From sle-updates at lists.suse.com Mon Jun 3 10:04:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2013 18:04:08 +0200 (CEST) Subject: SUSE-RU-2013:0855-1: Recommended update for snipl Message-ID: <20130603160408.5B9FE32172@maintenance.suse.de> SUSE Recommended Update: Recommended update for snipl ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0855-1 Rating: low References: #789358 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for snipl upgrades hwmcaapi to 2.12.0, which fixes an issue with handling partial event data remaining on a closed socket (bnc #789358). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-snipl-7778 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (s390x): snipl-0.2.2.1-0.7.3.1 - SUSE Linux Enterprise Server 10 SP4 (s390x): snipl-0.2.1.9-0.16.1 - SLE SDK 10 SP4 (s390x): snipl-0.2.1.9-0.16.1 References: https://bugzilla.novell.com/789358 http://download.novell.com/patch/finder/?keywords=4c196523b212c06813c7f42c31347cc7 http://download.novell.com/patch/finder/?keywords=967fdc0eef195894a7d46a372d30fd93 From sle-updates at lists.suse.com Tue Jun 4 15:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2013 23:04:09 +0200 (CEST) Subject: SUSE-SU-2013:0856-1: important: Security update for Linux kernel Message-ID: <20130604210410.018413216A@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0856-1 Rating: important References: #760753 #789831 #790236 #810628 #812317 #813735 #815745 #817666 #818337 #819403 Cross-References: CVE-2012-4444 CVE-2013-1928 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 10 SP4 kernel has been updated to fix various bugs and security issues. Security issues fixed: * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. Also the following bugs have been fixed: * hugetlb: Fix regression introduced by the original patch (bnc#790236, bnc#819403). * NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337). * Fix package descriptions in specfiles (bnc#817666). * TTY: fix atime/mtime regression (bnc#815745). * virtio_net: ensure big packets are 64k (bnc#760753). * virtio_net: refill rx buffers when oom occurs (bnc#760753). * qeth: fix qeth_wait_for_threads() deadlock for OSN devices (bnc#812317, LTC#90910). * nfsd: remove unnecessary NULL checks from nfsd_cross_mnt (bnc#810628). * knfsd: Fixed problem with NFS exporting directories which are mounted on (bnc#810628). Security Issue references: * CVE-2012-4444 * CVE-2013-1928 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): kernel-default-2.6.16.60-0.103.1 kernel-source-2.6.16.60-0.103.1 kernel-syms-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): kernel-smp-2.6.16.60-0.103.1 kernel-xen-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.103.1 kernel-kdumppae-2.6.16.60-0.103.1 kernel-vmi-2.6.16.60-0.103.1 kernel-vmipae-2.6.16.60-0.103.1 kernel-xenpae-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): kernel-iseries64-2.6.16.60-0.103.1 kernel-ppc64-2.6.16.60-0.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): kernel-default-2.6.16.60-0.103.1 kernel-smp-2.6.16.60-0.103.1 kernel-source-2.6.16.60-0.103.1 kernel-syms-2.6.16.60-0.103.1 kernel-xen-2.6.16.60-0.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.103.1 kernel-xenpae-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 x86_64): kernel-xen-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586): kernel-xenpae-2.6.16.60-0.103.1 References: http://support.novell.com/security/cve/CVE-2012-4444.html http://support.novell.com/security/cve/CVE-2013-1928.html https://bugzilla.novell.com/760753 https://bugzilla.novell.com/789831 https://bugzilla.novell.com/790236 https://bugzilla.novell.com/810628 https://bugzilla.novell.com/812317 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/817666 https://bugzilla.novell.com/818337 https://bugzilla.novell.com/819403 http://download.novell.com/patch/finder/?keywords=42590e04eddb51fa31379710deb16611 http://download.novell.com/patch/finder/?keywords=4f3691ec5a62d5e0a58b289de36e7ba5 http://download.novell.com/patch/finder/?keywords=60a0921c1bb3961c00333f60f45fee0b http://download.novell.com/patch/finder/?keywords=806641e6eb093ae891357f0c47c7e76f http://download.novell.com/patch/finder/?keywords=b108e81194a14724506e0d40a5303d13 From sle-updates at lists.suse.com Tue Jun 4 16:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2013 00:04:14 +0200 (CEST) Subject: SUSE-SU-2013:0857-1: Security update for xorg-x11-server Message-ID: <20130604220414.BD11E32168@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0857-1 Rating: low References: #814653 Cross-References: CVE-2013-1940 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. This update fixes this issue. CVE-2013-1940 has been assigned to this issue. Security Issue reference: * CVE-2013-1940 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): xorg-x11-server-6.9.0-50.82.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xorg-x11-server-6.9.0-50.82.1 References: http://support.novell.com/security/cve/CVE-2013-1940.html https://bugzilla.novell.com/814653 http://download.novell.com/patch/finder/?keywords=69cb26f8a0705fcf17f6341d54cdb9e1 From sle-updates at lists.suse.com Tue Jun 4 16:04:18 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2013 00:04:18 +0200 (CEST) Subject: SUSE-SU-2013:0858-1: Security update for glibc Message-ID: <20130604220418.A4D8732168@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0858-1 Rating: low References: #691365 #796982 #805899 #810637 #813121 Cross-References: CVE-2013-1914 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This collective update for the GNU C library (glibc) provides the following fixes: * Fix stack overflow in getaddrinfo with many results (bnc#813121, CVE-2013-1914) * Fix locking in _IO_cleanup (bnc#796982) * Fix buffer overflow in glob (bnc#691365) * Fix memory leak in execve (bnc#805899) Security Issue reference: * CVE-2013-1914 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 i686 ia64 ppc s390x x86_64): glibc-2.4-31.109.1 glibc-devel-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-html-2.4-31.109.1 glibc-i18ndata-2.4-31.109.1 glibc-info-2.4-31.109.1 glibc-locale-2.4-31.109.1 glibc-profile-2.4-31.109.1 nscd-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): glibc-32bit-2.4-31.109.1 glibc-devel-32bit-2.4-31.109.1 glibc-locale-32bit-2.4-31.109.1 glibc-profile-32bit-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): glibc-locale-x86-2.4-31.109.1 glibc-profile-x86-2.4-31.109.1 glibc-x86-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): glibc-64bit-2.4-31.109.1 glibc-devel-64bit-2.4-31.109.1 glibc-locale-64bit-2.4-31.109.1 glibc-profile-64bit-2.4-31.109.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 i686 x86_64): glibc-2.4-31.109.1 glibc-devel-2.4-31.109.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): glibc-html-2.4-31.109.1 glibc-i18ndata-2.4-31.109.1 glibc-info-2.4-31.109.1 glibc-locale-2.4-31.109.1 nscd-2.4-31.109.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): glibc-32bit-2.4-31.109.1 glibc-devel-32bit-2.4-31.109.1 glibc-locale-32bit-2.4-31.109.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-dceext-2.4-31.109.1 glibc-html-2.4-31.109.1 glibc-profile-2.4-31.109.1 - SLE SDK 10 SP4 (s390x x86_64): glibc-dceext-32bit-2.4-31.109.1 glibc-profile-32bit-2.4-31.109.1 - SLE SDK 10 SP4 (ia64): glibc-dceext-x86-2.4-31.109.1 glibc-profile-x86-2.4-31.109.1 - SLE SDK 10 SP4 (ppc): glibc-dceext-64bit-2.4-31.109.1 glibc-profile-64bit-2.4-31.109.1 References: http://support.novell.com/security/cve/CVE-2013-1914.html https://bugzilla.novell.com/691365 https://bugzilla.novell.com/796982 https://bugzilla.novell.com/805899 https://bugzilla.novell.com/810637 https://bugzilla.novell.com/813121 http://download.novell.com/patch/finder/?keywords=4ca050db7cee063070fd004b2b257e13 From sle-updates at lists.suse.com Tue Jun 4 17:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2013 01:04:10 +0200 (CEST) Subject: SUSE-SU-2013:0859-1: Security update for Xorg Message-ID: <20130604230410.16EC732157@maintenance.suse.de> SUSE Security Update: Security update for Xorg ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0859-1 Rating: low References: #787170 #813178 #813683 #814653 Cross-References: CVE-2013-1940 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update of xorg-x11-server fixes one security issue and two bugs. In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. (CVE-2013-1940) Also the following bugs have been fixed: * A memory leak in cursor handling could slowly run the X server out of memory. (bnc#813178) * A memory leak in the X GE extension has been fixed that could have also run the X server out of memory (bnc#813683) * A CAPS lock issue in VNC has been fixed (bnc#787170) Security Issue reference: * CVE-2013-1940 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-Xvnc-7761 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-Xvnc-7761 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-Xvnc-7761 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-Xvnc-7761 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.70.72.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.72.1 xorg-x11-server-7.4-27.70.72.1 xorg-x11-server-extra-7.4-27.70.72.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.70.72.1 xorg-x11-server-7.4-27.70.72.1 xorg-x11-server-extra-7.4-27.70.72.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.72.1 xorg-x11-server-7.4-27.70.72.1 xorg-x11-server-extra-7.4-27.70.72.1 References: http://support.novell.com/security/cve/CVE-2013-1940.html https://bugzilla.novell.com/787170 https://bugzilla.novell.com/813178 https://bugzilla.novell.com/813683 https://bugzilla.novell.com/814653 http://download.novell.com/patch/finder/?keywords=ee7d716a9cc2dd9dfba74c7d65aba753 From sle-updates at lists.suse.com Wed Jun 5 07:04:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2013 15:04:08 +0200 (CEST) Subject: SUSE-RU-2013:0864-1: Recommended update for gstreamer Message-ID: <20130605130408.D318532159@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0864-1 Rating: low References: #458213 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the GStreamer plug-ins enhances detection of double-byte character sets in the meta-data of music files (bnc#458213). Additionally an issue has been fixed which avoids artifacts caused by the edge effect (bnc#749974). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gstreamer-plugins-7752 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gstreamer-plugins-7752 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gstreamer-plugins-7752 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gstreamer-0_10-plugins-good-0.10.30-5.12.1 gstreamer-0_10-plugins-good-doc-0.10.30-5.12.1 gstreamer-0_10-plugins-good-lang-0.10.30-5.12.1 gstreamer-0_10-plugins-v4l-0.10.30-0.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-good-0.10.30-5.12.1 gstreamer-0_10-plugins-good-doc-0.10.30-5.12.1 gstreamer-0_10-plugins-good-lang-0.10.30-5.12.1 gstreamer-0_10-plugins-v4l-0.10.30-0.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gstreamer-0_10-plugins-good-0.10.30-5.12.1 gstreamer-0_10-plugins-good-lang-0.10.30-5.12.1 gstreamer-0_10-plugins-v4l-0.10.30-0.12.1 References: https://bugzilla.novell.com/458213 http://download.novell.com/patch/finder/?keywords=518810cc87ce9d3359021047da5cf842 From sle-updates at lists.suse.com Thu Jun 6 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2013 20:04:09 +0200 (CEST) Subject: SUSE-RU-2013:0866-1: Some packages need to appear in SLED 11 SP3 Unsupported Extra channel Message-ID: <20130606180409.DEBA332172@maintenance.suse.de> SUSE Recommended Update: Some packages need to appear in SLED 11 SP3 Unsupported Extra channel ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0866-1 Rating: low References: #801259 Affected Products: SLE 11 DESKTOP Unsupported Extras ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: - #801259: Some packages need to appear in SLED 11 SP3 Unsupported Extra channel Package List: - SLE 11 DESKTOP Unsupported Extras (i586 x86_64): atk-devel-1.28.0-1.4.40 cairo-devel-1.8.8-2.1.48 compat-wireless-kmp-trace-3.6.8_3.0.76_0.9-0.21.23 conglomerate-0.9.1-281.33 conglomerate-lang-0.9.1-281.33 fontconfig-devel-2.6.0-10.15.26 freetype2-devel-2.3.7-25.32.1 gcc-java-4.3-62.198 gcc43-java-4.3.4_20091019-0.37.46 gtk2-devel-2.18.9-0.23.63 iscsitarget-kmp-trace-1.4.20_3.0.76_0.9-0.34.25 kernel-trace-3.0.76-0.9.1 kernel-trace-base-3.0.76-0.9.1 kernel-trace-extra-3.0.76-0.9.1 libart_lgpl-devel-2.3.20-46.16.43 libgcj-devel-4.3-62.198 libgcj43-devel-4.3.4_20091019-0.37.46 libpciaccess0-devel-7.4_0.11.0-0.4.6.17 libpixman-1-0-devel-0.24.4-0.11.1 libpng-devel-1.2.31-5.31.1 ndiswrapper-kmp-trace-1.57rc1_3.0.76_0.9-0.14.36 pango-devel-1.26.2-1.3.86 xen-kmp-trace-4.2.2_04_3.0.76_0.9-0.7.4 xorg-x11-devel-7.4-8.26.32.53 xorg-x11-fonts-devel-7.4-1.15 xorg-x11-libICE-devel-7.4-1.15 xorg-x11-libSM-devel-7.4-1.18 xorg-x11-libX11-devel-7.4-5.9.4 xorg-x11-libXau-devel-7.4-1.15 xorg-x11-libXdmcp-devel-7.4-1.15 xorg-x11-libXext-devel-7.4-1.18.1 xorg-x11-libXfixes-devel-7.4-1.16.1 xorg-x11-libXmu-devel-7.4-1.17 xorg-x11-libXp-devel-7.4-1.16.1 xorg-x11-libXpm-devel-7.4-1.17 xorg-x11-libXprintUtil-devel-7.4-1.17 xorg-x11-libXrender-devel-7.4-1.16.1 xorg-x11-libXt-devel-7.4-1.19.1 xorg-x11-libXv-devel-7.4-1.16.1 xorg-x11-libfontenc-devel-7.4-1.15 xorg-x11-libxcb-devel-7.4-1.29.1 xorg-x11-libxkbfile-devel-7.4-1.14 xorg-x11-proto-devel-7.4-1.35.47 xorg-x11-util-devel-7.4-1.15 xorg-x11-xtrans-devel-7.4-4.25.46 zlib-devel-1.2.7-0.10.128 - SLE 11 DESKTOP Unsupported Extras (x86_64): novfs-kmp-trace-1_3.0.76_0.9-0.26.36 - SLE 11 DESKTOP Unsupported Extras (noarch): kde3-i18n-af-3.5.10-18.6.2 kde3-i18n-ca-3.5.10-18.6.2 kde3-i18n-da-3.5.10-18.6.2 kde3-i18n-fi-3.5.10-18.6.2 kde3-i18n-hi-3.5.10-18.6.2 kde3-i18n-nn-3.5.10-18.6.2 kde3-i18n-sk-3.5.10-18.6.2 kde4-l10n-ca-4.3.5-0.2.58 kde4-l10n-fi-4.3.5-0.2.58 kde4-l10n-hi-4.3.5-0.2.58 kde4-l10n-nn-4.3.5-0.2.58 - SLE 11 DESKTOP Unsupported Extras (i586): novfs-kmp-trace-1_3.0.76_0.9-0.27.2 References: https://bugzilla.novell.com/801259 http://download.novell.com/patch/finder/?keywords=5950c22f0ef66bdc480b8adfe9708f62 From sle-updates at lists.suse.com Fri Jun 7 08:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2013 16:04:09 +0200 (CEST) Subject: SUSE-RU-2013:0867-1: Recommended update for SUSE Lifecycle Management Server Message-ID: <20130607140409.8C8C027F91@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Lifecycle Management Server ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0867-1 Rating: low References: #805845 #811703 #817156 #817158 #821391 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes two new package versions. Description: This collective update for SLMS provides the following fixes: * Fix inconsistent database after migration to 1.3 where appliance is not adapted in Studio and then deleted even if it contains nodes in SLMS (bnc#817156) * Fix registration of appliance that contain its architecture as a suffix (bnc#817158) * Update link to WebYaST registration module (bnc#805845) Additionally, yast2-slms-server has been fixed to correctly detect when a system is registered against SUSE Manager. (bnc#811703) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-201305-7759 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.2 and 2.17.42]: slms-1.3.2-0.5.2 slms-core-1.3.2-0.5.2 slms-customer-center-1.3.2-0.5.2 slms-devel-doc-1.3.2-0.5.2 slms-external-1.3.2-0.5.2 slms-registration-1.3.2-0.5.2 slms-testsuite-1.3.2-0.5.2 yast2-slms-server-2.17.42-0.5.3 References: https://bugzilla.novell.com/805845 https://bugzilla.novell.com/811703 https://bugzilla.novell.com/817156 https://bugzilla.novell.com/817158 https://bugzilla.novell.com/821391 http://download.novell.com/patch/finder/?keywords=446caec405c5d075d560d9ca0669f5eb From sle-updates at lists.suse.com Fri Jun 7 14:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2013 22:04:09 +0200 (CEST) Subject: SUSE-RU-2013:0868-1: Recommended update for udev Message-ID: <20130607200409.70AE332234@maintenance.suse.de> SUSE Recommended Update: Recommended update for udev ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0868-1 Rating: low References: #703100 #791503 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for udev provides the following fixes and enhancements: * Automatically online CPUs on CPU hotplug add events (bnc#703100, FATE#311831) * Use unique names for temporary files created in /dev (bnc#791503) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libgudev-1_0-0-7500 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libgudev-1_0-0-7500 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libgudev-1_0-0-7500 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libgudev-1_0-0-7500 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgudev-1_0-devel-147-0.69.69.1 libudev-devel-147-0.69.69.1 libudev0-147-0.69.69.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libgudev-1_0-0-147-0.69.69.1 libudev0-147-0.69.69.1 udev-147-0.69.69.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgudev-1_0-0-32bit-147-0.69.69.1 libudev0-32bit-147-0.69.69.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgudev-1_0-0-147-0.69.69.1 libudev0-147-0.69.69.1 udev-147-0.69.69.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgudev-1_0-0-32bit-147-0.69.69.1 libudev0-32bit-147-0.69.69.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgudev-1_0-0-x86-147-0.69.69.1 libudev0-x86-147-0.69.69.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libgudev-1_0-0-147-0.69.69.1 libudev0-147-0.69.69.1 udev-147-0.69.69.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgudev-1_0-0-32bit-147-0.69.69.1 libudev0-32bit-147-0.69.69.1 References: https://bugzilla.novell.com/703100 https://bugzilla.novell.com/791503 http://download.novell.com/patch/finder/?keywords=0518d385afb1b5f85dbb05a7b9ab3306 From sle-updates at lists.suse.com Fri Jun 7 15:04:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2013 23:04:08 +0200 (CEST) Subject: SUSE-RU-2013:0869-1: moderate: Recommended update for autofs5 Message-ID: <20130607210408.CEED927F30@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0869-1 Rating: moderate References: #772698 #777399 #783651 #799873 #801808 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This collective update for AutoFS provides fixes for the following issues: * AutoFS might have scheduled a new periodic alarm every time it receives a SIGHUP (reload) or a SIGUSR1 (force expire) signal. These alarms were never deleted and increased the number of times the daemon woke up to run the expiration procedure. (bnc#783651) * In some configurations, the automount daemon might have failed to read new entries from the master map after receiving a reload signal. (bnc#799873) * When a direct mount was broken up into multiple sub-mounts and the daemon was reloaded to re-read the new configuration, AutoFS might have kept a reference to the old path and leaked one file descriptor. (bnc#772698) * In some configurations that use nested sub-mounts, a busy volume might have prevented AutoFS from expiring other mounts (bnc#801808) * In setups that use several direct mounts, a race condition could have caused intermittent failures when trying to access files in auto-mounted volumes. (bnc#777399) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): autofs5-5.0.5-0.22.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): autofs5-5.0.5-0.22.2 References: https://bugzilla.novell.com/772698 https://bugzilla.novell.com/777399 https://bugzilla.novell.com/783651 https://bugzilla.novell.com/799873 https://bugzilla.novell.com/801808 http://download.novell.com/patch/finder/?keywords=a12bedf67a8d0cd938caebebba78499c From sle-updates at lists.suse.com Mon Jun 10 07:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jun 2013 15:04:09 +0200 (CEST) Subject: SUSE-SU-2013:0871-1: important: Security update for IBM Java 1.7.0 Message-ID: <20130610130409.233C232236@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.7.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0871-1 Rating: important References: #592934 #819285 #819288 Cross-References: CVE-2013-0401 CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 CVE-2013-2435 CVE-2013-2440 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: IBM Java 1.7.0 has been updated to SR4-FP2 which fixes several bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-2422 * CVE-2013-1491 * CVE-2013-2435 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2440 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-1563 * CVE-2013-2394 * CVE-2013-0401 * CVE-2013-2424 * CVE-2013-2419 * CVE-2013-2417 * CVE-2013-2418 * CVE-2013-1540 * CVE-2013-2433 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_7_0-ibm-7794 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_7_0-ibm-7794 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_7_0-ibm-7794 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_7_0-ibm-7794 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-devel-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-0401.html http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1540.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1563.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2418.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2422.html http://support.novell.com/security/cve/CVE-2013-2424.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html http://support.novell.com/security/cve/CVE-2013-2433.html http://support.novell.com/security/cve/CVE-2013-2435.html http://support.novell.com/security/cve/CVE-2013-2440.html https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819285 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=d3017524ccf7b5f89497ba09ca013416 From sle-updates at lists.suse.com Mon Jun 10 07:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jun 2013 15:04:13 +0200 (CEST) Subject: SUSE-SU-2013:0835-2: important: Security update for Java 1.5.0 Message-ID: <20130610130413.4717232295@maintenance.suse.de> SUSE Security Update: Security update for Java 1.5.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0835-2 Rating: important References: #592934 #819288 Cross-References: CVE-2013-0401 CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 CVE-2013-2435 CVE-2013-2440 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: IBM Java 1.5.0 has been updated to SR13-FP2 which fixes several bugs and security issues. For more details see: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issues: * CVE-2013-2422 * CVE-2013-1491 * CVE-2013-2435 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2440 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-1563 * CVE-2013-2394 * CVE-2013-0401 * CVE-2013-2424 * CVE-2013-2419 * CVE-2013-2417 * CVE-2013-2418 * CVE-2013-1540 * CVE-2013-2433 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_5_0-ibm-jdbc-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_5_0-ibm-64bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (ppc): java-1_5_0-ibm-jdbc-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): java-1_5_0-ibm-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-demo-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-src-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.2-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0401.html http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1540.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1563.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2418.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2422.html http://support.novell.com/security/cve/CVE-2013-2424.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html http://support.novell.com/security/cve/CVE-2013-2433.html http://support.novell.com/security/cve/CVE-2013-2435.html http://support.novell.com/security/cve/CVE-2013-2440.html https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=a36ba08c692a30308a29e6242e31eea2 From sle-updates at lists.suse.com Mon Jun 10 10:09:20 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jun 2013 18:09:20 +0200 (CEST) Subject: SUSE-SU-2013:0934-1: important: Security update for Java 1.4.2 Message-ID: <20130610160920.38DBE32240@maintenance.suse.de> SUSE Security Update: Security update for Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0934-1 Rating: important References: #494536 #592934 #819288 Cross-References: CVE-2013-1491 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP2 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: IBM Java 1.4.2 has been updated to SR13-FP17 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-1491 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-2394 * CVE-2013-2419 * CVE-2013-2417 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_4_2-ibm-7793 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_4_2-ibm-7793 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_4_2-ibm-7793 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_4_2-ibm-7793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html https://bugzilla.novell.com/494536 https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=8498417876678ff676fabbcad8fe7baa http://download.novell.com/patch/finder/?keywords=f3aefaa5ff17f24bea6179229c3c9ceb From sle-updates at lists.suse.com Mon Jun 10 12:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jun 2013 20:04:11 +0200 (CEST) Subject: SUSE-RU-2013:0996-1: Recommended update for lvm2 Message-ID: <20130610180411.D164332241@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:0996-1 Rating: low References: #748617 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The following issue has been fixed: * SLE-10-SP4 LVM2 pvmove event deregistration failed: No such device (bnc#748617) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): lvm2-2.02.17-7.40.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): lvm2-2.02.17-7.40.1 References: https://bugzilla.novell.com/748617 http://download.novell.com/patch/finder/?keywords=8a22a949ca9237e5c8b8d8efb8a1d25e From sle-updates at lists.suse.com Tue Jun 11 12:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2013 20:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1000-1: Recommended update for crowbar-barclamp-crowbar and crowbar-barclamp-nova Message-ID: <20130611180410.1567B32286@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-crowbar and crowbar-barclamp-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1000-1 Rating: low References: #798997 #804148 #806139 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for barclamp-nova and barclamp-crowbar provides the following fixes: * Add support for float values in update_value() helper. (bnc#806139) * Add three options to barclamp UI and handle them in chef too. (bnc#806139) * Fix Javascript listing the volumes. (bnc#804148) * Use public names when possible in /root/.openrc. (bnc#798997) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-crowbar-barclamp-201305-7747 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (noarch): crowbar-barclamp-crowbar-1.2+git.1368790381.d349fcf-0.5.1 crowbar-barclamp-nova-1.2+git.1368789925.e035f0b-0.5.1 References: https://bugzilla.novell.com/798997 https://bugzilla.novell.com/804148 https://bugzilla.novell.com/806139 http://download.novell.com/patch/finder/?keywords=ce75e9f5d0d82a9cb658dd6736c6e5d0 From sle-updates at lists.suse.com Tue Jun 11 12:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2013 20:04:14 +0200 (CEST) Subject: SUSE-RU-2013:1001-1: important: Recommended update for supportutils Message-ID: <20130611180414.66AF232295@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1001-1 Rating: important References: #791316 #791380 #791412 #791957 #793471 #793972 #795148 #801242 #805368 #807778 #809919 #814124 #816604 #821979 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update fixes the following issues: supportconfig: 2.25-370 * added OES override to -i includes * added ip6tables to network.txt (bnc#821979) * optmized slp findsrvtypes * plugins removed from timed_log_cmd * added -w to supportconfig(8) * added VAR_OPTION_WAIT_TRACE to supportconfig.conf(5) * added wait trace verbose logging when using -w (bnc#816604) * added /etc/logrotate.d/* to etc.txt (bnc#814124) * uses curl instead of ftp for ftp uploads supportconfig: 2.25-359 * fixed the missing messages.txt file supportconfig: 2.25-358 * fixed invalid call to logger when plugin times out (bnc#805368) * OES functions run if OESFOUND, otherwise omitted * updated supportconfig(5) with OPTION_PROXY * added Novell Proxy Management with OPTION_PROXY for novell-proxymgmt.txt (bnc#809919) * added /sys/kernel/mm/transparent_hugepage/* to memory.txt (bnc#807778) * added nsswitch.conf to sssd.txt supportconfig: 2.25-350 * fixed sssd not skipping * updated supportconfig(5) with OPTION_BTRFS * added btrfs with OPTION_BTRFS for fs-btrfs.txt * updated supportconfig.conf(5) with OPTION_SSSD * added sssd with OPTION_SSSD for sssd.txt (bnc#801242) * added lpstat on a timer (bnc#795148) * fixed CONFIG_DNS_LDAP_USER_CONTEXT error (bnc#793972) * fixed apparmor DENIED messages (bnc#793471) * added ip connectivity tests (bnc#791316) * fixed SLED detection in summary.xml (bnc#791380) * added privacy disclaimer to title and supportconfig.txt (bnc#791957) * fixed products tag in summary.xml (bnc#791412) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-supportutils-7807 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-supportutils-7807 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-supportutils-7807 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): supportutils-1.20-0.28.73.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): supportutils-1.20-0.28.73.1 - SUSE Linux Enterprise Server 10 SP4 (noarch): supportutils-1.20-0.73.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): supportutils-1.20-0.28.73.1 - SUSE Linux Enterprise Desktop 10 SP4 (noarch): supportutils-1.20-0.73.1 References: https://bugzilla.novell.com/791316 https://bugzilla.novell.com/791380 https://bugzilla.novell.com/791412 https://bugzilla.novell.com/791957 https://bugzilla.novell.com/793471 https://bugzilla.novell.com/793972 https://bugzilla.novell.com/795148 https://bugzilla.novell.com/801242 https://bugzilla.novell.com/805368 https://bugzilla.novell.com/807778 https://bugzilla.novell.com/809919 https://bugzilla.novell.com/814124 https://bugzilla.novell.com/816604 https://bugzilla.novell.com/821979 http://download.novell.com/patch/finder/?keywords=6a13c92229943e1499e6092e12e1a9ee http://download.novell.com/patch/finder/?keywords=7e518cf51c49ce737b82eda920c67bc2 From sle-updates at lists.suse.com Tue Jun 11 12:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2013 20:04:17 +0200 (CEST) Subject: SUSE-RU-2013:1002-1: Recommended update for openais Message-ID: <20130611180417.A837B32295@maintenance.suse.de> SUSE Recommended Update: Recommended update for openais ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1002-1 Rating: low References: #812967 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds missing start and stop dependencies on rpcbind and portmap to openais initialization script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-libopenais-devel-7699 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): libopenais-devel-1.1.4-5.8.7.1 libopenais3-1.1.4-5.8.7.1 openais-1.1.4-5.8.7.1 References: https://bugzilla.novell.com/812967 http://download.novell.com/patch/finder/?keywords=a64cb5fa7cdc4e98939848e3b77e5b33 From sle-updates at lists.suse.com Tue Jun 11 14:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2013 22:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1003-1: Recommended update for lxc Message-ID: <20130611200410.4B77F32286@maintenance.suse.de> SUSE Recommended Update: Recommended update for lxc ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1003-1 Rating: low References: #776169 #789387 #808219 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Linux Containers (lxc) includes the following improvements and fixes: * Pin container's root file system to prevent read-only remount (bnc#808219) * Ensure configuration with no lxc.network.ipv4 line (but lxc.network.type line) is detected as DHCP config (bnc#776169) * Use relative paths for container mount points (bnc#789387) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-lxc-7762 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-lxc-7762 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-lxc-7762 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): lxc-devel-0.7.5-1.29.4 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): lxc-0.7.5-1.29.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): lxc-0.7.5-1.29.4 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): lxc-0.7.5-1.29.4 References: https://bugzilla.novell.com/776169 https://bugzilla.novell.com/789387 https://bugzilla.novell.com/808219 http://download.novell.com/patch/finder/?keywords=f910350475223815743b91318bf776e9 From sle-updates at lists.suse.com Wed Jun 12 16:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2013 00:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1004-1: Recommended update for OFED Message-ID: <20130612220410.6088832236@maintenance.suse.de> SUSE Recommended Update: Recommended update for OFED ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1004-1 Rating: low References: #738883 #773159 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: OFED has been updated to fix compatibility issues with the latest SUSE Linux Enterprise kernels that might have lead to crashes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cxgb3-firmware-7533 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cxgb3-firmware-7533 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cxgb3-firmware-7533 - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-cxgb3-firmware-7533 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 x86_64): ofed-devel-1.5.2-0.28.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): cxgb3-firmware-1.5.2-0.28.28.1 ofed-1.5.2-0.28.28.1 ofed-doc-1.5.2-0.28.28.1 ofed-kmp-default-1.5.2_3.0.58_0.6.6-0.28.28.1 ofed-kmp-trace-1.5.2_3.0.58_0.6.6-0.28.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): ofed-kmp-pae-1.5.2_3.0.58_0.6.6-0.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 x86_64): cxgb3-firmware-1.5.2-0.28.28.1 ofed-1.5.2-0.28.28.1 ofed-doc-1.5.2-0.28.28.1 ofed-kmp-default-1.5.2_3.0.58_0.6.6-0.28.28.1 ofed-kmp-trace-1.5.2_3.0.58_0.6.6-0.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64): ofed-kmp-ppc64-1.5.2_3.0.58_0.6.6-0.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586): ofed-kmp-pae-1.5.2_3.0.58_0.6.6-0.28.28.1 - SUSE Linux Enterprise Real Time 11 SP2 (x86_64): ofed-kmp-rt-1.5.2_3.0.61_rt85_0.7-0.28.28.1 ofed-kmp-rt_trace-1.5.2_3.0.61_rt85_0.7-0.28.28.1 References: https://bugzilla.novell.com/738883 https://bugzilla.novell.com/773159 http://download.novell.com/patch/finder/?keywords=2a44555e31aef1de7a6268163e9a6597 From sle-updates at lists.suse.com Fri Jun 14 18:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jun 2013 02:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1017-1: Recommended update for gnome-session Message-ID: <20130615000410.C2921321C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1017-1 Rating: low References: #810952 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-session fixes parsing of GNOME's auto-start settings on SUSE Linux Enterprise 10. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gnome-session-7750 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gnome-session-7750 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gnome-session-7750 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gnome-session-2.28.0-3.11.1 gnome-session-lang-2.28.0-3.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gnome-session-2.28.0-3.11.1 gnome-session-lang-2.28.0-3.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gnome-session-2.28.0-3.11.1 gnome-session-lang-2.28.0-3.11.1 References: https://bugzilla.novell.com/810952 http://download.novell.com/patch/finder/?keywords=db795f3fc82e094897d4bc3c25da1816 From sle-updates at lists.suse.com Mon Jun 17 07:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2013 15:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1022-1: important: kernel update for SLE11 SP2 Message-ID: <20130617130411.286D3320A9@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-1 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following bugs were fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - hyperv: use 3.4 as LIC version string (bnc#822431). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - xen/netback: do not disconnect frontend when seeing oversize packet. - xen/netfront: reduce gso_max_size to account for max TCP header. - xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - xfs: Fix kABI due to change in xfs_buf (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). - s390/ftrace: fix mcount adjustment (bnc#809895). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). - SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). - SUNRPC: Fix a UDP transport regression (bnc#800907). - SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). - SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). - SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). - md: cannot re-add disks after recovery (bnc#808647). - fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). - fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). - virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). - usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). - patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). - usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). - xhci: Fix TD size for isochronous URBs (bnc#818514). - ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). - ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). - xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). - xHCI: store rings type. - xhci: Fix hang on back-to-back Set TR Deq Ptr commands. - xHCI: check enqueue pointer advance into dequeue seg. - xHCI: store rings last segment and segment numbers. - xHCI: Allocate 2 segments for transfer ring. - xHCI: count free TRBs on transfer ring. - xHCI: factor out segments allocation and free function. - xHCI: update sg tablesize. - xHCI: set cycle state when allocate rings. - xhci: Reserve one command for USB3 LPM disable. - xHCI: dynamic ring expansion. - xhci: Do not warn on empty ring for suspended devices. - md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). - rpm/mkspec: Stop generating the get_release_number.sh file. - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. - rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. - mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - bonding: only use primary address for ARP (bnc#815444). - bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). - mm: speedup in __early_pfn_to_nid (bnc#810624). - TTY: fix atime/mtime regression (bnc#815745). - sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). - sched: harden rq rt usage accounting (bnc#769685, bnc#788590). - rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). - rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). - rcu: Fix detection of abruptly-ending stall (bnc#816586). - rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). - Update Xen patches to 3.0.74. - btrfs: do not re-enter when allocating a chunk. - btrfs: save us a read_lock. - btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: handle null fs_info in btrfs_panic(). - btrfs: fix varargs in __btrfs_std_error. - btrfs: fix the race between bio and btrfs_stop_workers. - btrfs: fix NULL pointer after aborting a transaction. - btrfs: fix infinite loop when we abort on mount. - xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). - xfs: fix buffer lookup race on allocation failure (bnc#763968). Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.80_0.5-0.14.57 ext4-writeable-kmp-trace-0_3.0.80_0.5-0.14.57 kernel-default-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.80_0.5-0.14.57 kernel-xen-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.80_0.5-0.14.57 kernel-ppc64-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.80_0.5-0.14.57 kernel-pae-extra-3.0.80-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=1018f7c366e9c225d36d59a46a715654 http://download.novell.com/patch/finder/?keywords=194150572b66acba0bd2fe984ac1bb85 http://download.novell.com/patch/finder/?keywords=4d1b612be3e99697ac75bce374505ffd http://download.novell.com/patch/finder/?keywords=ab0bba015edca85724d852aec52fcc83 http://download.novell.com/patch/finder/?keywords=d0f1f96c578d70a2f51205abe68393b3 From sle-updates at lists.suse.com Mon Jun 17 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1036-1: Security update for SUSE Studio Message-ID: <20130617210410.8992E321C0@maintenance.suse.de> SUSE Security Update: Security update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1036-1 Rating: low References: #803064 #803305 #803306 #803309 #804296 #804304 #804305 #804308 #804309 #804310 #804311 #808277 #810320 #813491 #813504 Cross-References: CVE-2012-6134 CVE-2013-0262 CVE-2013-0269 CVE-2013-0276 CVE-2013-1800 CVE-2013-1812 CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 6 fixes is now available. It includes one version update. Description: This update provides SUSE Studio version 1.3.1, which includes improvements, security fixes for gems studio packages and a few minor bug fixes. The changes in detail are: * #813491: susestudio 1.3 requires -devel packages * #813504: susestudio build might require internet connection for gems bundling * #810320: security issues in action pack an active record * #810320: rubygem-activerecord*: Symbol DoS vulnerability in Active Record [CVE-2013-1854] * #810320: rubygem-actionpack*: XSS vulnerability in sanitize_css in Action Pack [CVE-2013-1855] * #810320: rubygem-actionpack*: XSS Vulnerability in the sanitize helper of Ruby on Rails [CVE-2013-1857] * #804310: security flaws in crack [CVE-2013-1800] * #804304: ruby-openid security flaw [CVE-2013-1812] * #803309: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] * #803305: Circumvention of attr_protected [CVE-2013-0276] * #803064: security issue in rack [CVE-2013-0262] * #804308: omniauth-auth2 security flaw [CVE-2012-6134] * #804296: API builds change image_type if given * #808277: When updating onsite 1.3 services are not being restarted * #804309: omniauth-auth2 security flaw * #803306: Circumvention of attr_protected [CVE-2013-0276] * #804311: security flaw in crack * #804305: ruby-openid security flaw * #803064: security issue in rack. Security Issues: * CVE-2013-1854 * CVE-2013-1855 * CVE-2013-1857 * CVE-2013-1800 * CVE-2013-1812 * CVE-2013-0269 * CVE-2013-0276 * CVE-2013-0262 * CVE-2012-6134 * CVE-2013-0276 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-7721 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.1.0]: susestudio-1.3.1.0-0.5.2 susestudio-bundled-packages-1.3.1.0-0.5.2 susestudio-common-1.3.1.0-0.5.2 susestudio-runner-1.3.1.0-0.5.2 susestudio-sid-1.3.1.0-0.5.2 susestudio-ui-server-1.3.1.0-0.5.2 References: http://support.novell.com/security/cve/CVE-2012-6134.html http://support.novell.com/security/cve/CVE-2013-0262.html http://support.novell.com/security/cve/CVE-2013-0269.html http://support.novell.com/security/cve/CVE-2013-0276.html http://support.novell.com/security/cve/CVE-2013-1800.html http://support.novell.com/security/cve/CVE-2013-1812.html http://support.novell.com/security/cve/CVE-2013-1854.html http://support.novell.com/security/cve/CVE-2013-1855.html http://support.novell.com/security/cve/CVE-2013-1857.html https://bugzilla.novell.com/803064 https://bugzilla.novell.com/803305 https://bugzilla.novell.com/803306 https://bugzilla.novell.com/803309 https://bugzilla.novell.com/804296 https://bugzilla.novell.com/804304 https://bugzilla.novell.com/804305 https://bugzilla.novell.com/804308 https://bugzilla.novell.com/804309 https://bugzilla.novell.com/804310 https://bugzilla.novell.com/804311 https://bugzilla.novell.com/808277 https://bugzilla.novell.com/810320 https://bugzilla.novell.com/813491 https://bugzilla.novell.com/813504 http://download.novell.com/patch/finder/?keywords=2b61def21196acb86a98b3cd6b164de8 From sle-updates at lists.suse.com Mon Jun 17 15:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2013 23:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1022-2: important: Security update for Linux kernel Message-ID: <20130617210414.42DCA32293@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-2 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 * CVE-2013-3076 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3225 * CVE-2013-3227 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2013-1979 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7814 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7812 slessp2-kernel-7813 slessp2-kernel-7814 slessp2-kernel-7819 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7811 sleshasp2-kernel-7812 sleshasp2-kernel-7813 sleshasp2-kernel-7814 sleshasp2-kernel-7819 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7811 sledsp2-kernel-7814 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-ec2-3.0.80-0.5.1 kernel-ec2-base-3.0.80-0.5.1 kernel-ec2-devel-3.0.80-0.5.1 kernel-xen-3.0.80-0.5.1 kernel-xen-base-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5 xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.80]: kernel-default-man-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.80]: kernel-ppc64-3.0.80-0.5.1 kernel-ppc64-base-3.0.80-0.5.1 kernel-ppc64-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.80_0.5-2.18.45 cluster-network-kmp-trace-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-default-2_3.0.80_0.5-0.7.76 gfs2-kmp-trace-2_3.0.80_0.5-0.7.76 ocfs2-kmp-default-1.6_3.0.80_0.5-0.11.44 ocfs2-kmp-trace-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-xen-2_3.0.80_0.5-0.7.76 ocfs2-kmp-xen-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-ppc64-2_3.0.80_0.5-0.7.76 ocfs2-kmp-ppc64-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-pae-2_3.0.80_0.5-0.7.76 ocfs2-kmp-pae-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-default-extra-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 kernel-trace-extra-3.0.80-0.5.1 kernel-xen-3.0.80-0.5.1 kernel-xen-base-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 kernel-xen-extra-3.0.80-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5 xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 kernel-pae-extra-3.0.80-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=19c95cc7458aa30d3c072b77a8701a6d http://download.novell.com/patch/finder/?keywords=23807efa0fda2554a9635e4fffacead3 http://download.novell.com/patch/finder/?keywords=8bd84321504d865c571ca2d3e49279bb http://download.novell.com/patch/finder/?keywords=9004723920468a034b1397e23a00e0ff http://download.novell.com/patch/finder/?keywords=ba206bb6e19abef79b40e9307204a30e From sle-updates at lists.suse.com Mon Jun 17 17:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2013 01:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1037-1: important: Recommended update for vm-install Message-ID: <20130617230410.B5BE0320F1@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1037-1 Rating: important References: #801481 #809464 #812626 #813639 #820083 #820085 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: vm-install has been updated to 0.5.16 which fixes various bugs: * bnc#820083 - Trying to call vm-install from VNC on s390x results in "/usr/bin/xterm: Can't execvp xm: No such file or directory" (effects KVM on x86_64) * bnc#820085 - ncurses vm-install on s390x fails with "Error: XML error: No PCI buses available" (effects KVM on x86_64) * bnc#812626 - Virt-Install prepends string causing error when pointing to ISO * bnc#813639 - vm-install can't automatically generate correct prefix of image type in 'Source' text field while indicating a existing tap image file * bnc#809464 - vm-install fails when selecting PXE as the boot method with PV guest * bnc#801481 - vm-install requires tftp and so conflicts with atftp vminstall-atftp-support.patch * Xen: Fixed XML data when there is no initrd (NetWare) * Xen: Fix bootloader and bootloader_args generated xml output for libvirt compatibility Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-vm-install-7795 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-vm-install-7795 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 0.5.16]: vm-install-0.5.16-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.5.16]: vm-install-0.5.16-0.5.1 References: https://bugzilla.novell.com/801481 https://bugzilla.novell.com/809464 https://bugzilla.novell.com/812626 https://bugzilla.novell.com/813639 https://bugzilla.novell.com/820083 https://bugzilla.novell.com/820085 http://download.novell.com/patch/finder/?keywords=39b9b4001ddaea1fb75a19766b6d2f92 From sle-updates at lists.suse.com Mon Jun 17 17:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2013 01:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1038-1: moderate: Recommended update for kexec-tools Message-ID: <20130617230413.73A3032232@maintenance.suse.de> SUSE Recommended Update: Recommended update for kexec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1038-1 Rating: moderate References: #804800 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kexec-tools addresses the following issue: * Explicitly pass mmconf areas to new kernel using memmap=L$H. To prevent command-line overflow, coalesce any areas above highest system RAM into one contiguous area. This solves an issue where the passing of memmap=exactmap (which clears the e820 table) prevents devices on PCI > 0 from being detected. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-kexec-tools-7716 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kexec-tools-7716 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kexec-tools-7716 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kexec-tools-7716 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): kexec-tools-2.0.0-53.45.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): kexec-tools-2.0.0-53.45.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): kexec-tools-2.0.0-53.45.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): kexec-tools-2.0.0-53.45.1 References: https://bugzilla.novell.com/804800 http://download.novell.com/patch/finder/?keywords=f7e3f7cdcbfee62cfaa8e820570f0295 From sle-updates at lists.suse.com Tue Jun 18 07:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2013 15:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1022-3: important: Security update for Linux kernel Message-ID: <20130618130409.EBF93321C0@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-3 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 * CVE-2013-3076 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3225 * CVE-2013-3227 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2013-1979 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-7828 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.80.rt108]: cluster-network-kmp-rt-1.4_3.0.80_rt108_0.5-2.18.47 cluster-network-kmp-rt_trace-1.4_3.0.80_rt108_0.5-2.18.47 drbd-kmp-rt-8.4.2_3.0.80_rt108_0.5-0.6.6.38 drbd-kmp-rt_trace-8.4.2_3.0.80_rt108_0.5-0.6.6.38 iscsitarget-kmp-rt-1.4.20_3.0.80_rt108_0.5-0.23.44 iscsitarget-kmp-rt_trace-1.4.20_3.0.80_rt108_0.5-0.23.44 kernel-rt-3.0.80.rt108-0.5.1 kernel-rt-base-3.0.80.rt108-0.5.1 kernel-rt-devel-3.0.80.rt108-0.5.1 kernel-rt_trace-3.0.80.rt108-0.5.1 kernel-rt_trace-base-3.0.80.rt108-0.5.1 kernel-rt_trace-devel-3.0.80.rt108-0.5.1 kernel-source-rt-3.0.80.rt108-0.5.1 kernel-syms-rt-3.0.80.rt108-0.5.1 lttng-modules-kmp-rt-2.0.4_3.0.80_rt108_0.5-0.7.35 lttng-modules-kmp-rt_trace-2.0.4_3.0.80_rt108_0.5-0.7.35 ocfs2-kmp-rt-1.6_3.0.80_rt108_0.5-0.11.46 ocfs2-kmp-rt_trace-1.6_3.0.80_rt108_0.5-0.11.46 ofed-kmp-rt-1.5.2_3.0.80_rt108_0.5-0.28.28.18 ofed-kmp-rt_trace-1.5.2_3.0.80_rt108_0.5-0.28.28.18 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=0a3106322709c3a3f920332f0f5ba34c From sle-updates at lists.suse.com Tue Jun 18 12:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2013 20:04:16 +0200 (CEST) Subject: SUSE-SU-2013:1039-1: important: Security update for flash-player Message-ID: <20130618180416.80A0F321C0@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1039-1 Rating: important References: #824512 Cross-References: CVE-2013-3343 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Adobe flash-player has been updated to the 11.2.202.291 security update which fixes several security issues. Bug#824512 / CVE-2013-3343 / APSB13-16 Security Issue reference: * CVE-2013-3343 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7850 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.3.1 flash-player-gnome-11.2.202.291-0.3.1 flash-player-kde4-11.2.202.291-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3343.html https://bugzilla.novell.com/824512 http://download.novell.com/patch/finder/?keywords=79c597776eb65522c777c2c31d78be79 http://download.novell.com/patch/finder/?keywords=eade46809046296377fc288dde27a404 From sle-updates at lists.suse.com Wed Jun 19 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2013 17:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1051-1: Security update for pigz Message-ID: <20130619150410.78594321F0@maintenance.suse.de> SUSE Security Update: Security update for pigz ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1051-1 Rating: low References: #803933 Affected Products: SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes an issue where pigz created temp files with insecure permissions. (CVE-2013-0296) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-pigz-7514 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-pigz-7514 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.2 (x86_64): pigz-2.1.6-0.5.2 - SUSE Studio Extension for System z 1.2 (s390x): pigz-2.1.6-0.5.2 References: https://bugzilla.novell.com/803933 http://download.novell.com/patch/finder/?keywords=e363bd8fee9fef2db5c1aeaf1503cdb0 From sle-updates at lists.suse.com Wed Jun 19 09:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2013 17:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1052-1: Security update for pigz Message-ID: <20130619150413.4751832293@maintenance.suse.de> SUSE Security Update: Security update for pigz ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1052-1 Rating: low References: #597756 #803933 Cross-References: CVE-2013-0296 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This pigz update to version 2.1.6 includes a security fix and several bug fixes: * fix temporary file permission bug (bnc#803933, CVE-2013-0296) * fix dictzip with #CPU == 1 (bnc#597756) Security Issue reference: * CVE-2013-0296 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-pigz-7838 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 2.1.6]: pigz-2.1.6-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-0296.html https://bugzilla.novell.com/597756 https://bugzilla.novell.com/803933 http://download.novell.com/patch/finder/?keywords=041a111ad6c334270d3aa6b836278738 From sle-updates at lists.suse.com Wed Jun 19 18:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2013 02:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1053-1: Recommended update for avahi Message-ID: <20130620000411.76A08320A9@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1053-1 Rating: low References: #796271 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi provides the following fix: * #796271: Avahi daemon rejects mDNS query requests. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-avahi-7738 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-avahi-7738 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-avahi-7738 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-avahi-7738 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): avahi-compat-howl-devel-0.6.23-11.25.25.1 avahi-compat-mDNSResponder-devel-0.6.23-11.25.25.1 libavahi-devel-0.6.23-11.25.25.1 libhowl0-0.6.23-11.25.25.1 python-avahi-0.6.23-11.25.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): avahi-0.6.23-11.25.25.1 avahi-lang-0.6.23-11.25.25.1 avahi-utils-0.6.23-11.25.25.1 libavahi-client3-0.6.23-11.25.25.1 libavahi-common3-0.6.23-11.25.25.1 libavahi-core5-0.6.23-11.25.25.1 libdns_sd-0.6.23-11.25.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libavahi-client3-32bit-0.6.23-11.25.25.1 libavahi-common3-32bit-0.6.23-11.25.25.1 libdns_sd-32bit-0.6.23-11.25.25.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): avahi-0.6.23-11.25.25.1 avahi-lang-0.6.23-11.25.25.1 avahi-utils-0.6.23-11.25.25.1 libavahi-client3-0.6.23-11.25.25.1 libavahi-common3-0.6.23-11.25.25.1 libavahi-core5-0.6.23-11.25.25.1 libdns_sd-0.6.23-11.25.25.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libavahi-client3-32bit-0.6.23-11.25.25.1 libavahi-common3-32bit-0.6.23-11.25.25.1 libdns_sd-32bit-0.6.23-11.25.25.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libavahi-client3-x86-0.6.23-11.25.25.1 libavahi-common3-x86-0.6.23-11.25.25.1 libdns_sd-x86-0.6.23-11.25.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): avahi-0.6.23-11.25.25.1 avahi-lang-0.6.23-11.25.25.1 libavahi-client3-0.6.23-11.25.25.1 libavahi-common3-0.6.23-11.25.25.1 libavahi-core5-0.6.23-11.25.25.1 libdns_sd-0.6.23-11.25.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libavahi-client3-32bit-0.6.23-11.25.25.1 libavahi-common3-32bit-0.6.23-11.25.25.1 libdns_sd-32bit-0.6.23-11.25.25.1 References: https://bugzilla.novell.com/796271 http://download.novell.com/patch/finder/?keywords=518c2298cfe3290f72c051ed5a413ebc From sle-updates at lists.suse.com Thu Jun 20 13:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2013 21:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1058-1: Security update for gpg2 Message-ID: <20130620190411.8D202321F0@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1058-1 Rating: low References: #780943 #798465 #808958 Cross-References: CVE-2012-6085 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gpg2 provides the following fixes: * Set proper file permissions when en/de-crypting files (bnc#780943) * Fix an issue that could cause corruption of the public keys database. (CVE-2012-6085, #798465) * Select proper ciphers when running in FIPS mode (bnc#808958) Security Issue reference * CVE-2012-6085 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gpg2-7737 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gpg2-7737 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gpg2-7737 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gpg2-2.0.9-25.33.33.1 gpg2-lang-2.0.9-25.33.33.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.33.1 gpg2-lang-2.0.9-25.33.33.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gpg2-2.0.9-25.33.33.1 gpg2-lang-2.0.9-25.33.33.1 References: http://support.novell.com/security/cve/CVE-2012-6085.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 https://bugzilla.novell.com/808958 http://download.novell.com/patch/finder/?keywords=305e4b78fde413f704a65bf60a15b7a0 From sle-updates at lists.suse.com Thu Jun 20 14:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2013 22:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1059-1: moderate: Security update for clamav Message-ID: <20130620200411.06FE5320DA@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1059-1 Rating: moderate References: #816865 Cross-References: CVE-2013-2020 CVE-2013-2021 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update contains clamav 0.97.8 which fixes security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. Security Issue references: * CVE-2013-2020 * CVE-2013-2021 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-clamav-7821 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-clamav-7821 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-clamav-7821 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2020.html http://support.novell.com/security/cve/CVE-2013-2021.html https://bugzilla.novell.com/816865 http://download.novell.com/patch/finder/?keywords=5f21128dffc5d53e9eb8ed016ccae08e http://download.novell.com/patch/finder/?keywords=9d302ad645143524072bb084bf9f2ded From sle-updates at lists.suse.com Thu Jun 20 14:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2013 22:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1060-1: important: Security update for GnuTLS Message-ID: <20130620200414.C715F32376@maintenance.suse.de> SUSE Security Update: Security update for GnuTLS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1060-1 Rating: important References: #821818 Cross-References: CVE-2013-2116 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-gnutls-7781 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gnutls-7781 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gnutls-7781 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gnutls-7781 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.47.1 libgnutls-extra-devel-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgnutls26-x86-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): gnutls-1.2.10-13.36.1 gnutls-devel-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): gnutls-32bit-1.2.10-13.36.1 gnutls-devel-32bit-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): gnutls-x86-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): gnutls-64bit-1.2.10-13.36.1 gnutls-devel-64bit-1.2.10-13.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gnutls-1.2.10-13.36.1 gnutls-devel-1.2.10-13.36.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): gnutls-32bit-1.2.10-13.36.1 gnutls-devel-32bit-1.2.10-13.36.1 References: http://support.novell.com/security/cve/CVE-2013-2116.html https://bugzilla.novell.com/821818 http://download.novell.com/patch/finder/?keywords=6b62ecb51e089af80ba626d079de03f3 http://download.novell.com/patch/finder/?keywords=c39cabef26db30df30eff8a1bbef4088 From sle-updates at lists.suse.com Thu Jun 20 15:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2013 23:04:27 +0200 (CEST) Subject: SUSE-SU-2013:1061-1: Security update for gpg Message-ID: <20130620210428.0172232168@maintenance.suse.de> SUSE Security Update: Security update for gpg ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1061-1 Rating: low References: #780943 #798465 Cross-References: CVE-2012-6085 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gpg provides the following fixes: * Set proper file permissions when en/de-crypting files (bnc#780943) * Fix an issue that could cause corruption of the public keys database. (CVE-2012-6085, bnc#798465) Security Issue reference: * CVE-2012-6085 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): gpg-1.4.2-23.21.1 gpg2-1.9.18-17.23.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gpg-1.4.2-23.21.1 gpg2-1.9.18-17.23.1 References: http://support.novell.com/security/cve/CVE-2012-6085.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 http://download.novell.com/patch/finder/?keywords=3fc2b24dc90bda3b61202a7c4ffc0814 http://download.novell.com/patch/finder/?keywords=c63e1c0dad4c5e8848b14230545d1ec2 From sle-updates at lists.suse.com Thu Jun 20 15:04:31 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2013 23:04:31 +0200 (CEST) Subject: SUSE-SU-2013:1062-1: moderate: Security update for python-django Message-ID: <20130620210431.AA16132376@maintenance.suse.de> SUSE Security Update: Security update for python-django ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1062-1 Rating: moderate References: #795264 #807175 Cross-References: CVE-2012-4520 CVE-2013-0305 CVE-2013-0306 CVE-2013-1665 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: python django was updated to version 1.4.5 which fixes several bugs and security problems. * Update to 1.4.5 (bnc#807175, bnc#795264): o Security release ( CVE-2012-4520 CVE-2013-0305 CVE-2013-0306 CVE-2013-1665 ) * Update to 1.4.3: o Security release: o Host header poisoning o Redirect poisoning o Please check release notes for details: https://www.djangoproject.com/weblog/2012/dec/10/security * Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin * Update to 1.4.2: o Security release: o Host header poisoning o Please check release notes for details: https://www.djangoproject.com/weblog/2012/oct/17/security * Update to 1.4.1: o Security release: o Cross-site scripting in authentication views o Denial-of-service in image validation o Denial-of-service via get_image_dimensions() o Please check release notes for details: https://www.djangoproject.com/weblog/2012/jul/30/security-re leases-issued Security Issue references: * CVE-2012-4520 * CVE-2013-0305 * CVE-2013-0306 * CVE-2013-1665 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-django-7839 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64) [New Version: 1.4.5]: python-django-1.4.5-0.6.2.1 References: http://support.novell.com/security/cve/CVE-2012-4520.html http://support.novell.com/security/cve/CVE-2013-0305.html http://support.novell.com/security/cve/CVE-2013-0306.html http://support.novell.com/security/cve/CVE-2013-1665.html https://bugzilla.novell.com/795264 https://bugzilla.novell.com/807175 http://download.novell.com/patch/finder/?keywords=7ea32c047895ee67361bae4515c29ef8 From sle-updates at lists.suse.com Fri Jun 21 14:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2013 22:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1066-1: moderate: Recommended update for curl Message-ID: <20130621200411.8FDEC32374@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1066-1 Rating: moderate References: #820996 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl adds Digicert certificates to the CA bundle. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): curl-7.15.1-19.28.1 curl-devel-7.15.1-19.28.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): curl-32bit-7.15.1-19.28.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): curl-x86-7.15.1-19.28.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): curl-64bit-7.15.1-19.28.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): curl-7.15.1-19.28.1 curl-devel-7.15.1-19.28.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): curl-32bit-7.15.1-19.28.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): curl-devel-7.15.1-19.28.1 References: https://bugzilla.novell.com/820996 http://download.novell.com/patch/finder/?keywords=1cbf68c0949937ace321a038c4e68c17 From sle-updates at lists.suse.com Fri Jun 21 14:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2013 22:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1067-1: Security update for python-keystoneclient Message-ID: <20130621200415.48CB832378@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1067-1 Rating: low References: #817415 Cross-References: CVE-2013-2013 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: python-keystoneclient has been updated to the latest git version (e4ed1f3) which fixes also a security issue: * CVE-2013-2013: password disclosure on command line was fixed, which allowed local users to find out passwords via ps. Other changes: * Update to latest git (e4ed1f3): o Fix scoped auth for non-admins (bug 1081192) * Update to latest git (27f0c72): o Don't need to lazy load resources loaded from API o Add support for HEAD and PATCH o Add generic entity.delete() o Allow serialization impl to be overridden o enabling i18n with Babel o updating keystoneclient doc theme o updating base keystoneclient documentation o virtualenv quite installation for zypper o Manager for generic CRUD on v3 o v3 Client & test utils o change default wrap for tokens from 78 characters to 0 o v3 Service CRUD o v3 Endpoint CRUD o v3 Policy CRUD o v3 Domain CRUD o v3 Role CRUD o v3 Project CRUD o v3 User CRUD o v3 Credential CRUD o v3 List projects for a user o Fixed httplib2 mocking (bug 1050091, bug 1050097) o v3 Domain/Project role grants o Enable/disable services/endpoints (bug 1048662) o bootstrap a keystone user (e.g. admin) in one cmd o Useful error msg when missing catalog (bug 949904) o Added 'service_id' column to endpoint-list o Ensure JSON isn't read on no HTTP response body o use mock context managers instead of decorators+functions o Fixes https connections to keystone when no CA certificates are specified. o add a new HTTPClient attr for setting the original IP o Add OpenStack trove classifier for PyPI o Don't log an exception for an expected empty catalog. o Replace refs to 'Keystone API' with 'Identity API' o Update --os-* error messages o HACKING compliance: consistent usage of 'except' o Fix keystoneclient so swift works against Rackspace Cloud Files o fixes 1075376 o Warn about bypassing auth on CLI (bug 1076225) o check creds before token/endpoint (bug 1076233) o Check for auth URL before password (bug 1076235) o removing repeat attempt at authorization in client o Make initial structural changes to keystoneclient in preparation to moving auth_token here from keystone. No functional change should occur from this commit (even though it did refresh a newer copy of openstack.common.setup.py, none of the newer updates are in functions called from this client) o Add auth-token code to keystoneclient, along with supporting files o Update README and CLI help o fixes auth_ref initialization error o Throw validation response into the environment * Add Provides/Obsoletes for openSUSE-12.2 package name (openstack-keystoneclient and python-python-keystoneclient) * Update to latest git (6c127df): o Fix PEP8 issues. o fixing pep8 formatting for 1.0.1+ pep8 o Fixed httplib2 mocking (bug 1050091, bug 1050097) o Require httplib2 version 0.7 or higher. o removing deprecated commandline options o Handle "503 Service Unavailable" exception. o Fixes setup compatibility issue on Windows o switching options to match authentication paths o Add wrap option to keystone token-get for humans o Allow empty description for tenants. o pep8 1.3.1 cleanup Security Issue reference: * CVE-2013-2013 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-keystoneclient-7868 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): python-keystoneclient-2012.1+git.1353428216.e4ed1f3-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2013.html https://bugzilla.novell.com/817415 http://download.novell.com/patch/finder/?keywords=063a4ebcd43a01eecec673fc801eed73 From sle-updates at lists.suse.com Mon Jun 24 12:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2013 20:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1073-1: Recommended update for axis Message-ID: <20130624180410.E697832014@maintenance.suse.de> SUSE Recommended Update: Recommended update for axis ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1073-1 Rating: low References: #810881 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Axis adjusts the build procedure to use OpenJDK7 instead of gcc-java. The change fixes a problem that, in some circumstances, could cause exceptions when connecting to web services using SOAP over HTTPS. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-axis-7885 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-axis-7885 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): axis-1.4-236.43.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): axis-1.4-236.38.7 axis-1.4-236.43.1 References: https://bugzilla.novell.com/810881 http://download.novell.com/patch/finder/?keywords=a01f8c3e2f090f466be14f554ca45ab4 From sle-updates at lists.suse.com Mon Jun 24 14:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2013 22:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1074-1: moderate: Recommended update for bind Message-ID: <20130624200409.29EEC32000@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1074-1 Rating: moderate References: #815230 #819475 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: The BIND DNS server package has been updated to version 9.9.2P2, which brings many fixes, enhancements and new features, such as: * Automated trust anchor maintenance for DNSSEC (RFC 5011) * Simplified configuration of Dynamic DNS * Simplified configuration of DNSSEC Lookaside Validation (DLV) * Fully automatic signing of zones * Implementation of DNS64, a transition mechanism to IPv6 deployment * Inline Signing for DNSSEC * DNSSEC NSEC performance improvements * Multiprocessing performance improvements. This update also contains several functional changes which might need changes of certain configuration settings. More information can be found in TID #7012684: https://www.suse.com/support/kb/doc.php?id=7012684 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-7757 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-7757 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-7757 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-7757 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.2P2]: bind-devel-9.9.2P2-0.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.9.2P2]: bind-devel-32bit-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.9.2P2]: bind-9.9.2P2-0.11.1 bind-chrootenv-9.9.2P2-0.11.1 bind-doc-9.9.2P2-0.11.1 bind-libs-9.9.2P2-0.11.1 bind-utils-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.9.2P2]: bind-libs-32bit-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.2P2]: bind-9.9.2P2-0.11.1 bind-chrootenv-9.9.2P2-0.11.1 bind-doc-9.9.2P2-0.11.1 bind-libs-9.9.2P2-0.11.1 bind-utils-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.9.2P2]: bind-libs-32bit-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.9.2P2]: bind-libs-x86-9.9.2P2-0.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.9.2P2]: bind-libs-9.9.2P2-0.11.1 bind-utils-9.9.2P2-0.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.9.2P2]: bind-libs-32bit-9.9.2P2-0.11.1 References: https://bugzilla.novell.com/815230 https://bugzilla.novell.com/819475 http://download.novell.com/patch/finder/?keywords=9d10f7e4217e05ba7209efd2e99a4542 From sle-updates at lists.suse.com Tue Jun 25 11:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2013 19:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1075-1: important: Security update for Xen Message-ID: <20130625170414.510523212B@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1075-1 Rating: important References: #801663 #809662 #813673 #813675 #813677 #814709 #816156 #816159 #816163 #819416 #820917 #820919 #820920 Cross-References: CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.pat ch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointe rs.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-ev ents.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-m appings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-message s.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-en abled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.pat ch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics .patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vect ors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mo de.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap- pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-cr ash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended _msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpup ool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.pa tch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-struct ure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 * CVE-2013-1918 * CVE-2013-1919 * CVE-2013-1920 * CVE-2013-1952 * CVE-2013-1964 * CVE-2013-2072 * CVE-2013-2076 * CVE-2013-2077 * CVE-2013-2078 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201305-7798 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1917.html http://support.novell.com/security/cve/CVE-2013-1918.html http://support.novell.com/security/cve/CVE-2013-1919.html http://support.novell.com/security/cve/CVE-2013-1920.html http://support.novell.com/security/cve/CVE-2013-1952.html http://support.novell.com/security/cve/CVE-2013-1964.html http://support.novell.com/security/cve/CVE-2013-2072.html http://support.novell.com/security/cve/CVE-2013-2076.html http://support.novell.com/security/cve/CVE-2013-2077.html http://support.novell.com/security/cve/CVE-2013-2078.html https://bugzilla.novell.com/801663 https://bugzilla.novell.com/809662 https://bugzilla.novell.com/813673 https://bugzilla.novell.com/813675 https://bugzilla.novell.com/813677 https://bugzilla.novell.com/814709 https://bugzilla.novell.com/816156 https://bugzilla.novell.com/816159 https://bugzilla.novell.com/816163 https://bugzilla.novell.com/819416 https://bugzilla.novell.com/820917 https://bugzilla.novell.com/820919 https://bugzilla.novell.com/820920 http://download.novell.com/patch/finder/?keywords=2f3309c493da194384ed2eba64f84f0d From sle-updates at lists.suse.com Tue Jun 25 17:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jun 2013 01:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1076-1: Recommended update for krb5 Message-ID: <20130625230410.ED8ED320EE@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1076-1 Rating: low References: #787272 #808191 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Kerberos 5 provides the following fixes and enhancements: * Improved compatibility with processes that handle large numbers of open files (bnc#787272) * Fixed memory leak in gss_accept_sec_context() and other functions (bnc#808191) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): krb5-1.4.3-19.49.51.1 krb5-apps-clients-1.4.3-19.49.51.1 krb5-apps-servers-1.4.3-19.49.51.1 krb5-client-1.4.3-19.49.51.1 krb5-devel-1.4.3-19.49.51.1 krb5-server-1.4.3-19.49.51.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): krb5-32bit-1.4.3-19.49.51.1 krb5-devel-32bit-1.4.3-19.49.51.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): krb5-x86-1.4.3-19.49.51.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): krb5-64bit-1.4.3-19.49.51.1 krb5-devel-64bit-1.4.3-19.49.51.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): krb5-1.4.3-19.49.51.1 krb5-client-1.4.3-19.49.51.1 krb5-devel-1.4.3-19.49.51.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): krb5-32bit-1.4.3-19.49.51.1 krb5-devel-32bit-1.4.3-19.49.51.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): krb5-apps-clients-1.4.3-19.49.51.1 krb5-apps-servers-1.4.3-19.49.51.1 krb5-server-1.4.3-19.49.51.1 References: https://bugzilla.novell.com/787272 https://bugzilla.novell.com/808191 http://download.novell.com/patch/finder/?keywords=49b548902ebe6db0ea74ae1edb7427b9 From sle-updates at lists.suse.com Thu Jun 27 08:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jun 2013 16:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1088-1: moderate: Recommended update for yast2-network Message-ID: <20130627140413.48ABD32015@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1088-1 Rating: moderate References: #793367 #810525 #813232 #817943 #821427 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This update for YaST's Network Configuration module (yast2-network) provides the following fixes: * Do not propose bridge devices when virtualization is used on s390x. (bnc#817943) * Fixed parsing of hostname in DNS module. (bnc#813232) * Added loading tun/tap settings from netconfig. (bnc#793367) * Fixed biosdevname renaming in case of buggy SMBIOS. (bnc#821427) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-yast2-network-7833 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-yast2-network-7833 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-yast2-network-7833 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-yast2-network-7833 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.182.12]: yast2-network-devel-doc-2.17.182.12-0.5.11 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.17.182.12]: yast2-network-2.17.182.12-0.5.11 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.182.12]: yast2-network-2.17.182.12-0.5.11 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.17.182.12]: yast2-network-2.17.182.12-0.5.11 References: https://bugzilla.novell.com/793367 https://bugzilla.novell.com/810525 https://bugzilla.novell.com/813232 https://bugzilla.novell.com/817943 https://bugzilla.novell.com/821427 http://download.novell.com/patch/finder/?keywords=a6ffc92630dc8f3bc28392203d174c02 From sle-updates at lists.suse.com Thu Jun 27 16:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 00:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1091-1: Recommended update for SUSE Manager client tools Message-ID: <20130627220411.9F01732000@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager client tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1091-1 Rating: low References: #815441 #815460 #818325 #819781 #821968 #823241 #823917 Affected Products: SUSE Manager Client Tools for SLE 11 SP2 SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: rhncfg: * Make diffs initiated from another spacewalk server obey display_diff configuration option * Simplify rhncfg API. rhnlib: * Make timeout configurable * Make Proxy timeouts configurable. rhn-virtualization: * Python 2.4 fix for 'exit' * Define a utf8_encode wrapper. spacewalk-backend-libs: * Fix reactivation of systems * Use timeout configuration option also in suseLib send function * Make rpclib connection timeout configurable. spacewalk-client-tools: * Create mgr* program symbolic links * Correctly handle a deactivated account error message * Require rhnlib with timeout option * Make timeout configurable. zypp-plugin-spacewalk: * Always disable gpgcheck for repositories in spacewalk service * Use timeout also for XMLRPC calls if possible * Read transfer_timeout from zypp.conf and provide it via URL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP2: zypper in -t patch slesctsp2-client-tools-201306-7856 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP2 (i586 ia64 ppc64 s390x x86_64): rhnlib-2.5.51.4-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SUSE Manager Client Tools for SLE 11 SP2 (noarch): rhn-virtualization-common-5.4.34.13-0.5.1 rhn-virtualization-host-5.4.34.13-0.5.1 rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SLE CLIENT TOOLS 10 for x86_64 (x86_64): rhnlib-2.5.51.4-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SLE CLIENT TOOLS 10 for x86_64 (noarch): rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SLE CLIENT TOOLS 10 for s390x (noarch): rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SLE CLIENT TOOLS 10 for s390x (s390x): rhnlib-2.5.51.4-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (noarch): rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (ia64): rhnlib-2.5.51.4-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SLE CLIENT TOOLS 10 for PPC (noarch): rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SLE CLIENT TOOLS 10 for PPC (ppc): rhnlib-2.5.51.4-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SLE CLIENT TOOLS 10 (noarch): rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SLE CLIENT TOOLS 10 (i586): rhnlib-2.5.51.4-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 References: https://bugzilla.novell.com/815441 https://bugzilla.novell.com/815460 https://bugzilla.novell.com/818325 https://bugzilla.novell.com/819781 https://bugzilla.novell.com/821968 https://bugzilla.novell.com/823241 https://bugzilla.novell.com/823917 http://download.novell.com/patch/finder/?keywords=57aa653c6bccfbf59df59344b96fcb8e http://download.novell.com/patch/finder/?keywords=928686696886346aaee553b4c37fb49c From sle-updates at lists.suse.com Thu Jun 27 18:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 02:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1092-1: Recommended update for SUSE Manager Message-ID: <20130628000410.925BD32015@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1092-1 Rating: low References: #701082 #801662 #801666 #806839 #809927 #813756 #814263 #814292 #815441 #815460 #818325 #818566 #819781 #820980 #820985 #821786 #821868 #821968 #822385 #823241 #823366 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. It includes 15 new package versions. Description: This update for SUSE Manager Server 1.7 includes the following new features: * Implement no_proxy for spacewalk-repo-sync. This update fixes the following issues: MessageQueue: * If the host lookup fails, do not hide the error. rhnlib: * Make timeout of yum-rhn-plugin calls through rhn-client-tools configurable * Make Proxy timeouts configurable. sm-client-tools: * Minor refactorings in the code for resource management * Remove bootstrap repository after failure * Handle missing /usr/share/rhn/ correctly * Fix minor bugs, add possibility to override SUSE Manager host for tunneling * Add possibility to override rhn.conf with command line. smdba: * Automatically adjust free space for the hot backup. spacecmd: * Fix spacecmd errors when trying to add script to kickstart * Make spacecmd able to specify configuration channel label. spacewalk-backend: * Fix reactivation of systems * Remove incorrect path from database * Add file path restoration functionality to spacewalk-data-fsck * Update copyright column length * Don't truncate channel name to 64 chars * Make API compatible with old RHEL5 clients * No line break at the end of the package summary * Don't truncate filepath when exporting * Fix registration issues on PostgreSQL * Update expired gpg keys in the keyring * Set copy_local urlgrabber option to copy also file URLs * Use timeout configuration option also in suseLib send function * Make satellite-sync work with new rhnlib * Search for CVE numbers also in the description * Require rhnlib with timeout option * Make rpclib connection timeout configurable * Return 404 Not Found on requests of content or installation.xml * Fix encoding in products summary and description. spacewalk-certs-tools: * Remove temp files verbosely even in case of error * Add sudo requirement to spacewalk-certs-tools package * The chkconfig command on RHEL does not know the -d switch * Simply test if bootstrap repository exists and use it if yes. spacewalk-client-tools: * Create mgr* program symbolic links * Correctly handle a deactivated account error message * Require rhnlib with timeout option * Make timeout of yum-rhn-plugin calls through rhn-client-tools configurable. spacewalk-java: * Fix Service Pack migration ClassCastException * Fix lookup for the SSH push default schedule * Escaping system name in web pages * Fix UI text about kickstart * Sort parent channel pop-up menu by channel name * Add list elaborator into session for CSV export * Fix invalid SQL statement for finding ssh-push candidates * Subscribe only to selected configuration channels via SSM * Fix cobbler information file system paths * Too big value in system custom info should not cause ISE * Do not offer a symbolic link if the user does not have acl for the target * Display systems counts on cancel scheduled actions page * Add some missing UI strings * Fix system.listSystemEvents on PostgreSQL * Display 'Updates' column on group system list pages * Fix 'Configs' column on system groups related pages * Upstream-specific check on channel name removed * Set milliseconds to 0 before comparing dates * Trigger repo metadata generation after cloning patches * Add missing string *.actions.scheduled * Fix paths for kernel and initrd on DVD on s390x. spacewalk-monitoring: * Start monitoring Scout after httpd if available. spacewalk-reports: * Fix of system group reports * Display more meaningful description * Report for host-guest mappings * Reports to support enhanced reporting. spacewalk-setup: * Suppress uninitialized value messages. spacewalk-utils: * Manually specify encoding options for spacewalk-dump-schema * Check to see if the key exists before initializing parent channel key * Fixed promote phase naming errors * Correctly quote the database name * Disable, enable and rebuild indexes for migrations. spacewalk-web: * Add RHN::Form::Widget::Select to ChannelEditor * Use RHN::Form::ParsedForm * Add sudo requirement for spacewalk-base package. susemanager-schema: * Don't create index if it already exists * Don't drop rhn_ram_sid_idx if it does not exist * No line break at the end of the package summary * Fix filename length in rhnErrataFileTmp * Switch deferred segment creation off during installation * Extend length of rhnPackageCapability.version. susemanager: * Create bootstrap repositories for SLE11-SP3 * Fix reading mirror credentials from configuration * Add versioned requires of spacewalk-backend. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-suse-manager17-201306-7858 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.2,1.7.23,1.7.38.26,1.7.7.10 and 2.5.51.4]: rhnlib-2.5.51.4-0.5.1 smdba-1.2-0.9.1 spacecmd-1.7.7.10-0.5.1 spacewalk-backend-1.7.38.26-0.5.1 spacewalk-backend-app-1.7.38.26-0.5.1 spacewalk-backend-applet-1.7.38.26-0.5.1 spacewalk-backend-config-files-1.7.38.26-0.5.1 spacewalk-backend-config-files-common-1.7.38.26-0.5.1 spacewalk-backend-config-files-tool-1.7.38.26-0.5.1 spacewalk-backend-iss-1.7.38.26-0.5.1 spacewalk-backend-iss-export-1.7.38.26-0.5.1 spacewalk-backend-libs-1.7.38.26-0.5.1 spacewalk-backend-package-push-server-1.7.38.26-0.5.1 spacewalk-backend-server-1.7.38.26-0.5.1 spacewalk-backend-sql-1.7.38.26-0.5.1 spacewalk-backend-sql-oracle-1.7.38.26-0.5.1 spacewalk-backend-sql-postgresql-1.7.38.26-0.5.1 spacewalk-backend-tools-1.7.38.26-0.5.1 spacewalk-backend-xml-export-libs-1.7.38.26-0.5.1 spacewalk-backend-xmlrpc-1.7.38.26-0.5.1 spacewalk-backend-xp-1.7.38.26-0.5.1 susemanager-1.7.23-0.5.1 susemanager-tools-1.7.23-0.5.1 - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.2,1.7.0.2,1.7.1.6,1.7.14.16,1.7.15.11,1.7.28.17,1.7.3.9,1.7.54.25,1.7.56.19,1.7.9.11 and 3.26.7.2]: MessageQueue-3.26.7.2-0.5.1 sm-client-tools-1.2-0.5.1 spacewalk-base-1.7.28.17-0.5.1 spacewalk-base-minimal-1.7.28.17-0.5.1 spacewalk-certs-tools-1.7.3.9-0.5.2 spacewalk-client-tools-1.7.14.16-0.5.1 spacewalk-grail-1.7.28.17-0.5.1 spacewalk-html-1.7.28.17-0.5.1 spacewalk-java-1.7.54.25-0.5.1 spacewalk-java-config-1.7.54.25-0.5.1 spacewalk-java-lib-1.7.54.25-0.5.1 spacewalk-java-oracle-1.7.54.25-0.5.1 spacewalk-java-postgresql-1.7.54.25-0.5.1 spacewalk-monitoring-1.7.0.2-0.5.2 spacewalk-pxt-1.7.28.17-0.5.1 spacewalk-reports-1.7.1.6-0.5.1 spacewalk-setup-1.7.9.11-0.5.1 spacewalk-sniglets-1.7.28.17-0.5.1 spacewalk-taskomatic-1.7.54.25-0.5.1 spacewalk-utils-1.7.15.11-0.5.2 susemanager-schema-1.7.56.19-0.5.1 References: https://bugzilla.novell.com/701082 https://bugzilla.novell.com/801662 https://bugzilla.novell.com/801666 https://bugzilla.novell.com/806839 https://bugzilla.novell.com/809927 https://bugzilla.novell.com/813756 https://bugzilla.novell.com/814263 https://bugzilla.novell.com/814292 https://bugzilla.novell.com/815441 https://bugzilla.novell.com/815460 https://bugzilla.novell.com/818325 https://bugzilla.novell.com/818566 https://bugzilla.novell.com/819781 https://bugzilla.novell.com/820980 https://bugzilla.novell.com/820985 https://bugzilla.novell.com/821786 https://bugzilla.novell.com/821868 https://bugzilla.novell.com/821968 https://bugzilla.novell.com/822385 https://bugzilla.novell.com/823241 https://bugzilla.novell.com/823366 http://download.novell.com/patch/finder/?keywords=38d1ca0ccf5d54694e1032e2b0d36ff2 From sle-updates at lists.suse.com Thu Jun 27 18:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 02:04:15 +0200 (CEST) Subject: SUSE-RU-2013:1093-1: Recommended update for SUSE Manager Proxy Message-ID: <20130628000415.33A0C32068@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1093-1 Rating: low References: #801151 #801662 #801666 #815441 #815460 #818325 #818566 #819781 #821968 #823241 #823917 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. It includes 11 new package versions. Description: This update fixes the following issues: MessageQueue: * If the host lookup fails, do not hide the error. rhncfg: * Make diffs initiated from another spacewalk server obey display_diff configuration option * Simplify rhncfg API. rhnlib: * Make timeout of yum-rhn-plugin calls through rhn-client-tools configurable * Make Proxy timeouts configurable. sm-client-tools: * Minor refactorings in the code for resource management * Remove bootstrap repository after failure * Handle missing /usr/share/rhn/ directory correctly * Fix minor bugs, add possibility to override SUSE Manager host for tunneling * Add possibility to override rhn.conf with command line. spacewalk-backend: * Fix reactivation of systems * Remove incorrect path from db * Add file path restoration functionality to spacewalk-data-fsck * Update copyright column length * Don't truncate channel name to 64 chars * Make API compatible with old RHEL5 clients * No line break at the end of the package summary * Don't truncate filepath when exporting * Fix registration issues on PostgreSQL * Update expired gpg keys in the keyring * Set copy_local urlgrabber option to copy also file URLs * Use timeout configuration option also in suseLib send function * Make satellite-sync work with new rhnlib * Search for CVE numbers also in the description * Require rhnlib with timeout option * Make rpclib connection timeout configurable * Return 404 Not Found on requests of content or installation.xml * Fix encoding in products summary and description. spacewalk-certs-tools: * Remove temp files verbosely even in case of error * Add sudo requirement to spacewalk-certs-tools package * The chkconfig command on RHEL does not know the -d switch * Simply test if bootstrap repository exists and use it if yes. spacewalk-client-tools: * Create mgr* program symbolic links * Correctly handle a deactivated account error message * Require rhnlib with timeout option * Make timeout of yum-rhn-plugin calls through rhn-client-tools configurable. spacewalk-proxy-installer: * Report extra command line arguments * Fail if answer file is not readable. spacewalk-proxy: * Make Proxy timeouts configurable * Do not read response data into memory * Do not read data into memory which should be send to the server. spacewalk-web: * Add RHN::Form::Widget::Select to ChannelEditor * Use RHN::Form::ParsedForm * Add sudo requirement to spacewalk-base package. zypp-plugin-spacewalk: * Always disable gpgcheck for repositories in spacewalk service * Use timeout also for XMLRPC calls if possible * Read transfer_timeout from zypp.conf and provide it via URL. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-suse-manager-proxy17-201306-7859 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 0.9.2,1.7.38.26 and 2.5.51.4]: rhnlib-2.5.51.4-0.5.1 spacewalk-backend-1.7.38.26-0.5.2 spacewalk-backend-libs-1.7.38.26-0.5.2 zypp-plugin-spacewalk-0.9.2-0.5.1 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (noarch) [New Version: 1.2,1.7.12.10,1.7.14.16,1.7.28.17,1.7.3.9,1.7.6.9,3.26.7.2 and 5.10.27.11]: MessageQueue-3.26.7.2-0.5.1 rhncfg-5.10.27.11-0.5.1 rhncfg-actions-5.10.27.11-0.5.1 rhncfg-client-5.10.27.11-0.5.1 rhncfg-management-5.10.27.11-0.5.1 sm-client-tools-1.2-0.5.1 spacewalk-base-minimal-1.7.28.17-0.5.1 spacewalk-certs-tools-1.7.3.9-0.5.2 spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 spacewalk-proxy-broker-1.7.12.10-0.5.1 spacewalk-proxy-common-1.7.12.10-0.5.1 spacewalk-proxy-installer-1.7.6.9-0.5.2 spacewalk-proxy-management-1.7.12.10-0.5.1 spacewalk-proxy-package-manager-1.7.12.10-0.5.1 spacewalk-proxy-redirect-1.7.12.10-0.5.1 References: https://bugzilla.novell.com/801151 https://bugzilla.novell.com/801662 https://bugzilla.novell.com/801666 https://bugzilla.novell.com/815441 https://bugzilla.novell.com/815460 https://bugzilla.novell.com/818325 https://bugzilla.novell.com/818566 https://bugzilla.novell.com/819781 https://bugzilla.novell.com/821968 https://bugzilla.novell.com/823241 https://bugzilla.novell.com/823917 http://download.novell.com/patch/finder/?keywords=35a32299d8dcd7d983ecda9455a69bf5 From sle-updates at lists.suse.com Thu Jun 27 18:04:19 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 02:04:19 +0200 (CEST) Subject: SUSE-RU-2013:1094-1: Recommended update for SUSE Manager client tools Message-ID: <20130628000419.1BD8E32068@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager client tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1094-1 Rating: low References: #815460 #818325 #823917 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes three new package versions. Description: This update fixes the following issues: rhnlib: * Make timeout of yum-rhn-plugin calls through rhn-client-tools configurable * Make Proxy timeouts configurable. spacewalk-client-tools: * Create mgr* program symbolic links * Correctly handle a deactivated account error message * Require rhnlib with timeout option * Make timeout configurable. zypp-plugin-spacewalk: * Always disable gpgcheck for repositories in spacewalk service * Use timeout also for XMLRPC calls if possible * Read transfer_timeout from zypp.conf and provide it via URL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-client-tools-201306-7857 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-client-tools-201306-7857 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-client-tools-201306-7857 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.9.2 and 2.5.51.4]: rhnlib-2.5.51.4-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.7.14.16]: spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.2 and 2.5.51.4]: rhnlib-2.5.51.4-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.7.14.16]: spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.9.2 and 2.5.51.4]: rhnlib-2.5.51.4-0.5.1 zypp-plugin-spacewalk-0.9.2-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.7.14.16]: spacewalk-check-1.7.14.16-0.5.1 spacewalk-client-setup-1.7.14.16-0.5.1 spacewalk-client-tools-1.7.14.16-0.5.1 References: https://bugzilla.novell.com/815460 https://bugzilla.novell.com/818325 https://bugzilla.novell.com/823917 http://download.novell.com/patch/finder/?keywords=e14480c56dfe3fc360239fdc7b3c5af0 From sle-updates at lists.suse.com Fri Jun 28 07:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 15:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1095-1: moderate: Security update for xorg-x11-libXrender Message-ID: <20130628130410.BEE7B32014@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXrender ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1095-1 Rating: moderate References: #815451 #821669 Cross-References: CVE-2013-1987 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXrender-7809 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXrender-7809 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXrender-7809 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXrender-7809 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-devel-7.4-1.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXrender-devel-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXrender-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXrender-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXrender-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXrender-x86-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXrender-7.4-1.16.1 xorg-x11-libXrender-devel-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXrender-32bit-7.4-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-1987.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821669 http://download.novell.com/patch/finder/?keywords=48e45fee5e1a69e7883874b01777532f From sle-updates at lists.suse.com Fri Jun 28 08:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1096-1: Security update for xorg-x11-libxcb Message-ID: <20130628140411.A6870320EE@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libxcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1096-1 Rating: low References: #818829 #821584 Cross-References: CVE-2013-2064 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xorg-x11-libxcb addresses the following security issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issues: * CVE-2013-2064 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libxcb-7760 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libxcb-7760 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libxcb-7760 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libxcb-7760 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libxcb-devel-7.4-1.22.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libxcb-devel-32bit-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libxcb-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libxcb-32bit-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libxcb-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libxcb-32bit-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libxcb-x86-7.4-1.22.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libxcb-7.4-1.22.5.1 xorg-x11-libxcb-devel-7.4-1.22.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libxcb-32bit-7.4-1.22.5.1 References: http://support.novell.com/security/cve/CVE-2013-2064.html https://bugzilla.novell.com/818829 https://bugzilla.novell.com/821584 http://download.novell.com/patch/finder/?keywords=e08d51376bdda6da2110e604a495b364 From sle-updates at lists.suse.com Fri Jun 28 08:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1097-1: moderate: Security update for xorg-x11-libXfixes Message-ID: <20130628140415.E11F13213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXfixes ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1097-1 Rating: moderate References: #815451 #821667 Cross-References: CVE-2013-1983 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXfixes-7802 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXfixes-7802 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXfixes-7802 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXfixes-7802 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-devel-7.4-1.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXfixes-devel-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXfixes-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXfixes-x86-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXfixes-7.4-1.16.1 xorg-x11-libXfixes-devel-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-1983.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821667 http://download.novell.com/patch/finder/?keywords=f00e57d4e83124293883c5eb13495c03 From sle-updates at lists.suse.com Fri Jun 28 08:04:20 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:20 +0200 (CEST) Subject: SUSE-SU-2013:1098-1: moderate: Security update for Mesa Message-ID: <20130628140420.CD53932014@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1098-1 Rating: moderate References: #815451 #821855 Cross-References: CVE-2013-1993 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-Mesa-7805 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-Mesa-7805 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-Mesa-7805 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-Mesa-7805 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): Mesa-devel-7.11.2-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): Mesa-devel-32bit-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): Mesa-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): Mesa-32bit-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): Mesa-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): Mesa-32bit-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): Mesa-x86-7.11.2-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): Mesa-7.11.2-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): Mesa-32bit-7.11.2-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-1993.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821855 http://download.novell.com/patch/finder/?keywords=4d5a801bc9ddf7dd7e30b344d7210146 From sle-updates at lists.suse.com Fri Jun 28 08:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:24 +0200 (CEST) Subject: SUSE-SU-2013:1099-1: moderate: Security update for xorg-x11-libXext Message-ID: <20130628140424.E508232014@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXext ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1099-1 Rating: moderate References: #815451 #821665 Cross-References: CVE-2013-1982 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982) Security Issue reference: * CVE-2013-1982 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXext-7800 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXext-7800 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXext-7800 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXext-7800 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXext-devel-7.4-1.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXext-devel-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXext-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXext-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXext-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXext-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXext-x86-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXext-7.4-1.18.1 xorg-x11-libXext-devel-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXext-32bit-7.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2013-1982.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821665 http://download.novell.com/patch/finder/?keywords=cba7da3f4f032fc302bbe5d590336cda From sle-updates at lists.suse.com Fri Jun 28 10:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1100-1: moderate: Security update for xorg-x11-libX11 Message-ID: <20130628160410.9945932015@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1100-1 Rating: moderate References: #815451 #821664 Cross-References: CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update of xorg-x11-libX11 fixes several security issues (bnc#815451, bnc#821664). Security Issue references: * CVE-2013-1981 * CVE-2013-1997 * CVE-2013-2004 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libX11-7842 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libX11-7842 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libX11-7842 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libX11-7842 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libX11-x86-7.4-5.11.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libX11-7.4-5.11.11.1 xorg-x11-libX11-devel-7.4-5.11.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 References: http://support.novell.com/security/cve/CVE-2013-1981.html http://support.novell.com/security/cve/CVE-2013-1997.html http://support.novell.com/security/cve/CVE-2013-2004.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821664 http://download.novell.com/patch/finder/?keywords=573b836e9cf1967d6abb379c25a9952d From sle-updates at lists.suse.com Fri Jun 28 10:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1101-1: moderate: Security update for xorg-x11-libXt Message-ID: <20130628160414.A352A320EE@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1101-1 Rating: moderate References: #815451 #821670 Cross-References: CVE-2013-2002 CVE-2013-2005 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005). Security Issue references: * CVE-2013-2002 * CVE-2013-2005 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXt-7823 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXt-7823 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXt-7823 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXt-7823 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXt-devel-7.4-1.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXt-devel-32bit-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXt-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXt-32bit-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXt-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXt-32bit-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXt-x86-7.4-1.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXt-7.4-1.19.1 xorg-x11-libXt-devel-7.4-1.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXt-32bit-7.4-1.19.1 References: http://support.novell.com/security/cve/CVE-2013-2002.html http://support.novell.com/security/cve/CVE-2013-2005.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821670 http://download.novell.com/patch/finder/?keywords=00bfbc86ed2314dee9a8f4889ed16f89 From sle-updates at lists.suse.com Fri Jun 28 10:04:18 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:18 +0200 (CEST) Subject: SUSE-SU-2013:1102-1: moderate: Security update for xorg-x11-libXp Message-ID: <20130628160418.B3874320EE@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXp ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1102-1 Rating: moderate References: #815451 #821668 Cross-References: CVE-2013-2062 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXp-7844 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXp-7844 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXp-7844 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXp-7844 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXp-devel-7.4-1.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXp-devel-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXp-x86-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXp-7.4-1.18.1 xorg-x11-libXp-devel-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2013-2062.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821668 http://download.novell.com/patch/finder/?keywords=24a70c2d18b66d27689cf7ea1ee0dfac From sle-updates at lists.suse.com Fri Jun 28 10:04:22 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:22 +0200 (CEST) Subject: SUSE-SU-2013:1103-1: moderate: Security update for xorg-x11-libs Message-ID: <20130628160422.61100320EE@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libs ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1103-1 Rating: moderate References: #815451 #821663 Cross-References: CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update of xorg-x11-libs fixes several integer and buffer overflow issues (bnc#815451, bnc#821663). Security Issue references: * CVE-2013-1984 * CVE-2013-1985 * CVE-2013-1986 * CVE-2013-1988 * CVE-2013-1990 * CVE-2013-1991 * CVE-2013-1992 * CVE-2013-1995 * CVE-2013-1996 * CVE-2013-1998 * CVE-2013-1999 * CVE-2013-2000 * CVE-2013-2001 * CVE-2013-2003 * CVE-2013-2063 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-devel-7846 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-devel-7846 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-devel-7846 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-devel-7846 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.36.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libs-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libs-32bit-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libs-x86-7.4-8.26.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-devel-7.4-8.26.36.1 xorg-x11-libs-7.4-8.26.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libs-32bit-7.4-8.26.36.1 References: http://support.novell.com/security/cve/CVE-2013-1984.html http://support.novell.com/security/cve/CVE-2013-1985.html http://support.novell.com/security/cve/CVE-2013-1986.html http://support.novell.com/security/cve/CVE-2013-1988.html http://support.novell.com/security/cve/CVE-2013-1990.html http://support.novell.com/security/cve/CVE-2013-1991.html http://support.novell.com/security/cve/CVE-2013-1992.html http://support.novell.com/security/cve/CVE-2013-1995.html http://support.novell.com/security/cve/CVE-2013-1996.html http://support.novell.com/security/cve/CVE-2013-1998.html http://support.novell.com/security/cve/CVE-2013-1999.html http://support.novell.com/security/cve/CVE-2013-2000.html http://support.novell.com/security/cve/CVE-2013-2001.html http://support.novell.com/security/cve/CVE-2013-2003.html http://support.novell.com/security/cve/CVE-2013-2063.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821663 http://download.novell.com/patch/finder/?keywords=2b0c37d1a8beb0af8c31c6e5efaa35d4 From sle-updates at lists.suse.com Fri Jun 28 11:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 19:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1017-2: Recommended update for gnome-session Message-ID: <20130628170410.F023D3201E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1017-2 Rating: low References: #810952 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-session fixes parsing of GNOME's auto-start settings from SUSE Linux Enterprise 10. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gnome-session-7899 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gnome-session-7899 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gnome-session-7899 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gnome-session-2.28.0-3.11.9 gnome-session-lang-2.28.0-3.11.9 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gnome-session-2.28.0-3.11.9 gnome-session-lang-2.28.0-3.11.9 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gnome-session-2.28.0-3.11.9 gnome-session-lang-2.28.0-3.11.9 References: https://bugzilla.novell.com/810952 http://download.novell.com/patch/finder/?keywords=4fdbf874d4282aafb3f0f850738979a1 From sle-updates at lists.suse.com Fri Jun 28 11:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 19:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1104-1: moderate: Security update for xorg-x11-libXv Message-ID: <20130628170414.ABDD1320EE@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXv ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1104-1 Rating: moderate References: #815451 #821671 Cross-References: CVE-2013-1989 CVE-2013-2066 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066). Security Issue references: * CVE-2013-1989 * CVE-2013-2066 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXv-7825 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXv-7825 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXv-7825 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXv-7825 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-devel-7.4-1.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXv-devel-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXv-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXv-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXv-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXv-x86-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXv-7.4-1.16.1 xorg-x11-libXv-devel-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXv-32bit-7.4-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-1989.html http://support.novell.com/security/cve/CVE-2013-2066.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821671 http://download.novell.com/patch/finder/?keywords=5a1c2236da98dbe6e2394cfd8e607704 From sle-updates at lists.suse.com Fri Jun 28 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 21:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1105-1: Recommended update for Samba Message-ID: <20130628190410.6389632020@maintenance.suse.de> SUSE Recommended Update: Recommended update for Samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1105-1 Rating: low References: #573246 #657026 #817919 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for Samba provides the following fixes: * Fix 'map untrusted to domain' with NTLMv2. (bnc#817919) * Fix logon of AD users with many group memberships. (bnc#657026) * CIFS: do not restart during dhcp lease renewal when IP address remains the same. (bnc#573246) * Relicense source/client/{mount.cifs,mount.h,mtab.c}.c under GPLv2+ Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): cifs-mount-3.0.36-0.13.28.1 ldapsmb-1.34b-25.13.28.1 libmsrpc-3.0.36-0.13.28.1 libmsrpc-devel-3.0.36-0.13.28.1 libsmbclient-3.0.36-0.13.28.1 libsmbclient-devel-3.0.36-0.13.28.1 samba-3.0.36-0.13.28.1 samba-client-3.0.36-0.13.28.1 samba-krb-printing-3.0.36-0.13.28.1 samba-python-3.0.36-0.13.28.1 samba-vscan-0.3.6b-43.13.28.1 samba-winbind-3.0.36-0.13.28.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libsmbclient-32bit-3.0.36-0.13.28.1 samba-32bit-3.0.36-0.13.28.1 samba-client-32bit-3.0.36-0.13.28.1 samba-winbind-32bit-3.0.36-0.13.28.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libsmbclient-x86-3.0.36-0.13.28.1 samba-client-x86-3.0.36-0.13.28.1 samba-winbind-x86-3.0.36-0.13.28.1 samba-x86-3.0.36-0.13.28.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libsmbclient-64bit-3.0.36-0.13.28.1 samba-64bit-3.0.36-0.13.28.1 samba-client-64bit-3.0.36-0.13.28.1 samba-winbind-64bit-3.0.36-0.13.28.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): cifs-mount-3.0.36-0.13.28.1 ldapsmb-1.34b-25.13.28.1 libsmbclient-3.0.36-0.13.28.1 libsmbclient-devel-3.0.36-0.13.28.1 samba-3.0.36-0.13.28.1 samba-client-3.0.36-0.13.28.1 samba-krb-printing-3.0.36-0.13.28.1 samba-vscan-0.3.6b-43.13.28.1 samba-winbind-3.0.36-0.13.28.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libsmbclient-32bit-3.0.36-0.13.28.1 samba-32bit-3.0.36-0.13.28.1 samba-client-32bit-3.0.36-0.13.28.1 samba-winbind-32bit-3.0.36-0.13.28.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libmsrpc-3.0.36-0.13.28.1 libmsrpc-devel-3.0.36-0.13.28.1 libsmbclient-devel-3.0.36-0.13.28.1 libsmbsharemodes-3.0.36-0.13.28.1 libsmbsharemodes-devel-3.0.36-0.13.28.1 samba-python-3.0.36-0.13.28.1 References: https://bugzilla.novell.com/573246 https://bugzilla.novell.com/657026 https://bugzilla.novell.com/817919 http://download.novell.com/patch/finder/?keywords=6a24e331310c95bd97cc326be90a4472 From sle-updates at lists.suse.com Fri Jun 28 13:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jun 2013 21:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1073-2: Recommended update for axis Message-ID: <20130628190413.CEA443204A@maintenance.suse.de> SUSE Recommended Update: Recommended update for axis ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1073-2 Rating: low References: #810881 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Axis adjusts the build procedure to use OpenJDK7 instead of gcc-java. The change fixes a problem that, in some circumstances, could cause exceptions when connecting to web services using SOAP over HTTPS. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-axis-7949 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-axis-7949 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): axis-1.4-236.43.5 - SUSE Linux Enterprise Server 11 SP3 (noarch): axis-1.4-236.38.9 axis-1.4-236.43.5 References: https://bugzilla.novell.com/810881 http://download.novell.com/patch/finder/?keywords=07eea6abb023a81f2becab53798ed40d From sle-updates at lists.suse.com Fri Jun 28 19:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Jun 2013 03:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1106-1: moderate: Recommended update for release-notes-SLES-for-VMware Message-ID: <20130629010410.848D732006@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-SLES-for-VMware ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1106-1 Rating: moderate References: #773207 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for relase-notes-SLES-for-VMware fixes an issue when migrating from SLES to SLES for VMware (bnc#773207). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-release-notes-SLES-for-VMware-7779 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 11.2.0.45]: release-notes-SLES-for-VMware-11.2.0.45-0.11.1 References: https://bugzilla.novell.com/773207 http://download.novell.com/patch/finder/?keywords=8ce9ca9624a5a9336f8bd3241eed3b01 From sle-updates at lists.suse.com Sat Jun 29 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Jun 2013 23:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1074-2: moderate: Recommended update for bind Message-ID: <20130629210410.1A90E3201E@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1074-2 Rating: moderate References: #815230 #819475 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: The BIND DNS server has been updated to version 9.9.2P2, which brings many fixes, enhancements and new features, such as: * Automated trust anchor maintenance for DNSSEC (RFC 5011) * Simplified configuration of Dynamic DNS * Simplified configuration of DNSSEC Lookaside Validation (DLV) * Fully automatic signing of zones * Implementation of DNS64, a transition mechanism to IPv6 deployment * Inline Signing for DNSSEC * DNSSEC NSEC performance improvements * Multiprocessing performance improvements This update also contains several functional changes which might need changes of certain configuration settings. More information can be found in TID #7012684: https://www.suse.com/support/kb/doc.php?id=7012684 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind-7912 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind-7912 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind-7912 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind-7912 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.2P2]: bind-devel-9.9.2P2-0.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.2P2]: bind-devel-32bit-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.2P2]: bind-9.9.2P2-0.11.1 bind-chrootenv-9.9.2P2-0.11.1 bind-doc-9.9.2P2-0.11.1 bind-libs-9.9.2P2-0.11.1 bind-utils-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.2P2]: bind-libs-32bit-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.2P2]: bind-9.9.2P2-0.11.1 bind-chrootenv-9.9.2P2-0.11.1 bind-doc-9.9.2P2-0.11.1 bind-libs-9.9.2P2-0.11.1 bind-utils-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.2P2]: bind-libs-32bit-9.9.2P2-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.2P2]: bind-libs-x86-9.9.2P2-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.2P2]: bind-libs-9.9.2P2-0.11.1 bind-utils-9.9.2P2-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.2P2]: bind-libs-32bit-9.9.2P2-0.11.1 References: https://bugzilla.novell.com/815230 https://bugzilla.novell.com/819475 http://download.novell.com/patch/finder/?keywords=a5be795224cc207d16aa7e62e7aaa811 From sle-updates at lists.suse.com Sun Jun 30 10:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Jun 2013 18:04:10 +0200 (CEST) Subject: SUSE-RU-2013:1107-1: Recommended update for sled-release Message-ID: <20130630160410.739F332020@maintenance.suse.de> SUSE Recommended Update: Recommended update for sled-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1107-1 Rating: low References: #820032 Affected Products: SLED 11 HP BNB Preload SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update prohibits the distribution upgrade to SLE11 SP3 for OEMs that are not ready for migration yet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SLED 11 HP BNB Preload SP2: zypper in -t patch slehpbnbp2-sled-release-7796 To bring your system up-to-date, use "zypper patch". Package List: - SLED 11 HP BNB Preload SP2 (i586 x86_64): sled-release-11.2-2.1 References: https://bugzilla.novell.com/820032 http://download.novell.com/patch/finder/?keywords=e0980fec441d672882990ac0245c45bf