 libmysqlclient_r15-32bit-5.0.96-0.6.1 References: http://support.novell.com/security/cve/CVE-2012-5611.html http://support.novell.com/security/cve/CVE-2012-5612.html http://support.novell.com/security/cve/CVE-2012-5613.html http://support.novell.com/security/cve/CVE-2012-5615.html https://bugzilla.novell.com/792444 http://download.novell.com/patch/finder/?keywords=2bcc2cee7b87c19c04bc8cce83ac72ab From sle-updates at lists.suse.com Sun Feb 10 10:04:20 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 10 Feb 2013 18:04:20 +0100 (CET) Subject: SUSE-RU-2013:0263-1: Recommended update for sm-network-discovery Message-ID: <20130210170420.E5C4727F01@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-network-discovery ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0263-1 Rating: low References: #799009 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager's Network Discovery daemon (sm-network-discovery) fixes the stop action of the service initialization script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-network-discovery-7289 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch): sm-network-discovery-0.1-0.8.1 sm-network-discovery-client-0.1-0.8.1 References: https://bugzilla.novell.com/799009 http://download.novell.com/patch/finder/?keywords=ef4ec19f6a6cc1721790301ca7818a01 From sle-updates at lists.suse.com Sun Feb 10 11:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 10 Feb 2013 19:04:25 +0100 (CET) Subject: SUSE-RU-2013:0264-1: Recommended update for csync2 Message-ID: <20130210180425.8A31D27F01@maintenance.suse.de> SUSE Recommended Update: Recommended update for csync2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0264-1 Rating: low References: #757327 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the cluster synchronization tool csync2 binds to "local" IP explicitly to avoid "identification failed" errors with multiple IPs on the same subnet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-csync2-7235 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): csync2-1.34-0.8.1 References: https://bugzilla.novell.com/757327 http://download.novell.com/patch/finder/?keywords=7fb874f8235ea0ad3d54768dc26ac274 From sle-updates at lists.suse.com Mon Feb 11 18:04:22 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2013 02:04:22 +0100 (CET) Subject: SUSE-RU-2013:0271-1: Recommended update for gdm Message-ID: <20130212010423.0922D32003@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0271-1 Rating: low References: #751622 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the GNOME Display Manager (gdm) avoids that a second X server is being started on virtual terminal 7 after hitting the 'switch user' button. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gdm-7257 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gdm-7257 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gdm-7257 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gdm-2.24.0-24.89.1 gdm-branding-upstream-2.24.0-24.89.1 gdm-lang-2.24.0-24.89.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gdm-2.24.0-24.89.1 gdm-branding-upstream-2.24.0-24.89.1 gdm-lang-2.24.0-24.89.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gdm-2.24.0-24.89.1 gdm-branding-upstream-2.24.0-24.89.1 gdm-lang-2.24.0-24.89.1 References: https://bugzilla.novell.com/751622 http://download.novell.com/patch/finder/?keywords=85523b7c5b5ec3b71c2e246a3a112319 From sle-updates at lists.suse.com Mon Feb 11 19:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2013 03:04:15 +0100 (CET) Subject: SUSE-RU-2013:0272-1: Recommended update for gnome-session Message-ID: <20130212020415.867C831FF9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0272-1 Rating: low References: #478463 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update to gnome-session fixes a login failure when the "Create Home Dir" option is not selected in the Windows Domain membership for an Active Directory user. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gnome-session-7187 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gnome-session-7187 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gnome-session-7187 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gnome-session-2.28.0-3.9.1 gnome-session-lang-2.28.0-3.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gnome-session-2.28.0-3.9.1 gnome-session-lang-2.28.0-3.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gnome-session-2.28.0-3.9.1 gnome-session-lang-2.28.0-3.9.1 References: https://bugzilla.novell.com/478463 http://download.novell.com/patch/finder/?keywords=e3d4357a2628bb858240c6376c0db703 From sle-updates at lists.suse.com Tue Feb 12 11:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2013 19:04:25 +0100 (CET) Subject: SUSE-RU-2013:0286-1: Recommended update for nfs-utils Message-ID: <20130212180425.C2AE227F01@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0286-1 Rating: low References: #772120 #787272 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the NFS support utilities (nfs-utils) provides the following fixes: * Allow gssd to work with more than 1024 connections, depending on the 'nofile' resource limit. Increase this limit to 4096 before starting rpc.gssd * Fix a signal handling issue that could cause silent termination of the rpc.idmapd daemon Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): nfs-utils-1.0.7-36.48.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): nfs-utils-1.0.7-36.48.1 References: https://bugzilla.novell.com/772120 https://bugzilla.novell.com/787272 http://download.novell.com/patch/finder/?keywords=6ce5ee45c1bf0cecc122e0c46dc2e4b7 From sle-updates at lists.suse.com Tue Feb 12 13:04:20 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2013 21:04:20 +0100 (CET) Subject: SUSE-RU-2013:0287-1: Recommended update for nfs-client Message-ID: <20130212200420.B11CB27F01@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0287-1 Rating: low References: #772120 #775216 #787272 #788245 #800414 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for the NFS support utilities (nfs-client, nfs-kernel-server) provides the following fixes: * Allow gssd to work with more than 1024 connections, depending on the 'nofile' resource limit. Increase this limit to 4096 before starting rpc.gssd. * Fix a signal handling issue that could cause silent termination of the rpc.idmapd daemon. * Don't convert user or group names with non-ASCII characters to 'nobody' or 'nogroup'. * Don't impose local-locking on /usr/sap. * Skip processing files in /var/lib/nfs/rpc_pipefs/nfs if they don't exist. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nfs-client-7286 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nfs-client-7286 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nfs-client-7286 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): nfs-client-1.2.3-18.27.2 nfs-doc-1.2.3-18.27.2 nfs-kernel-server-1.2.3-18.27.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): nfs-client-1.2.3-18.27.2 nfs-doc-1.2.3-18.27.2 nfs-kernel-server-1.2.3-18.27.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): nfs-client-1.2.3-18.27.2 nfs-kernel-server-1.2.3-18.27.2 References: https://bugzilla.novell.com/772120 https://bugzilla.novell.com/775216 https://bugzilla.novell.com/787272 https://bugzilla.novell.com/788245 https://bugzilla.novell.com/800414 http://download.novell.com/patch/finder/?keywords=7b041e5389614683674d230f64646117 From sle-updates at lists.suse.com Tue Feb 12 15:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2013 23:04:25 +0100 (CET) Subject: SUSE-SU-2013:0288-1: critical: Security update for flash-player Message-ID: <20130212220425.597F127F01@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0288-1 Rating: critical References: #802809 Cross-References: CVE-2013-0633 CVE-2013-0634 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: Adobe Flash Player was updated to release 11.2.202.262, fixing bugs and security issues. (CVE-2013-0633 , CVE-2013-0634 ) More information can be found at http://www.adobe.com/support/security/bulletins/apsb13-04.ht ml Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7326 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.262]: flash-player-11.2.202.262-0.3.1 flash-player-gnome-11.2.202.262-0.3.1 flash-player-kde4-11.2.202.262-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.262]: flash-player-11.2.202.262-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0633.html http://support.novell.com/security/cve/CVE-2013-0634.html https://bugzilla.novell.com/802809 http://download.novell.com/patch/finder/?keywords=048b4e48a8d9af16008045b1c6b96cec http://download.novell.com/patch/finder/?keywords=e0f14c54bb47715b016d8d14c5f7257d From sle-updates at lists.suse.com Wed Feb 13 15:04:23 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2013 23:04:23 +0100 (CET) Subject: SUSE-RU-2013:0291-1: Recommended update for release-notes-sled Message-ID: <20130213220423.EF0EC27F01@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0291-1 Rating: low References: #789223 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise Desktop 10 SP4. Package List: - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 10.4.9]: release-notes-sled-10.4.9-0.8.1 References: https://bugzilla.novell.com/789223 http://download.novell.com/patch/finder/?keywords=6ffa53415375e630680b4f1dff0febf4 From sle-updates at lists.suse.com Wed Feb 13 15:04:29 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2013 23:04:29 +0100 (CET) Subject: SUSE-SU-2013:0292-1: important: Security update for MozillaFirefox Message-ID: <20130213220429.1449A27F01@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0292-1 Rating: important References: #796895 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes four new package versions. Description: Mozilla Firefox was updated to the 10.0.12ESR release for LTSS. * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769 ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749 ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770 ) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue was fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760 ) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762 ) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766 ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767 ) The following issues were fixed in Firefox 18 and ESR 17.0.1: o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761 ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763 ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771 ) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release: o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829 ) * MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768 ) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. * MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. ( CVE-2013-0759 ) * MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. ( CVE-2013-0744 ) * MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751 ) * MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764 ) * MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745 ) * MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746 ) * MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747 ) * MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748 ) * MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750 ) * MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752 ) * MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757 ) * MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758 ) * MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753 ) * MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754 ) * MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755 ) * MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756 ) * MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743 ) Indications: Everyone should install this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-firefox-201302-7318 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201302-7318 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 10.0.12,3.14.1,4.9.4 and 7]: MozillaFirefox-10.0.12-0.4.3 MozillaFirefox-branding-SLES-for-VMware-7-0.4.2.102 MozillaFirefox-translations-10.0.12-0.4.3 libfreebl3-3.14.1-0.3.1 mozilla-nspr-4.9.4-0.3.1 mozilla-nss-3.14.1-0.3.1 mozilla-nss-tools-3.14.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (x86_64) [New Version: 3.14.1 and 4.9.4]: libfreebl3-32bit-3.14.1-0.3.1 mozilla-nspr-32bit-4.9.4-0.3.1 mozilla-nss-32bit-3.14.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 10.0.12,3.14.1,4.9.4 and 7]: MozillaFirefox-10.0.12-0.4.3 MozillaFirefox-branding-SLED-7-0.6.7.103 MozillaFirefox-translations-10.0.12-0.4.3 libfreebl3-3.14.1-0.3.1 mozilla-nspr-4.9.4-0.3.1 mozilla-nss-3.14.1-0.3.1 mozilla-nss-tools-3.14.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.14.1 and 4.9.4]: libfreebl3-32bit-3.14.1-0.3.1 mozilla-nspr-32bit-4.9.4-0.3.1 mozilla-nss-32bit-3.14.1-0.3.1 References: https://bugzilla.novell.com/796895 http://download.novell.com/patch/finder/?keywords=b16b31709d6161048a780e6c97c5aeb2 From sle-updates at lists.suse.com Thu Feb 14 14:04:22 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2013 22:04:22 +0100 (CET) Subject: SUSE-SU-2013:0296-1: critical: Security update for flash-player Message-ID: <20130214210422.804B132058@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0296-1 Rating: critical References: #803485 Cross-References: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639 CVE-2013-0642 CVE-2013-0644 CVE-2013-0645 CVE-2013-0647 CVE-2013-0649 CVE-2013-1365 CVE-2013-1366 CVE-2013-1367 CVE-2013-1368 CVE-2013-1369 CVE-2013-1370 CVE-2013-1372 CVE-2013-1373 CVE-2013-1374 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. It includes one version update. Description: This update for flash-player to version 11.2.202.270, tracked as ABSP13-05 , contains fixes for the following security issues: * Several buffer overflow vulnerabilities that could lead to code execution. (CVE-2013-0642 , CVE-2013-0645 , CVE-2013-1365 , CVE-2013-1366 , CVE-2013-1367 , CVE-2013-1368 , CVE-2013-1369 , CVE-2013-1370 , CVE-2013-1372 , CVE-2013-1373 ) * Use-after-free vulnerabilities that could lead to code execution. ( CVE-2013-0644 , CVE-2013-0649 , CVE-2013-1374 ) * An integer overflow vulnerability that could lead to code execution. ( CVE-2013-0639 ) * Two memory corruption vulnerabilities that could lead to code execution. (CVE-2013-0638 , CVE-2013-0647 ) * An information disclosure vulnerability. (CVE-2013-0637 ) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7338 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.270]: flash-player-11.2.202.270-0.3.1 flash-player-gnome-11.2.202.270-0.3.1 flash-player-kde4-11.2.202.270-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.270]: flash-player-11.2.202.270-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0637.html http://support.novell.com/security/cve/CVE-2013-0638.html http://support.novell.com/security/cve/CVE-2013-0639.html http://support.novell.com/security/cve/CVE-2013-0642.html http://support.novell.com/security/cve/CVE-2013-0644.html http://support.novell.com/security/cve/CVE-2013-0645.html http://support.novell.com/security/cve/CVE-2013-0647.html http://support.novell.com/security/cve/CVE-2013-0649.html http://support.novell.com/security/cve/CVE-2013-1365.html http://support.novell.com/security/cve/CVE-2013-1366.html http://support.novell.com/security/cve/CVE-2013-1367.html http://support.novell.com/security/cve/CVE-2013-1368.html http://support.novell.com/security/cve/CVE-2013-1369.html http://support.novell.com/security/cve/CVE-2013-1370.html http://support.novell.com/security/cve/CVE-2013-1372.html http://support.novell.com/security/cve/CVE-2013-1373.html http://support.novell.com/security/cve/CVE-2013-1374.html https://bugzilla.novell.com/803485 http://download.novell.com/patch/finder/?keywords=3c1e2d8109d0393f30c137f2f4d16628 http://download.novell.com/patch/finder/?keywords=bd904e708bb0e01638db2f0e3e06bc29 From sle-updates at lists.suse.com Thu Feb 14 21:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Feb 2013 05:04:12 +0100 (CET) Subject: SUSE-RU-2013:0300-1: Recommended update for DRBD Message-ID: <20130215040412.20CFA32068@maintenance.suse.de> SUSE Recommended Update: Recommended update for DRBD ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0300-1 Rating: low References: #751135 #775930 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update updates the Distributed Replicated Block Device (DRBD) component of SLES HAE 11 SP2 to version 8.4.2 (FATE#313824, bnc#751135), providing many fixes and improvements: * Fixed a race condition that could cause DRBD to go through a NetworkFailure state during disconnect (bnc#775930) * Fixed IO resuming after connection was established before fence peer handler returned * Fixed an issue in the state engine that could cause state lockup with multiple volumes * Write all pages of the bitmap if it gets moved during an online resize operation * Fixed a race condition in the disconnect code path that could lead to a BUG() * Fixed a write ordering problem on SyncTarget nodes for a write to a block that gets resynced at the same time. * Fixed a potential deadlock during restart of conflicting writes * Disable the write ordering method "barrier" by default * Removed a null pointer access when using on-congestion policy on a diskless device * In case of a graceful detach under IO load, wait for the outstanding IO * Reinstate disabling AL updates with invalidate-remote * Reinstate the 'disk-barrier no', 'disk-flushes no', and 'disk-drain no' switches * Support FLUSH/FUA bio flags * New option 'al-updates no' to disable writing transactions into the activity log. Please refer to the package change log for more details. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-drbd-7142 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-drbd-7142 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64): drbd-kmp-rt-8.4.2_3.0.35_rt58_0.7-0.6.6.4 drbd-kmp-rt_trace-8.4.2_3.0.35_rt58_0.7-0.6.6.4 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.4.2]: drbd-8.4.2-0.6.6.7 drbd-bash-completion-8.4.2-0.6.6.7 drbd-heartbeat-8.4.2-0.6.6.7 drbd-kmp-default-8.4.2_3.0.51_0.7.9-0.6.6.4 drbd-kmp-trace-8.4.2_3.0.51_0.7.9-0.6.6.4 drbd-pacemaker-8.4.2-0.6.6.7 drbd-udev-8.4.2-0.6.6.7 drbd-utils-8.4.2-0.6.6.7 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): drbd-kmp-xen-8.4.2_3.0.51_0.7.9-0.6.6.4 - SUSE Linux Enterprise High Availability Extension 11 SP2 (x86_64) [New Version: 8.4.2]: drbd-xen-8.4.2-0.6.6.7 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): drbd-kmp-ppc64-8.4.2_3.0.51_0.7.9-0.6.6.4 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): drbd-kmp-pae-8.4.2_3.0.51_0.7.9-0.6.6.4 References: https://bugzilla.novell.com/751135 https://bugzilla.novell.com/775930 http://download.novell.com/patch/finder/?keywords=b0cc060a18dda8a8447e54b599bf9072 From sle-updates at lists.suse.com Mon Feb 18 10:04:21 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2013 18:04:21 +0100 (CET) Subject: SUSE-SU-2013:0306-1: important: Security update for Mozilla Firefox Message-ID: <20130218170421.88706320D9@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0306-1 Rating: important References: #666101 #681836 #684069 #712248 #769762 #796895 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes three new package versions. Description: Mozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically: * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749) Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue has been fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760) The following issues has been fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766) o Out of bounds read in nsSVGPathElement::GetPathLengthScale (CVE-2013-0763) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771) The following issue has been fixed in Firefox 18 and in the earlier ESR 10.0.11 release: o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) * MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. * MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. (CVE-2013-0759) * MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. (CVE-2013-0744) * MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751) * MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764) * MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745) * MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746) * MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747) * MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748) * MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750) * MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752) * MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757) * MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758) * MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753) * MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754) * MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755) * MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756) * MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743) Indications: Everyone using Firefox should update. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.14.1 and 4.9.4]: firefox3-cairo-1.2.4-0.8.5 firefox3-gtk2-2.10.6-0.12.21 firefox3-pango-1.14.5-0.12.178 mozilla-nspr-4.9.4-0.6.1 mozilla-nspr-devel-4.9.4-0.6.1 mozilla-nss-3.14.1-0.6.1 mozilla-nss-devel-3.14.1-0.6.1 mozilla-nss-tools-3.14.1-0.6.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.14.1 and 4.9.4]: firefox3-cairo-32bit-1.2.4-0.8.5 firefox3-gtk2-32bit-2.10.6-0.12.21 firefox3-pango-32bit-1.14.5-0.12.178 mozilla-nspr-32bit-4.9.4-0.6.1 mozilla-nss-32bit-3.14.1-0.6.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x) [New Version: 7]: MozillaFirefox-10.0.12-0.6.3 MozillaFirefox-branding-SLED-7-0.8.46 MozillaFirefox-translations-10.0.12-0.6.3 References: https://bugzilla.novell.com/666101 https://bugzilla.novell.com/681836 https://bugzilla.novell.com/684069 https://bugzilla.novell.com/712248 https://bugzilla.novell.com/769762 https://bugzilla.novell.com/796895 http://download.novell.com/patch/finder/?keywords=8d645904d43fff2d5195e42ae81f6d59 From sle-updates at lists.suse.com Tue Feb 19 11:04:23 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2013 19:04:23 +0100 (CET) Subject: SUSE-RU-2013:0313-1: Recommended update for python-ethtool Message-ID: <20130219180423.A7D7F320E5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0313-1 Rating: low References: #770389 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for python-ethtool provides several stability bug fixes and support for IPv6 device information. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-python-ethtool-7361 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.7]: python-ethtool-0.7-0.13.1 References: https://bugzilla.novell.com/770389 http://download.novell.com/patch/finder/?keywords=698675a629f7231166d93bcf6e2e99b6 From sle-updates at lists.suse.com Tue Feb 19 16:05:00 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2013 00:05:00 +0100 (CET) Subject: SUSE-RU-2013:0314-1: Recommended update for dhcp Message-ID: <20130219230500.41BA632097@maintenance.suse.de> SUSE Recommended Update: Recommended update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0314-1 Rating: low References: #784640 #788787 #791280 #791289 #794578 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This collective update for DHCP provides fixes for the following issues: * Ignore SIGPIPE instead of terminating in socket code before the errno==EPIPE checks are reached (bnc#794578) * Merge upstream fixes for memory leaks and segmentation faults (bnc#794578) * Fix timing values calculation in dhcpv6 client to compare rebind value to infinity instead of renew (bnc#794578) * Fix discovery of interfaces which have only addresses with a label assigned (bnc#791289) * Fix parse buffer handling to avoid truncation of config > ~8k from bigger LDAP objects (bnc#788787) * Fix subclass name-ref and data quoting/escaping (bnc#788787) * Fix memory leaks on ldap_read_config errors (bnc#788787) * Fix dhclient-script to discard MTU lower-equal 576 rather than lower-than (bnc#791280) * Fix a memory leak in dhcp-ldap's subnet range processing (bnc#784640) * Fix a parsing error when processing the second dhcpService container that the dhcpServer object may refer to (bnc#784640). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-dhcp-7181 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-dhcp-7181 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-dhcp-7181 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-dhcp-7181 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.2.4.P2]: dhcp-devel-4.2.4.P2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 4.2.4.P2]: dhcp-4.2.4.P2-0.9.1 dhcp-client-4.2.4.P2-0.9.1 dhcp-relay-4.2.4.P2-0.9.1 dhcp-server-4.2.4.P2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.2.4.P2]: dhcp-4.2.4.P2-0.9.1 dhcp-client-4.2.4.P2-0.9.1 dhcp-relay-4.2.4.P2-0.9.1 dhcp-server-4.2.4.P2-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 4.2.4.P2]: dhcp-4.2.4.P2-0.9.1 dhcp-client-4.2.4.P2-0.9.1 References: https://bugzilla.novell.com/784640 https://bugzilla.novell.com/788787 https://bugzilla.novell.com/791280 https://bugzilla.novell.com/791289 https://bugzilla.novell.com/794578 http://download.novell.com/patch/finder/?keywords=07aeb7aab94da1affc679ac57b37a1d0 From sle-updates at lists.suse.com Wed Feb 20 08:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2013 16:04:17 +0100 (CET) Subject: SUSE-SU-2013:0315-1: important: Security update for Java 1.6.0 Message-ID: <20130220150417.5164D320AD@maintenance.suse.de> SUSE Security Update: Security update for Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0315-1 Rating: important References: #494536 #792951 #801972 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues: New in release 1.12.2 (2012-02-03): * Security fixes o S6563318, CVE-2013-0424: RMI data sanitization o S6664509, CVE-2013-0425: Add logging context o S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time o S6776941: CVE-2013-0427: Improve thread pool shutdown o S7141694, CVE-2013-0429: Improving CORBA internals o S7173145: Improve in-memory representation of splashscreens o S7186945: Unpack200 improvement o S7186946: Refine unpacker resource usage o S7186948: Improve Swing data validation o S7186952, CVE-2013-0432: Improve clipboard access o S7186954: Improve connection performance o S7186957: Improve Pack200 data validation o S7192392, CVE-2013-0443: Better validation of client keys o S7192393, CVE-2013-0440: Better Checking of order of TLS Messages o S7192977, CVE-2013-0442: Issue in toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies o S7200491: Tighten up JTable layout code o S7200500: Launcher better input validation o S7201064: Better dialogue checking o S7201066, CVE-2013-0441: Change modifiers on unused fields o S7201068, CVE-2013-0435: Better handling of UI elements o S7201070: Serialization to conform to protocol o S7201071, CVE-2013-0433: InetSocketAddress serialization issue o S8000210: Improve JarFile code quality o S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class o S8000540, CVE-2013-1475: Improve IIOP type reuse management o S8000631, CVE-2013-1476: Restrict access to class constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP handling o S8001242: Improve RMI HTTP conformance o S8001307: Modify ACC_SUPER behavior o S8001972, CVE-2013-1478: Improve image processing o S8002325, CVE-2013-1480: Improve management of images * Backports o S7010849: 5/5 Extraneous javac source/target options when building sa-jdi o S8004341: Two JCK tests fails with 7u11 b06 o S8005615: Java Logger fails to load tomcat logger implementation (JULI) * Bug fixes o PR1297: cacao and jamvm parallel unpack failures o PR1301: PR1171 causes builds of Zero to fail Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-7332 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1 References: https://bugzilla.novell.com/494536 https://bugzilla.novell.com/792951 https://bugzilla.novell.com/801972 http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e From sle-updates at lists.suse.com Thu Feb 21 10:04:23 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2013 18:04:23 +0100 (CET) Subject: SUSE-SU-2013:0320-1: important: Security update for libvirt Message-ID: <20130221170423.C8EEA27FCE@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0320-1 Rating: important References: #782311 #800976 Cross-References: CVE-2013-0170 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: libvirt was updated to fix the following security issue: * A flaw was found in the way message freeing on connection cleanup was handled under certain error conditions. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process. (CVE-2013-0170) Also following bug has been fixed: * Add managedSave functions to legacy xen driver bnc#782311 Security Issue reference: * CVE-2013-0170 Indications: Everyone should install this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libvirt-7310 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libvirt-7310 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libvirt-7310 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-0.9.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libvirt-devel-32bit-0.9.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libvirt-0.9.6-0.25.1 libvirt-client-0.9.6-0.25.1 libvirt-doc-0.9.6-0.25.1 libvirt-python-0.9.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libvirt-client-32bit-0.9.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libvirt-0.9.6-0.25.1 libvirt-client-0.9.6-0.25.1 libvirt-doc-0.9.6-0.25.1 libvirt-python-0.9.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libvirt-client-32bit-0.9.6-0.25.1 References: http://support.novell.com/security/cve/CVE-2013-0170.html https://bugzilla.novell.com/782311 https://bugzilla.novell.com/800976 http://download.novell.com/patch/finder/?keywords=f032a56a63abda0090da8ca02ce23191 From sle-updates at lists.suse.com Thu Feb 21 13:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2013 21:04:25 +0100 (CET) Subject: SUSE-RU-2013:0321-1: Recommended update for librtas Message-ID: <20130221200425.780DB320DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for librtas ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0321-1 Rating: low References: #795417 Affected Products: SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for librtas fixes a memory leak and changes the file locking policy to wait for locks that are held by other processes instead of returning an I/O error to the application. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-librtas-7249 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (ppc64): librtas-1.3.6-0.12.12.1 librtas-32bit-1.3.6-0.12.12.1 References: https://bugzilla.novell.com/795417 http://download.novell.com/patch/finder/?keywords=10405eadaf05f75d1de2d3a9ad8736ba From sle-updates at lists.suse.com Thu Feb 21 13:04:30 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2013 21:04:30 +0100 (CET) Subject: SUSE-SU-2013:0322-1: moderate: Security update for wireshark Message-ID: <20130221200430.327D8320DB@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0322-1 Rating: moderate References: #801131 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: wireshark was updated to 1.8.5 (bnc#801131), fixing bugs and security issues: The following vulnerabilities have been fixed: * Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors wnpa-sec-2013-01 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 * The CLNP dissector could crash wnpa-sec-2013-02 CVE-2013-1582 * The DTN dissector could crash wnpa-sec-2013-03 CVE-2013-1583 CVE-2013-1584 * The MS-MMC dissector (and possibly others) could crash wnpa-sec-2013-04 CVE-2013-1585 * The DTLS dissector could crash wnpa-sec-2013-05 CVE-2013-1586 * The ROHC dissector could crash wnpa-sec-2013-06 CVE-2013-1587 * The DCP-ETSI dissector could corrupt memory wnpa-sec-2013-07 CVE-2013-1588 * The Wireshark dissection engine could crash wnpa-sec-2013-08 CVE-2013-1589 * The NTLMSSP dissector could overflow a buffer wnpa-sec-2013-09 CVE-2013-1590 Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-7317 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-7317 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-7317 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-7317 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.5]: wireshark-devel-1.8.5-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.5]: wireshark-1.8.5-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.5]: wireshark-1.8.5-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.5]: wireshark-1.8.5-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-1.6.13-0.5.1 wireshark-devel-1.6.13-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.5]: wireshark-1.8.5-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): wireshark-1.6.13-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-devel-1.6.13-0.5.1 References: https://bugzilla.novell.com/801131 http://download.novell.com/patch/finder/?keywords=00d047ef2619f2e2b31e0f986b29d382 http://download.novell.com/patch/finder/?keywords=90ed0d8af6b9a4a1e0c3b81971586592 From sle-updates at lists.suse.com Fri Feb 22 08:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2013 16:04:17 +0100 (CET) Subject: SUSE-SU-2013:0325-1: important: Security update for Samba Message-ID: <20130222150417.ED9D53213D@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0325-1 Rating: important References: #754443 #764577 #783384 #799641 #800982 Cross-References: CVE-2013-0213 CVE-2013-0214 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery (CVE-2013-0214) and a click-jacking attack (CVE-2013-0213). This has been fixed. Additionally a bug in mount.cifs has been fixed which could have lead to file disclosure (CVE-2012-1586). Also a uninitialized memory read bug in talloc_free() has been fixed. (bnc#764577). Security Issue references: * CVE-2013-0213 * CVE-2013-0214 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): cifs-mount-3.0.36-0.13.24.1 ldapsmb-1.34b-25.13.24.1 libmsrpc-3.0.36-0.13.24.1 libmsrpc-devel-3.0.36-0.13.24.1 libsmbclient-3.0.36-0.13.24.1 libsmbclient-devel-3.0.36-0.13.24.1 samba-3.0.36-0.13.24.1 samba-client-3.0.36-0.13.24.1 samba-krb-printing-3.0.36-0.13.24.1 samba-python-3.0.36-0.13.24.1 samba-vscan-0.3.6b-43.13.24.1 samba-winbind-3.0.36-0.13.24.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libsmbclient-32bit-3.0.36-0.13.24.1 samba-32bit-3.0.36-0.13.24.1 samba-client-32bit-3.0.36-0.13.24.1 samba-winbind-32bit-3.0.36-0.13.24.1 - SUSE Linux Enterprise Server 10 SP4 (noarch): samba-doc-3.0.36-0.12.24.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libsmbclient-x86-3.0.36-0.13.24.1 samba-client-x86-3.0.36-0.13.24.1 samba-winbind-x86-3.0.36-0.13.24.1 samba-x86-3.0.36-0.13.24.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libsmbclient-64bit-3.0.36-0.13.24.1 samba-64bit-3.0.36-0.13.24.1 samba-client-64bit-3.0.36-0.13.24.1 samba-winbind-64bit-3.0.36-0.13.24.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): cifs-mount-3.0.36-0.13.24.1 ldapsmb-1.34b-25.13.24.1 libsmbclient-3.0.36-0.13.24.1 libsmbclient-devel-3.0.36-0.13.24.1 samba-3.0.36-0.13.24.1 samba-client-3.0.36-0.13.24.1 samba-krb-printing-3.0.36-0.13.24.1 samba-vscan-0.3.6b-43.13.24.1 samba-winbind-3.0.36-0.13.24.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libsmbclient-32bit-3.0.36-0.13.24.1 samba-32bit-3.0.36-0.13.24.1 samba-client-32bit-3.0.36-0.13.24.1 samba-winbind-32bit-3.0.36-0.13.24.1 - SUSE Linux Enterprise Desktop 10 SP4 (noarch): samba-doc-3.0.36-0.12.24.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libmsrpc-3.0.36-0.13.24.1 libmsrpc-devel-3.0.36-0.13.24.1 libsmbclient-devel-3.0.36-0.13.24.1 libsmbsharemodes-3.0.36-0.13.24.1 libsmbsharemodes-devel-3.0.36-0.13.24.1 samba-python-3.0.36-0.13.24.1 References: http://support.novell.com/security/cve/CVE-2013-0213.html http://support.novell.com/security/cve/CVE-2013-0214.html https://bugzilla.novell.com/754443 https://bugzilla.novell.com/764577 https://bugzilla.novell.com/783384 https://bugzilla.novell.com/799641 https://bugzilla.novell.com/800982 http://download.novell.com/patch/finder/?keywords=1d50d01aa74b22f0c8645692c12273df From sle-updates at lists.suse.com Fri Feb 22 09:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2013 17:04:24 +0100 (CET) Subject: SUSE-SU-2013:0326-1: important: Security update for Samba Message-ID: <20130222160424.4E19D320EE@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0326-1 Rating: important References: #783384 #786677 #791183 #792340 #799641 #800982 Cross-References: CVE-2013-0213 CVE-2013-0214 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery (CVE-2013-0214) and a click-jacking attack (CVE-2013-0213). This has been fixed. Security Issue references: * CVE-2013-0213 * CVE-2013-0214 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cifs-mount-7292 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cifs-mount-7292 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cifs-mount-7292 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cifs-mount-7292 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.30.1 libnetapi-devel-3.6.3-0.30.1 libnetapi0-3.6.3-0.30.1 libsmbclient-devel-3.6.3-0.30.1 libsmbsharemodes-devel-3.6.3-0.30.1 libsmbsharemodes0-3.6.3-0.30.1 libtalloc-devel-3.6.3-0.30.1 libtdb-devel-3.6.3-0.30.1 libtevent-devel-3.6.3-0.30.1 libwbclient-devel-3.6.3-0.30.1 samba-devel-3.6.3-0.30.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.30.1 libldb1-3.6.3-0.30.1 libsmbclient0-3.6.3-0.30.1 libtalloc1-3.4.3-1.42.11 libtalloc2-3.6.3-0.30.1 libtdb1-3.6.3-0.30.1 libtevent0-3.6.3-0.30.1 libwbclient0-3.6.3-0.30.1 samba-3.6.3-0.30.1 samba-client-3.6.3-0.30.1 samba-krb-printing-3.6.3-0.30.1 samba-winbind-3.6.3-0.30.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.30.1 libtalloc1-32bit-3.4.3-1.42.11 libtalloc2-32bit-3.6.3-0.30.1 libtdb1-32bit-3.6.3-0.30.1 libwbclient0-32bit-3.6.3-0.30.1 samba-32bit-3.6.3-0.30.1 samba-client-32bit-3.6.3-0.30.1 samba-winbind-32bit-3.6.3-0.30.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.30.1 libldb1-3.6.3-0.30.1 libsmbclient0-3.6.3-0.30.1 libtalloc1-3.4.3-1.42.11 libtalloc2-3.6.3-0.30.1 libtdb1-3.6.3-0.30.1 libtevent0-3.6.3-0.30.1 libwbclient0-3.6.3-0.30.1 samba-3.6.3-0.30.1 samba-client-3.6.3-0.30.1 samba-krb-printing-3.6.3-0.30.1 samba-winbind-3.6.3-0.30.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.30.1 libtalloc1-32bit-3.4.3-1.42.11 libtalloc2-32bit-3.6.3-0.30.1 libtdb1-32bit-3.6.3-0.30.1 libwbclient0-32bit-3.6.3-0.30.1 samba-32bit-3.6.3-0.30.1 samba-client-32bit-3.6.3-0.30.1 samba-winbind-32bit-3.6.3-0.30.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.30.1 libtalloc1-x86-3.4.3-1.42.11 libtalloc2-x86-3.6.3-0.30.1 libtdb1-x86-3.6.3-0.30.1 libwbclient0-x86-3.6.3-0.30.1 samba-client-x86-3.6.3-0.30.1 samba-winbind-x86-3.6.3-0.30.1 samba-x86-3.6.3-0.30.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.30.1 libsmbclient0-3.6.3-0.30.1 libtalloc1-3.4.3-1.42.11 libtalloc2-3.6.3-0.30.1 libtdb1-3.6.3-0.30.1 libtevent0-3.6.3-0.30.1 libwbclient0-3.6.3-0.30.1 samba-3.6.3-0.30.1 samba-client-3.6.3-0.30.1 samba-krb-printing-3.6.3-0.30.1 samba-winbind-3.6.3-0.30.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.30.1 libsmbclient0-32bit-3.6.3-0.30.1 libtalloc1-32bit-3.4.3-1.42.11 libtalloc2-32bit-3.6.3-0.30.1 libtdb1-32bit-3.6.3-0.30.1 libtevent0-32bit-3.6.3-0.30.1 libwbclient0-32bit-3.6.3-0.30.1 samba-32bit-3.6.3-0.30.1 samba-client-32bit-3.6.3-0.30.1 samba-winbind-32bit-3.6.3-0.30.1 References: http://support.novell.com/security/cve/CVE-2013-0213.html http://support.novell.com/security/cve/CVE-2013-0214.html https://bugzilla.novell.com/783384 https://bugzilla.novell.com/786677 https://bugzilla.novell.com/791183 https://bugzilla.novell.com/792340 https://bugzilla.novell.com/799641 https://bugzilla.novell.com/800982 http://download.novell.com/patch/finder/?keywords=cdf3a69eb9b0ec60da7dfbb423fc0e17 From sle-updates at lists.suse.com Fri Feb 22 12:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2013 20:04:24 +0100 (CET) Subject: SUSE-SU-2013:0327-1: moderate: Security update for squid Message-ID: <20130222190425.1D28032159@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0327-1 Rating: moderate References: #677335 #794954 #796999 Cross-References: CVE-2012-5643 CVE-2013-0188 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: A denial of service problem in Squid via invalid Content-Length headers and memory leaks has been fixed. (CVE-2012-5643,CVE-2013-0189, SQUID-2012:1) Also a logrotate permission issue has been fixed. Security Issue references: * CVE-2012-5643 * CVE-2013-0188 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-squid-7335 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-squid-7335 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): squid-2.7.STABLE5-2.12.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): squid-2.7.STABLE5-2.12.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): squid-2.5.STABLE12-18.13.982.4.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): squid-2.5.STABLE12-18.13.982.4.1 References: http://support.novell.com/security/cve/CVE-2012-5643.html http://support.novell.com/security/cve/CVE-2013-0188.html https://bugzilla.novell.com/677335 https://bugzilla.novell.com/794954 https://bugzilla.novell.com/796999 http://download.novell.com/patch/finder/?keywords=850346f40016e8457b0ca1c737fbfd5d http://download.novell.com/patch/finder/?keywords=ea804a20f53e618c382bf65e78981a22 From sle-updates at lists.suse.com Fri Feb 22 12:04:30 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2013 20:04:30 +0100 (CET) Subject: SUSE-SU-2013:0328-1: important: Security update for Java Message-ID: <20130222190430.8CFEB32159@maintenance.suse.de> SUSE Security Update: Security update for Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0328-1 Rating: important References: #804654 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-7385 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.3-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.3-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.3-0.2.1 References: https://bugzilla.novell.com/804654 http://download.novell.com/patch/finder/?keywords=f8727e2d72c81a958750085c77842da9 From sle-updates at lists.suse.com Fri Feb 22 15:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2013 23:04:25 +0100 (CET) Subject: SUSE-RU-2013:0329-1: Recommended update for audit Message-ID: <20130222220425.C4382320EE@maintenance.suse.de> SUSE Recommended Update: Recommended update for audit ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0329-1 Rating: low References: #792713 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: The set of tools for Kernel Auditing (audit) has been updated to version 1.8. The update brings many fixes and enhancements, including: * Add definitions for crypto events * Add tcp_wrappers configuration option to auditd * Add interpretations for epoll_ctl, lseek, and sigaction to libauparse * Add aulast, a program that prints a list of the last logged in users * Add system boot, shutdown, and run level change events * Add max_restarts to audispd.conf to limit plugin restarts * Add new kernel capability event record types * Add support in ausearch and aureport for TTY data * Add new aureport option for TTY keystroke report * Interpret TTY audit data in auparse * Allow aulastlog to read input from standard input * Allow ausearch and aureport to specify multiple node names * Allow auditd log rotation via SIGUSR1 when NOLOG log format option is enabled * Allow the keyword "any" for local_port in audisp-remote * Send AUDIT_RMW_TYPE_ENDING messages to clients when auditd shuts down * Fix ausearch and aureport to handle out of order events * Fix problem with negative UIDs in audit rules on 32bit systems * Fix bug interpreting i386 logs on x86_64 machines * Fix uninitialized variable in aureport that could cause a segmentation fault * Improve performance of ausearch and aureport. The format of messages printed by the tools or logs generated might have changed to improve readability or include more information. For a comprehensive list of changes please refer to the package change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-audit-18-7264 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-audit-18-7264 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-audit-18-7264 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-audit-18-7264 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8]: audit-devel-1.8-0.28.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8]: audit-libs-python-1.8-0.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8]: audit-1.8-0.28.1 audit-audispd-plugins-1.8-0.28.1 audit-libs-1.8-0.28.1 audit-libs-python-1.8-0.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 1.8]: audit-libs-32bit-1.8-0.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8]: audit-1.8-0.28.1 audit-audispd-plugins-1.8-0.28.1 audit-libs-1.8-0.28.1 audit-libs-python-1.8-0.28.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 1.8]: audit-libs-32bit-1.8-0.28.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 1.8]: audit-libs-x86-1.8-0.28.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8]: audit-1.8-0.28.1 audit-libs-1.8-0.28.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 1.8]: audit-libs-32bit-1.8-0.28.1 References: https://bugzilla.novell.com/792713 http://download.novell.com/patch/finder/?keywords=ef44c3798aa618ace55800923eca3069 From sle-updates at lists.suse.com Mon Feb 25 08:04:19 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2013 16:04:19 +0100 (CET) Subject: SUSE-SU-2013:0341-1: important: Security update for Linux kernel Message-ID: <20130225150419.115EA3213D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0341-1 Rating: important References: #779577 #803056 #804154 Cross-References: CVE-2013-0871 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel has been updated to fix two issues: One severe security issue: * CVE-2013-0871: A race condition in ptrace(2) could be used by local attackers to crash the kernel and/or execute code in kernel context. One severe regression issue: * A regression in UNIX domain socket credential passing. The default disabling of passing credentials caused regression in some software packages that did not expect this. One major software package affected by this was the Open Enterprise Server stack. Security Issue reference: * CVE-2013-0871 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7370 slessp2-kernel-7374 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7370 slessp2-kernel-7371 slessp2-kernel-7372 slessp2-kernel-7373 slessp2-kernel-7374 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7370 sleshasp2-kernel-7371 sleshasp2-kernel-7372 sleshasp2-kernel-7373 sleshasp2-kernel-7374 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7370 sledsp2-kernel-7374 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.58]: kernel-default-3.0.58-0.6.6.1 kernel-default-base-3.0.58-0.6.6.1 kernel-default-devel-3.0.58-0.6.6.1 kernel-source-3.0.58-0.6.6.1 kernel-syms-3.0.58-0.6.6.1 kernel-trace-3.0.58-0.6.6.1 kernel-trace-base-3.0.58-0.6.6.1 kernel-trace-devel-3.0.58-0.6.6.1 kernel-xen-devel-3.0.58-0.6.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.3_06_3.0.58_0.6.6-0.7.22 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.58]: kernel-pae-3.0.58-0.6.6.1 kernel-pae-base-3.0.58-0.6.6.1 kernel-pae-devel-3.0.58-0.6.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.58]: kernel-default-3.0.58-0.6.6.1 kernel-default-base-3.0.58-0.6.6.1 kernel-default-devel-3.0.58-0.6.6.1 kernel-source-3.0.58-0.6.6.1 kernel-syms-3.0.58-0.6.6.1 kernel-trace-3.0.58-0.6.6.1 kernel-trace-base-3.0.58-0.6.6.1 kernel-trace-devel-3.0.58-0.6.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.58]: kernel-ec2-3.0.58-0.6.6.1 kernel-ec2-base-3.0.58-0.6.6.1 kernel-ec2-devel-3.0.58-0.6.6.1 kernel-xen-3.0.58-0.6.6.1 kernel-xen-base-3.0.58-0.6.6.1 kernel-xen-devel-3.0.58-0.6.6.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-kmp-default-4.1.3_06_3.0.58_0.6.6-0.7.22 xen-kmp-trace-4.1.3_06_3.0.58_0.6.6-0.7.22 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.58]: kernel-default-man-3.0.58-0.6.6.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.58]: kernel-ppc64-3.0.58-0.6.6.1 kernel-ppc64-base-3.0.58-0.6.6.1 kernel-ppc64-devel-3.0.58-0.6.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.58]: kernel-pae-3.0.58-0.6.6.1 kernel-pae-base-3.0.58-0.6.6.1 kernel-pae-devel-3.0.58-0.6.6.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.58_0.6.6-2.18.22 cluster-network-kmp-trace-1.4_3.0.58_0.6.6-2.18.22 gfs2-kmp-default-2_3.0.58_0.6.6-0.7.56 gfs2-kmp-trace-2_3.0.58_0.6.6-0.7.56 ocfs2-kmp-default-1.6_3.0.58_0.6.6-0.11.21 ocfs2-kmp-trace-1.6_3.0.58_0.6.6-0.11.21 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.58_0.6.6-2.18.22 gfs2-kmp-xen-2_3.0.58_0.6.6-0.7.56 ocfs2-kmp-xen-1.6_3.0.58_0.6.6-0.11.21 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.58_0.6.6-2.18.22 gfs2-kmp-ppc64-2_3.0.58_0.6.6-0.7.56 ocfs2-kmp-ppc64-1.6_3.0.58_0.6.6-0.11.21 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.58_0.6.6-2.18.22 gfs2-kmp-pae-2_3.0.58_0.6.6-0.7.56 ocfs2-kmp-pae-1.6_3.0.58_0.6.6-0.11.21 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.58]: kernel-default-3.0.58-0.6.6.1 kernel-default-base-3.0.58-0.6.6.1 kernel-default-devel-3.0.58-0.6.6.1 kernel-default-extra-3.0.58-0.6.6.1 kernel-source-3.0.58-0.6.6.1 kernel-syms-3.0.58-0.6.6.1 kernel-trace-3.0.58-0.6.6.1 kernel-trace-base-3.0.58-0.6.6.1 kernel-trace-devel-3.0.58-0.6.6.1 kernel-trace-extra-3.0.58-0.6.6.1 kernel-xen-3.0.58-0.6.6.1 kernel-xen-base-3.0.58-0.6.6.1 kernel-xen-devel-3.0.58-0.6.6.1 kernel-xen-extra-3.0.58-0.6.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-kmp-default-4.1.3_06_3.0.58_0.6.6-0.7.22 xen-kmp-trace-4.1.3_06_3.0.58_0.6.6-0.7.22 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.58]: kernel-pae-3.0.58-0.6.6.1 kernel-pae-base-3.0.58-0.6.6.1 kernel-pae-devel-3.0.58-0.6.6.1 kernel-pae-extra-3.0.58-0.6.6.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.58_0.6.6-0.14.37 ext4-writeable-kmp-trace-0_3.0.58_0.6.6-0.14.37 kernel-default-extra-3.0.58-0.6.6.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.58_0.6.6-0.14.37 kernel-xen-extra-3.0.58-0.6.6.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.58_0.6.6-0.14.37 kernel-ppc64-extra-3.0.58-0.6.6.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.58_0.6.6-0.14.37 kernel-pae-extra-3.0.58-0.6.6.1 References: http://support.novell.com/security/cve/CVE-2013-0871.html https://bugzilla.novell.com/779577 https://bugzilla.novell.com/803056 https://bugzilla.novell.com/804154 http://download.novell.com/patch/finder/?keywords=10037186d0231f1a32ce51a56a6264fe http://download.novell.com/patch/finder/?keywords=49bc84a534c4dc27924ba16b7a059fc2 http://download.novell.com/patch/finder/?keywords=79a6a6374f12b65c28a80b9c0300005a http://download.novell.com/patch/finder/?keywords=8ef06ed5ef2eb5e3a97dc48a7b8de3a4 http://download.novell.com/patch/finder/?keywords=97d109043a69111836aa0f3a9bca7bee http://download.novell.com/patch/finder/?keywords=b76bb20a0aae353c64f4c71f71e22032 http://download.novell.com/patch/finder/?keywords=c0204c021417aeea941406c9dc91e999 http://download.novell.com/patch/finder/?keywords=cc29ce8b00fa8115f7ca7a13864749a8 http://download.novell.com/patch/finder/?keywords=d4af3accfd03bb3e5b258483f43bc999 http://download.novell.com/patch/finder/?keywords=e4b8bfc420a27b3e521d1a76a73a7712 From sle-updates at lists.suse.com Mon Feb 25 13:04:25 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2013 21:04:25 +0100 (CET) Subject: SUSE-RU-2013:0343-1: Recommended update for CUPS Message-ID: <20130225200425.8D98B27FF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for CUPS ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0343-1 Rating: low References: #748422 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for CUPS adjusts the translations of site templates to send the session ID on POST operations. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): cups-1.1.23-40.64.1 cups-client-1.1.23-40.64.1 cups-devel-1.1.23-40.64.1 cups-libs-1.1.23-40.64.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): cups-libs-32bit-1.1.23-40.64.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): cups-libs-x86-1.1.23-40.64.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): cups-libs-64bit-1.1.23-40.64.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): cups-1.1.23-40.64.1 cups-client-1.1.23-40.64.1 cups-devel-1.1.23-40.64.1 cups-libs-1.1.23-40.64.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): cups-libs-32bit-1.1.23-40.64.1 References: https://bugzilla.novell.com/748422 http://download.novell.com/patch/finder/?keywords=06bc0713056a6dff0fa7081fc5ade969 From sle-updates at lists.suse.com Mon Feb 25 14:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2013 22:04:16 +0100 (CET) Subject: SUSE-RU-2013:0344-1: Recommended update for CUPS Message-ID: <20130225210416.BE6F027FF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for CUPS ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0344-1 Rating: low References: #802408 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for CUPS removes the hard-coded printing delay of 5 seconds from the "socket" backend. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cups-7347 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cups-7347 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cups-7347 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cups-7347 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): cups-devel-1.3.9-8.46.46.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): cups-1.3.9-8.46.46.1 cups-client-1.3.9-8.46.46.1 cups-libs-1.3.9-8.46.46.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): cups-libs-32bit-1.3.9-8.46.46.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): cups-1.3.9-8.46.46.1 cups-client-1.3.9-8.46.46.1 cups-libs-1.3.9-8.46.46.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.46.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): cups-libs-x86-1.3.9-8.46.46.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): cups-1.3.9-8.46.46.1 cups-client-1.3.9-8.46.46.1 cups-libs-1.3.9-8.46.46.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): cups-libs-32bit-1.3.9-8.46.46.1 References: https://bugzilla.novell.com/802408 http://download.novell.com/patch/finder/?keywords=fc8c0c7f5165a986ec392143987c3241 From sle-updates at lists.suse.com Mon Feb 25 14:04:22 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2013 22:04:22 +0100 (CET) Subject: SUSE-SU-2013:0327-2: moderate: Security update for squid3 Message-ID: <20130225210422.DDC7C27FF2@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0327-2 Rating: moderate References: #677335 #794954 #796999 Cross-References: CVE-2012-5643 CVE-2013-0188 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: A denial of service problem in Squid3 initiated via invalid Content-Length headers and memory leaks has been fixed. (CVE-2012-5643,CVE-2013-0189, SQUID-2012:1) Also a logrotate permission issue has been fixed. Security Issue references: * CVE-2012-5643 * CVE-2013-0188 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-squid3-7336 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-squid3-7336 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): squid3-3.1.12-8.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.12-8.12.1 References: http://support.novell.com/security/cve/CVE-2012-5643.html http://support.novell.com/security/cve/CVE-2013-0188.html https://bugzilla.novell.com/677335 https://bugzilla.novell.com/794954 https://bugzilla.novell.com/796999 http://download.novell.com/patch/finder/?keywords=72314f290a0d07f3c6f10b4cd39848cc From sle-updates at lists.suse.com Mon Feb 25 15:04:26 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2013 23:04:26 +0100 (CET) Subject: SUSE-OU-2013:0345-1: Optional update for susestudio-export12 Message-ID: <20130225220426.54F7227FF2@maintenance.suse.de> SUSE Optional Update: Optional update for susestudio-export12 ______________________________________________________________________________ Announcement ID: SUSE-OU-2013:0345-1 Rating: low References: #789884 Affected Products: SUSE Studio Onsite 1.2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the new package susestudio-export12 and its dependencies. The script "export_from_onsite12" can be used to export all data and configuration files from SUSE Studio Onsite 1.2 into a tarball that can then be imported into future SUSE Studio Onsite versions. Indications: Every interested user can install these packages. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-studio-export12-7217 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.2 (x86_64): rubygem-abstract_method-1.2.0-0.4.2.1 rubygem-cheetah-0.3.0-0.4.2.1 rubygem-highline-1.6.1-0.4.2.1 susestudio-export12-1.3.0.9-0.3.1 References: https://bugzilla.novell.com/789884 http://download.novell.com/patch/finder/?keywords=7086c16e142eb2e8cf61eff5dfe4e34e From sle-updates at lists.suse.com Tue Feb 26 10:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2013 18:04:27 +0100 (CET) Subject: SUSE-RU-2013:0346-1: Recommended update for SUSE Linux Enterprise High Availability Extension 11 SP2 documentation Message-ID: <20130226170427.53C5227FF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Linux Enterprise High Availability Extension 11 SP2 documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0346-1 Rating: low References: #794679 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the SUSE Linux Enterprise High Availability Extension 11 SP2 documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-sle-ha-guide_en-pdf-7225 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (noarch) [New Version: 11.2]: sle-ha-guide_en-pdf-11.2-0.9.1 sle-ha-manuals_en-11.2-0.9.1 sle-ha-nfs-quick_en-pdf-11.2-0.9.1 References: https://bugzilla.novell.com/794679 http://download.novell.com/patch/finder/?keywords=a2635d80c8bb60e7ae03639af703ea69 From sle-updates at lists.suse.com Tue Feb 26 10:06:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2013 18:06:11 +0100 (CET) Subject: SUSE-SU-2013:0349-1: important: Security update for acroread Message-ID: <20130226170611.91B5027FF2@maintenance.suse.de> SUSE Security Update: Security update for acroread ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0349-1 Rating: important References: #803939 Cross-References: CVE-2013-0640 CVE-2013-0641 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes two new package versions. Description: Acrobat Reader has been updated to 9.5.4 which fixes two critical security issues where attackers supplying PDFs could have caused code execution with acrobat. (CVE-2013-0640, CVE-2013-0641) More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-07.h tml Security Issue references: * CVE-2013-0640 * CVE-2013-0641 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-acroread-7397 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (noarch): acroread-cmaps-9.4.6-0.4.3.1 acroread-fonts-ja-9.4.6-0.4.3.1 acroread-fonts-ko-9.4.6-0.4.3.1 acroread-fonts-zh_CN-9.4.6-0.4.3.1 acroread-fonts-zh_TW-9.4.6-0.4.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.4]: acroread-9.5.4-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.6.60 acroread-fonts-ja-9.4.6-0.6.60 acroread-fonts-ko-9.4.6-0.6.60 acroread-fonts-zh_CN-9.4.6-0.6.60 acroread-fonts-zh_TW-9.4.6-0.6.60 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.5.4]: acroread-9.5.4-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-0640.html http://support.novell.com/security/cve/CVE-2013-0641.html https://bugzilla.novell.com/803939 http://download.novell.com/patch/finder/?keywords=17a0fef06860e9576e12a10f458c5734 http://download.novell.com/patch/finder/?keywords=8900cb8f67a730308586567ea97b51a9 From sle-updates at lists.suse.com Tue Feb 26 10:06:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2013 18:06:16 +0100 (CET) Subject: SUSE-SU-2013:0350-1: moderate: Security update for inkscape Message-ID: <20130226170616.B70AE27FF2@maintenance.suse.de> SUSE Security Update: Security update for inkscape ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0350-1 Rating: moderate References: #794958 Cross-References: CVE-2012-5656 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: inkscape has been updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images. (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Security Issue reference: * CVE-2012-5656 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): inkscape-0.43-20.22.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): inkscape-0.43-20.22.1 References: http://support.novell.com/security/cve/CVE-2012-5656.html https://bugzilla.novell.com/794958 http://download.novell.com/patch/finder/?keywords=d5a97ae9b73a7b9ad83db7b862966e52 From sle-updates at lists.suse.com Tue Feb 26 11:04:49 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2013 19:04:49 +0100 (CET) Subject: SUSE-SU-2013:0351-1: moderate: Security update for inkscape Message-ID: <20130226180449.D388027FF2@maintenance.suse.de> SUSE Security Update: Security update for inkscape ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0351-1 Rating: moderate References: #794958 #796306 Cross-References: CVE-2012-5656 CVE-2012-6076 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: inkscape was updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from the current directory. (CVE-2012-6076) Security Issue references: * CVE-2012-6076 * CVE-2012-5656 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-inkscape-7380 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-inkscape-7380 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): inkscape-0.46-62.38.1 inkscape-extensions-dia-0.46-62.38.1 inkscape-extensions-extra-0.46-62.38.1 inkscape-extensions-fig-0.46-62.38.1 inkscape-extensions-gimp-0.46-62.38.1 inkscape-lang-0.46-62.38.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): inkscape-0.46-62.38.1 inkscape-extensions-dia-0.46-62.38.1 inkscape-extensions-extra-0.46-62.38.1 inkscape-extensions-fig-0.46-62.38.1 inkscape-extensions-gimp-0.46-62.38.1 inkscape-lang-0.46-62.38.1 References: http://support.novell.com/security/cve/CVE-2012-5656.html http://support.novell.com/security/cve/CVE-2012-6076.html https://bugzilla.novell.com/794958 https://bugzilla.novell.com/796306 http://download.novell.com/patch/finder/?keywords=3665fd73e37c0c781853b6cda2d6e0de From sle-updates at lists.suse.com Tue Feb 26 15:04:26 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2013 23:04:26 +0100 (CET) Subject: SUSE-RU-2013:0352-1: Recommended update for trousers Message-ID: <20130226220426.9E42427FDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for trousers ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0352-1 Rating: low References: #778897 #791029 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update for the trousers library and daemon fixes the following issues: * One minor security issue for cases where tcsd is enabled for TCP: CVE-2012-0698: tcsd in TrouSerS allowed remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. * An issue in the trousers library which prevents disabling of TPM physical presence. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libtspi1-7259 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libtspi1-7259 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libtspi1-7259 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libtspi1-7259 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): trousers-devel-0.3.7-3.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libtspi1-0.3.7-3.9.1 trousers-0.3.7-3.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libtspi1-32bit-0.3.7-3.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libtspi1-0.3.7-3.9.1 trousers-0.3.7-3.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libtspi1-32bit-0.3.7-3.9.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libtspi1-x86-0.3.7-3.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libtspi1-0.3.7-3.9.1 trousers-0.3.7-3.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libtspi1-32bit-0.3.7-3.9.1 References: https://bugzilla.novell.com/778897 https://bugzilla.novell.com/791029 http://download.novell.com/patch/finder/?keywords=1643d0b5e790fb1178d257b61247ad63 From sle-updates at lists.suse.com Wed Feb 27 16:12:22 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2013 00:12:22 +0100 (CET) Subject: SUSE-SU-2013:0355-1: moderate: Security update for rubygem-rack Message-ID: <20130227231223.1CCAA27FF2@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0355-1 Rating: moderate References: #798452 #802794 Cross-References: CVE-2012-6109 CVE-2013-0183 CVE-2013-0184 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: 3 denial of service conditions in the Rack 1.3 rubygem have been fixed. * Rack was updated to 1.3.10: o Fix CVE-2013-0263, timing attack against Rack::Session::Cookie * Rack was updated to 1.3.9. o Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings (CVE-2013-0184) o Security: Prevent unbounded reads in large multipart boundaries (CVE-2013-0183) * Changes from 1.3.7 (CVE-2012-6109) o Add warnings when users do not provide a session secret o Fix parsing performance for unquoted filenames o Updated URI backports o Fix URI backport version matching, and silence constant warnings o Correct parameter parsing with empty values o Correct rackup '-I' flag, to allow multiple uses o Correct rackup pidfile handling o Report rackup line numbers correctly o Fix request loops caused by non-stale nonces with time limits o Prevent infinite recursions from Response#to_ary o Various middleware better conforms to the body close specification o Updated language for the body close specification o Additional notes regarding ECMA escape compatibility issues o Fix the parsing of multiple ranges in range headers Security Issue references: * CVE-2013-0184 * CVE-2013-0183 * CVE-2012-6109 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rack-13-201302-7387 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.3.10]: rubygem-rack-1_3-1.3.10-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-6109.html http://support.novell.com/security/cve/CVE-2013-0183.html http://support.novell.com/security/cve/CVE-2013-0184.html https://bugzilla.novell.com/798452 https://bugzilla.novell.com/802794 http://download.novell.com/patch/finder/?keywords=79d7c27e638d31315b618ea99bba68b5 From sle-updates at lists.suse.com Wed Feb 27 16:12:30 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2013 00:12:30 +0100 (CET) Subject: SUSE-SU-2013:0356-1: Security update for freeradius Message-ID: <20130227231230.DC09B27FF2@maintenance.suse.de> SUSE Security Update: Security update for freeradius ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0356-1 Rating: low References: #791666 #797313 #797515 Cross-References: CVE-2011-4966 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for freeradius-server provides the following fixes and improvements: * Increase the vendor IDs limit from 32767 to 65535 (bnc#791666) * Fix issues with escaping special characters in password (bnc#797515) * Respect expired passwords and accounts when using the unix module (bnc#797313, CVE-2011-4966). Security Issue reference: * CVE-2011-4966 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-freeradius-server-7255 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-freeradius-server-7255 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-freeradius-server-7255 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): freeradius-server-devel-2.1.1-7.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): freeradius-server-libs-2.1.1-7.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): freeradius-server-2.1.1-7.16.1 freeradius-server-dialupadmin-2.1.1-7.16.1 freeradius-server-doc-2.1.1-7.16.1 freeradius-server-libs-2.1.1-7.16.1 freeradius-server-utils-2.1.1-7.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): freeradius-server-2.1.1-7.16.1 freeradius-server-dialupadmin-2.1.1-7.16.1 freeradius-server-doc-2.1.1-7.16.1 freeradius-server-libs-2.1.1-7.16.1 freeradius-server-utils-2.1.1-7.16.1 References: http://support.novell.com/security/cve/CVE-2011-4966.html https://bugzilla.novell.com/791666 https://bugzilla.novell.com/797313 https://bugzilla.novell.com/797515 http://download.novell.com/patch/finder/?keywords=c09f1d0d2b389b545c1794dcce83fc3f From sle-updates at lists.suse.com Wed Feb 27 17:04:28 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2013 01:04:28 +0100 (CET) Subject: SUSE-RU-2013:0357-1: Recommended update for ethtool Message-ID: <20130228000428.32947320A9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0357-1 Rating: low References: #797141 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ethtool improves reporting of port types from BladeCenter backplanes (KX and KX4 PHY modes). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ethtool-7239 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ethtool-7239 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ethtool-7239 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ethtool-6.2.6.39-0.13.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ethtool-6.2.6.39-0.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ethtool-6.2.6.39-0.13.1 References: https://bugzilla.novell.com/797141 http://download.novell.com/patch/finder/?keywords=c291bea34ae4d8bf6227a9b71fc3a409 From sle-updates at lists.suse.com Wed Feb 27 18:06:07 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2013 02:06:07 +0100 (CET) Subject: SUSE-SU-2013:0358-1: moderate: Security update for nagios Message-ID: <20130228010607.662DD320EE@maintenance.suse.de> SUSE Security Update: Security update for nagios ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0358-1 Rating: moderate References: #797237 Cross-References: CVE-2012-6096 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a stack overflow in the nagios web interface. CVE-2012-6096 has been assigned. Security Issue reference: * CVE-2012-6096 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nagios-7328 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nagios-7328 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nagios-7328 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.28.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): nagios-3.0.6-1.25.28.1 nagios-www-3.0.6-1.25.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): nagios-3.0.6-1.25.28.1 nagios-www-3.0.6-1.25.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.28.1 nagios-www-3.0.6-1.25.28.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): nagios-2.6-13.26.1 nagios-www-2.6-13.26.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): nagios-2.6-13.26.1 nagios-www-2.6-13.26.1 References: http://support.novell.com/security/cve/CVE-2012-6096.html https://bugzilla.novell.com/797237 http://download.novell.com/patch/finder/?keywords=58280511183f6adc88f9f9652a8b466a http://download.novell.com/patch/finder/?keywords=c415b3faaa5c48714f260b9d0773f56a From sle-updates at lists.suse.com Thu Feb 28 14:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2013 22:04:24 +0100 (CET) Subject: SUSE-SU-2013:0373-1: critical: Security update for flash-player Message-ID: <20130228210424.642BC3213D@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0373-1 Rating: critical References: #806415 Cross-References: CVE-2013-0504 CVE-2013-0643 CVE-2013-0648 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: flash-player has been updated to 11.2.202.273 security update, which fixes several critical security bugs that could have been used by remote attackers to execute code. (CVE-2013-0504, CVE-2013-0643, CVE-2013-0648) More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-08.h tml Security Issue references: * CVE-2013-0504 * CVE-2013-0643 * CVE-2013-0648 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7431 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.273]: flash-player-11.2.202.273-0.3.1 flash-player-gnome-11.2.202.273-0.3.1 flash-player-kde4-11.2.202.273-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.273]: flash-player-11.2.202.273-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0504.html http://support.novell.com/security/cve/CVE-2013-0643.html http://support.novell.com/security/cve/CVE-2013-0648.html https://bugzilla.novell.com/806415 http://download.novell.com/patch/finder/?keywords=3b0ce797a974270691c8512e9146c1aa http://download.novell.com/patch/finder/?keywords=a0a5cec2633ced7db377f47303f4af19