From sle-updates at lists.suse.com Mon Nov 4 09:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Nov 2013 17:04:09 +0100 (CET) Subject: SUSE-SU-2013:1625-1: important: Security update for libxml2 Message-ID: <20131104160409.56C88323BF@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1625-1 Rating: important References: #739894 #748561 #764538 #769184 #793334 #805233 #829077 Cross-References: CVE-2011-3102 CVE-2011-3919 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2013-0338 CVE-2013-0339 CVE-2013-2877 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This is a LTSS rollup update for the libxml2 library that fixes various security issues. * CVE-2013-2877: parser.c in libxml2 allowed remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. * CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. * CVE-2012-5134: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. * CVE-2012-2807: Multiple integer overflows in libxml2 on 64-bit Linux platforms allowed remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. * CVE-2011-3102: Off-by-one error in libxml2 allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. * CVE-2012-0841: libxml2 computed hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. * CVE-2011-3919: A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. Security Issue references: * CVE-2013-0338 * CVE-2013-0339 * CVE-2012-5134 * CVE-2012-2807 * CVE-2011-3102 * CVE-2012-0841 * CVE-2011-3919 * CVE-2013-2877 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): libxml2-2.6.23-15.39.1 libxml2-devel-2.6.23-15.39.1 libxml2-python-2.6.23-15.39.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): libxml2-32bit-2.6.23-15.39.1 libxml2-devel-32bit-2.6.23-15.39.1 References: http://support.novell.com/security/cve/CVE-2011-3102.html http://support.novell.com/security/cve/CVE-2011-3919.html http://support.novell.com/security/cve/CVE-2012-0841.html http://support.novell.com/security/cve/CVE-2012-2807.html http://support.novell.com/security/cve/CVE-2012-5134.html http://support.novell.com/security/cve/CVE-2013-0338.html http://support.novell.com/security/cve/CVE-2013-0339.html http://support.novell.com/security/cve/CVE-2013-2877.html https://bugzilla.novell.com/739894 https://bugzilla.novell.com/748561 https://bugzilla.novell.com/764538 https://bugzilla.novell.com/769184 https://bugzilla.novell.com/793334 https://bugzilla.novell.com/805233 https://bugzilla.novell.com/829077 http://download.novell.com/patch/finder/?keywords=a3fdb1e2e30b1877238605841d41d573 From sle-updates at lists.suse.com Mon Nov 4 09:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Nov 2013 17:04:13 +0100 (CET) Subject: SUSE-SU-2013:1626-1: important: Security update for guestfs Message-ID: <20131104160413.C7F3E323BF@maintenance.suse.de> SUSE Security Update: Security update for guestfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1626-1 Rating: important References: #845720 Cross-References: CVE-2013-4419 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A predictable socketname in the guestfish commandline tool could be used by a local attacker to gain access to guestfish sessions of other users on the same system. (CVE-2013-4419) Security Issue reference: * CVE-2013-4419 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-guestfs-data-8465 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-guestfs-data-8465 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): libguestfs-devel-1.20.4-0.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): guestfs-data-1.20.4-0.18.1 guestfs-tools-1.20.4-0.18.1 guestfsd-1.20.4-0.18.1 libguestfs0-1.20.4-0.18.1 References: http://support.novell.com/security/cve/CVE-2013-4419.html https://bugzilla.novell.com/845720 http://download.novell.com/patch/finder/?keywords=a62e0c01924fc90649fc00040b92d6ad From sle-updates at lists.suse.com Mon Nov 4 10:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Nov 2013 18:04:10 +0100 (CET) Subject: SUSE-SU-2013:1627-1: important: Security update for libxml2 Message-ID: <20131104170410.5A2553236B@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1627-1 Rating: important References: #829077 Cross-References: CVE-2011-3102 CVE-2011-3919 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2013-0338 CVE-2013-0339 CVE-2013-2877 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: libxml2 has been updated to fix the following security issue: * CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Security Issue references: * CVE-2013-0338 * CVE-2013-0339 * CVE-2012-5134 * CVE-2012-2807 * CVE-2011-3102 * CVE-2012-0841 * CVE-2011-3919 * CVE-2013-2877 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): libxml2-2.6.23-15.39.1 libxml2-devel-2.6.23-15.39.1 libxml2-python-2.6.23-15.39.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): libxml2-32bit-2.6.23-15.39.1 libxml2-devel-32bit-2.6.23-15.39.1 References: http://support.novell.com/security/cve/CVE-2011-3102.html http://support.novell.com/security/cve/CVE-2011-3919.html http://support.novell.com/security/cve/CVE-2012-0841.html http://support.novell.com/security/cve/CVE-2012-2807.html http://support.novell.com/security/cve/CVE-2012-5134.html http://support.novell.com/security/cve/CVE-2013-0338.html http://support.novell.com/security/cve/CVE-2013-0339.html http://support.novell.com/security/cve/CVE-2013-2877.html https://bugzilla.novell.com/829077 http://download.novell.com/patch/finder/?keywords=aeb05c467f847178dc94b70e3bc77cc8 From sle-updates at lists.suse.com Tue Nov 5 07:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Nov 2013 15:04:10 +0100 (CET) Subject: SUSE-RU-2013:1628-1: Recommended update for s390-tools Message-ID: <20131105140410.143243236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1628-1 Rating: low References: #741071 #769561 #788924 #794577 #795513 #808042 #808256 #815053 Affected Products: SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This collective update for s390-tools provides the following fixes and enhancements: * Updated qeth_configure to not create a udev entry for the layer2 attribute on OSN devices. (bnc#788924) * Fixed chpid issue that caused non-grouping of qeth devices in layer 2 mode. (bnc#794577) * Updated mkinitrd-setup-dasd.sh script to include udev rules for DASD in DIAG mode. (bnc#808256) * Added misc enhancements to zpxe.rexx. * Updated scripts to replace $SYSFS with /sysfs in the one instance where $SYSFS would be null. * Add/change links in /dev/disk/by-id on 'change' and 'add' udev trigger. (bnc#808042) * Updated usage information on configuration scripts. (bnc#769561) * Fixed ctc_configure to not try to bind a CTC or LCS interface to the right driver module if it already is bound to the right one. (bnc#741071) * Merged IBM s390-tools-1.15.0 Maintenance Patches (#13) (bnc#815053) o zfcpdbf: Fix offset and length of fields in trace records. * Merged s390-tools SP2/SP3 patchset #12 (bnc#795513): o ziomon: Follow symlinks to find multipath devices o dbginfo.sh: Improvements on data collection and speed o zfcpdump: Release HSA early if Linux kernel supports it o ziomon: Cope with SCSI disks not part of multipath device o zfcpdbf: Fix decoding of deferred errors. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-osasnmpd-7776 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (s390x): osasnmpd-1.15.0-0.111.117.1 s390-tools-1.15.0-0.111.117.1 References: https://bugzilla.novell.com/741071 https://bugzilla.novell.com/769561 https://bugzilla.novell.com/788924 https://bugzilla.novell.com/794577 https://bugzilla.novell.com/795513 https://bugzilla.novell.com/808042 https://bugzilla.novell.com/808256 https://bugzilla.novell.com/815053 http://download.novell.com/patch/finder/?keywords=23cd35ec29ce7107f53eec6bfd49e6d6 From sle-updates at lists.suse.com Tue Nov 5 10:04:07 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Nov 2013 18:04:07 +0100 (CET) Subject: SUSE-RU-2013:1629-1: Recommended update for glib2 Message-ID: <20131105170408.046853236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1629-1 Rating: low References: #834802 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 fixes GFileMonitor when /etc/mtab is a symbolic link to /proc/mounts. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glib2-8389 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glib2-8389 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glib2-8389 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glib2-8389 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.10.2 libgio-fam-2.22.5-0.8.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glib2-doc-2.22.5-0.8.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): glib2-devel-32bit-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glib2-2.22.5-0.8.10.2 glib2-doc-2.22.5-0.8.10.2 glib2-lang-2.22.5-0.8.10.2 libgio-2_0-0-2.22.5-0.8.10.2 libglib-2_0-0-2.22.5-0.8.10.2 libgmodule-2_0-0-2.22.5-0.8.10.2 libgobject-2_0-0-2.22.5-0.8.10.2 libgthread-2_0-0-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.10.2 libglib-2_0-0-32bit-2.22.5-0.8.10.2 libgmodule-2_0-0-32bit-2.22.5-0.8.10.2 libgobject-2_0-0-32bit-2.22.5-0.8.10.2 libgthread-2_0-0-32bit-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.10.2 glib2-doc-2.22.5-0.8.10.2 glib2-lang-2.22.5-0.8.10.2 libgio-2_0-0-2.22.5-0.8.10.2 libglib-2_0-0-2.22.5-0.8.10.2 libgmodule-2_0-0-2.22.5-0.8.10.2 libgobject-2_0-0-2.22.5-0.8.10.2 libgthread-2_0-0-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.10.2 libglib-2_0-0-32bit-2.22.5-0.8.10.2 libgmodule-2_0-0-32bit-2.22.5-0.8.10.2 libgobject-2_0-0-32bit-2.22.5-0.8.10.2 libgthread-2_0-0-32bit-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgio-2_0-0-x86-2.22.5-0.8.10.2 libglib-2_0-0-x86-2.22.5-0.8.10.2 libgmodule-2_0-0-x86-2.22.5-0.8.10.2 libgobject-2_0-0-x86-2.22.5-0.8.10.2 libgthread-2_0-0-x86-2.22.5-0.8.10.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glib2-2.22.5-0.8.10.2 glib2-devel-2.22.5-0.8.10.2 glib2-lang-2.22.5-0.8.10.2 libgio-2_0-0-2.22.5-0.8.10.2 libgio-fam-2.22.5-0.8.10.2 libglib-2_0-0-2.22.5-0.8.10.2 libgmodule-2_0-0-2.22.5-0.8.10.2 libgobject-2_0-0-2.22.5-0.8.10.2 libgthread-2_0-0-2.22.5-0.8.10.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.10.2 libglib-2_0-0-32bit-2.22.5-0.8.10.2 libgmodule-2_0-0-32bit-2.22.5-0.8.10.2 libgobject-2_0-0-32bit-2.22.5-0.8.10.2 libgthread-2_0-0-32bit-2.22.5-0.8.10.2 References: https://bugzilla.novell.com/834802 http://download.novell.com/patch/finder/?keywords=98163cbf88528379d1b4b2b3ad288572 From sle-updates at lists.suse.com Wed Nov 6 08:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Nov 2013 16:04:09 +0100 (CET) Subject: SUSE-SU-2013:1631-1: important: Security update for vino Message-ID: <20131106150409.DC20E323DD@maintenance.suse.de> SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1631-1 Rating: important References: #843174 Cross-References: CVE-2013-5745 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-vino-8442 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-vino-8442 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-vino-8442 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 References: http://support.novell.com/security/cve/CVE-2013-5745.html https://bugzilla.novell.com/843174 http://download.novell.com/patch/finder/?keywords=82db9ceb786085d56f99202b6e6e6292 From sle-updates at lists.suse.com Wed Nov 6 12:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Nov 2013 20:04:12 +0100 (CET) Subject: SUSE-SU-2013:1631-2: important: Security update for vino Message-ID: <20131106190412.0C8D3323C6@maintenance.suse.de> SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1631-2 Rating: important References: #843174 Cross-References: CVE-2013-5745 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-vino-8443 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vino-8443 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-vino-8443 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 References: http://support.novell.com/security/cve/CVE-2013-5745.html https://bugzilla.novell.com/843174 http://download.novell.com/patch/finder/?keywords=31ea438ae8405031fe087487a9c1dd40 From sle-updates at lists.suse.com Wed Nov 6 14:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Nov 2013 22:04:09 +0100 (CET) Subject: SUSE-RU-2013:1629-2: Recommended update for glib2 Message-ID: <20131106210409.B74DE323C2@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1629-2 Rating: low References: #834802 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 fixes GFileMonitor when /etc/mtab is a symbolic link to /proc/mounts. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-glib2-8388 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-glib2-8388 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-glib2-8388 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-glib2-8388 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-glib2-8388 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): glib2-branding-upstream-2.22.5-0.8.10.2 glib2-devel-2.22.5-0.8.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.10.2 libgio-fam-2.22.5-0.8.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): glib2-doc-2.22.5-0.8.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64): glib2-devel-32bit-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): glib2-2.22.5-0.8.10.2 glib2-doc-2.22.5-0.8.10.2 glib2-lang-2.22.5-0.8.10.2 libgio-2_0-0-2.22.5-0.8.10.2 libglib-2_0-0-2.22.5-0.8.10.2 libgmodule-2_0-0-2.22.5-0.8.10.2 libgobject-2_0-0-2.22.5-0.8.10.2 libgthread-2_0-0-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.10.2 libglib-2_0-0-32bit-2.22.5-0.8.10.2 libgmodule-2_0-0-32bit-2.22.5-0.8.10.2 libgobject-2_0-0-32bit-2.22.5-0.8.10.2 libgthread-2_0-0-32bit-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.10.2 glib2-doc-2.22.5-0.8.10.2 glib2-lang-2.22.5-0.8.10.2 libgio-2_0-0-2.22.5-0.8.10.2 libglib-2_0-0-2.22.5-0.8.10.2 libgmodule-2_0-0-2.22.5-0.8.10.2 libgobject-2_0-0-2.22.5-0.8.10.2 libgthread-2_0-0-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.10.2 libglib-2_0-0-32bit-2.22.5-0.8.10.2 libgmodule-2_0-0-32bit-2.22.5-0.8.10.2 libgobject-2_0-0-32bit-2.22.5-0.8.10.2 libgthread-2_0-0-32bit-2.22.5-0.8.10.2 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgio-2_0-0-x86-2.22.5-0.8.10.2 libglib-2_0-0-x86-2.22.5-0.8.10.2 libgmodule-2_0-0-x86-2.22.5-0.8.10.2 libgobject-2_0-0-x86-2.22.5-0.8.10.2 libgthread-2_0-0-x86-2.22.5-0.8.10.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): glib2-2.22.5-0.8.10.2 glib2-devel-2.22.5-0.8.10.2 glib2-lang-2.22.5-0.8.10.2 libgio-2_0-0-2.22.5-0.8.10.2 libgio-fam-2.22.5-0.8.10.2 libglib-2_0-0-2.22.5-0.8.10.2 libgmodule-2_0-0-2.22.5-0.8.10.2 libgobject-2_0-0-2.22.5-0.8.10.2 libgthread-2_0-0-2.22.5-0.8.10.2 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.10.2 libglib-2_0-0-32bit-2.22.5-0.8.10.2 libgmodule-2_0-0-32bit-2.22.5-0.8.10.2 libgobject-2_0-0-32bit-2.22.5-0.8.10.2 libgthread-2_0-0-32bit-2.22.5-0.8.10.2 References: https://bugzilla.novell.com/834802 http://download.novell.com/patch/finder/?keywords=47595053effe3c06feacabd100632da9 From sle-updates at lists.suse.com Wed Nov 6 15:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Nov 2013 23:04:09 +0100 (CET) Subject: SUSE-SU-2013:1632-1: Security update for fastjar Message-ID: <20131106220409.DC682323E0@maintenance.suse.de> SUSE Security Update: Security update for fastjar ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1632-1 Rating: low References: #607043 Cross-References: CVE-2010-0831 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This fastjar update fixes a directory traversal issue (bnc#607043). Security Issue reference: * CVE-2010-0831 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-fastjar-8377 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-fastjar-8376 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-fastjar-8377 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-fastjar-8377 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-fastjar-8376 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-fastjar-8376 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): fastjar-0.95-1.24.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): fastjar-0.95-1.24.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): fastjar-0.95-1.24.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): fastjar-0.95-1.24.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): fastjar-0.95-1.24.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): fastjar-0.95-1.24.1 References: http://support.novell.com/security/cve/CVE-2010-0831.html https://bugzilla.novell.com/607043 http://download.novell.com/patch/finder/?keywords=0868ad0c8c13a55d818cd8ab0d3d2382 http://download.novell.com/patch/finder/?keywords=4d39374510677d7ccbd1e19c08d01080 From sle-updates at lists.suse.com Thu Nov 7 09:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Nov 2013 17:04:13 +0100 (CET) Subject: SUSE-SU-2013:1638-1: moderate: Security update for libtiff Message-ID: <20131107160413.68757323C6@maintenance.suse.de> SUSE Security Update: Security update for libtiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1638-1 Rating: moderate References: #834477 #834779 #834788 Cross-References: CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 * CVE-2013-4231 * CVE-2013-4243 * CVE-2013-4244 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libtiff-devel-8385 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libtiff-devel-8384 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libtiff-devel-8385 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libtiff-devel-8385 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libtiff-devel-8384 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libtiff-devel-8384 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libtiff-devel-8385 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libtiff-devel-8384 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.154.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.154.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libtiff3-3.8.2-141.154.1 tiff-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libtiff3-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.154.1 tiff-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libtiff3-x86-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libtiff3-3.8.2-141.154.1 tiff-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libtiff3-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.154.1 tiff-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libtiff3-x86-3.8.2-141.154.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): libtiff-3.8.2-5.36.1 libtiff-devel-3.8.2-5.36.1 tiff-3.8.2-5.36.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): libtiff-32bit-3.8.2-5.36.1 libtiff-devel-32bit-3.8.2-5.36.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libtiff3-3.8.2-141.154.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libtiff3-32bit-3.8.2-141.154.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libtiff3-3.8.2-141.154.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libtiff3-32bit-3.8.2-141.154.1 References: http://support.novell.com/security/cve/CVE-2013-4231.html http://support.novell.com/security/cve/CVE-2013-4232.html http://support.novell.com/security/cve/CVE-2013-4243.html http://support.novell.com/security/cve/CVE-2013-4244.html https://bugzilla.novell.com/834477 https://bugzilla.novell.com/834779 https://bugzilla.novell.com/834788 http://download.novell.com/patch/finder/?keywords=0f07933002ee5f5488648cf27c5bb141 http://download.novell.com/patch/finder/?keywords=296928af5c452f84a0d8aae7f0c00bd8 http://download.novell.com/patch/finder/?keywords=6d61bd74613806d9e44415829e36a364 From sle-updates at lists.suse.com Thu Nov 7 09:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Nov 2013 17:04:17 +0100 (CET) Subject: SUSE-SU-2013:1639-1: moderate: Security update for libtiff Message-ID: <20131107160417.61110323C6@maintenance.suse.de> SUSE Security Update: Security update for libtiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1639-1 Rating: moderate References: #753362 #767852 #767854 #770816 #781995 #787892 #788741 #791607 #817573 #818117 #834477 #834779 #834788 Cross-References: CVE-2012-1173 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401 CVE-2012-4447 CVE-2012-4564 CVE-2012-5581 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This tiff LTSS roll up update fixes several security issues. * CVE-2013-4232 CVE-2013-4231: buffer overflows/use after free problem * CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor * CVE-2013-1961: Stack-based buffer overflow with malformed image-length and resolution * CVE-2013-1960: Heap-based buffer overflow in t2_process_jpeg_strip() * CVE-2012-4447: Heap-buffer overflow when processing a TIFF image with PixarLog Compression * CVE-2012-4564: Added a ppm2tiff missing return value check * CVE-2012-5581: Fixed Stack based buffer overflow when handling DOTRANGE tags * CVE-2012-3401: Fixed Heap-based buffer overflow due to improper initialization of T2P context struct pointer * CVE-2012-2113: integer overflow leading to heap-based buffer overflow when parsing crafted tiff files * Another heap-based memory corruption in the tiffp2s commandline tool has been fixed [bnc#788741] * CVE-2012-2088: A type conversion flaw in libtiff has been fixed. * CVE-2012-1173: A heap based buffer overflow in TIFFReadRGBAImageOriented was fixed. Security Issue references: * CVE-2012-1173 * CVE-2012-2088 * CVE-2012-2113 * CVE-2012-3401 * CVE-2012-4447 * CVE-2012-4564 * CVE-2012-5581 * CVE-2013-1960 * CVE-2013-1961 * CVE-2013-4231 * CVE-2013-4232 * CVE-2013-4243 * CVE-2013-4244 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): libtiff-3.8.2-5.36.1 libtiff-devel-3.8.2-5.36.1 tiff-3.8.2-5.36.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): libtiff-32bit-3.8.2-5.36.1 libtiff-devel-32bit-3.8.2-5.36.1 References: http://support.novell.com/security/cve/CVE-2012-1173.html http://support.novell.com/security/cve/CVE-2012-2088.html http://support.novell.com/security/cve/CVE-2012-2113.html http://support.novell.com/security/cve/CVE-2012-3401.html http://support.novell.com/security/cve/CVE-2012-4447.html http://support.novell.com/security/cve/CVE-2012-4564.html http://support.novell.com/security/cve/CVE-2012-5581.html http://support.novell.com/security/cve/CVE-2013-1960.html http://support.novell.com/security/cve/CVE-2013-1961.html http://support.novell.com/security/cve/CVE-2013-4231.html http://support.novell.com/security/cve/CVE-2013-4232.html http://support.novell.com/security/cve/CVE-2013-4243.html http://support.novell.com/security/cve/CVE-2013-4244.html https://bugzilla.novell.com/753362 https://bugzilla.novell.com/767852 https://bugzilla.novell.com/767854 https://bugzilla.novell.com/770816 https://bugzilla.novell.com/781995 https://bugzilla.novell.com/787892 https://bugzilla.novell.com/788741 https://bugzilla.novell.com/791607 https://bugzilla.novell.com/817573 https://bugzilla.novell.com/818117 https://bugzilla.novell.com/834477 https://bugzilla.novell.com/834779 https://bugzilla.novell.com/834788 http://download.novell.com/patch/finder/?keywords=db898b28994a0ce2b1deaf3ee47ec36c From sle-updates at lists.suse.com Thu Nov 7 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Nov 2013 23:04:10 +0100 (CET) Subject: SUSE-RU-2013:1640-1: Recommended update for net-snmp Message-ID: <20131107220410.752DF32255@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1640-1 Rating: low References: #822368 #828081 #833153 #833191 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This collective update for net-snmp provides the following fixes: * Fix a race condition in hrSWRunTable when processes exit in the middle of processing. (bnc#822368) * Fix hrSWRunPath of swapped-out processes. (bnc#822368) * Fix MIB representation of timeout values. (bnc#833153) * Fix infinite loop when SIGTERM arrives in the middle of internal query processing. (bnc#833191) * Merge some upstream fixes for memory leaks. (bnc#833191) * If the daemon is still running 10 seconds after SIGTERM, force the stop with SIGKILL. (bnc#828081) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libsnmp15-8391 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libsnmp15-8390 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libsnmp15-8391 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libsnmp15-8391 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libsnmp15-8390 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libsnmp15-8390 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libsnmp15-8391 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libsnmp15-8390 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libsnmp15-5.4.2.1-8.12.18.1 net-snmp-5.4.2.1-8.12.18.1 perl-SNMP-5.4.2.1-8.12.18.1 snmp-mibs-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.18.1 net-snmp-5.4.2.1-8.12.18.1 perl-SNMP-5.4.2.1-8.12.18.1 snmp-mibs-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsnmp15-x86-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libsnmp15-5.4.2.1-8.12.18.1 net-snmp-5.4.2.1-8.12.18.1 perl-SNMP-5.4.2.1-8.12.18.1 snmp-mibs-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.18.1 net-snmp-5.4.2.1-8.12.18.1 perl-SNMP-5.4.2.1-8.12.18.1 snmp-mibs-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsnmp15-x86-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libsnmp15-5.4.2.1-8.12.18.1 net-snmp-5.4.2.1-8.12.18.1 perl-SNMP-5.4.2.1-8.12.18.1 snmp-mibs-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libsnmp15-5.4.2.1-8.12.18.1 net-snmp-5.4.2.1-8.12.18.1 perl-SNMP-5.4.2.1-8.12.18.1 snmp-mibs-5.4.2.1-8.12.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.18.1 References: https://bugzilla.novell.com/822368 https://bugzilla.novell.com/828081 https://bugzilla.novell.com/833153 https://bugzilla.novell.com/833191 http://download.novell.com/patch/finder/?keywords=05947a914d07d7292bca22c76817a364 http://download.novell.com/patch/finder/?keywords=e728b678aff873f77ea83e9534ff5820 From sle-updates at lists.suse.com Fri Nov 8 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Nov 2013 21:04:10 +0100 (CET) Subject: SUSE-RU-2013:1565-2: moderate: Recommended update for createrepo Message-ID: <20131108200410.6D888323DC@maintenance.suse.de> SUSE Recommended Update: Recommended update for createrepo ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1565-2 Rating: moderate References: #839169 Affected Products: Subscription Management Tool 11 SP2 SUSE Studio Onsite 1.3 SUSE Manager 1.7 for SLE 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Lifecycle Management Server 1.3 SUSE Cloud 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for createrepo fixes the unique names option and adds it also to modifyrepo. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool 11 SP2: zypper in -t patch slesmtsp0-createrepo-8365 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-createrepo-8365 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-createrepo-8365 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-createrepo-8365 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-createrepo-8365 - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-createrepo-8365 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool 11 SP2 (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Studio Onsite 1.3 (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Manager 1.7 for SLE 11 SP2 (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Lifecycle Management Server 1.3 (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Cloud 1.0 (noarch): createrepo-0.9.9-0.27.27.1 References: https://bugzilla.novell.com/839169 http://download.novell.com/patch/finder/?keywords=8740beb6f6f56de65e53fdf0d186f4c0 From sle-updates at lists.suse.com Fri Nov 8 16:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Nov 2013 00:04:10 +0100 (CET) Subject: SUSE-SU-2013:1641-1: moderate: Security update for libvirt Message-ID: <20131108230410.23F0C323D9@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1641-1 Rating: moderate References: #817008 #838638 Cross-References: CVE-2013-4296 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This libvirt update fixes a security issue. * bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix crash in remoteDispatchDomainMemoryStats * bnc#817008: Regression: vm-install fails to display on SLES 11 SP2 UV2000 Security Issue reference: * CVE-2013-4296 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libvirt-8348 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libvirt-8348 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libvirt-8348 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-0.9.6-0.29.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libvirt-devel-32bit-0.9.6-0.29.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libvirt-0.9.6-0.29.1 libvirt-client-0.9.6-0.29.1 libvirt-doc-0.9.6-0.29.1 libvirt-python-0.9.6-0.29.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libvirt-client-32bit-0.9.6-0.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libvirt-0.9.6-0.29.1 libvirt-client-0.9.6-0.29.1 libvirt-doc-0.9.6-0.29.1 libvirt-python-0.9.6-0.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libvirt-client-32bit-0.9.6-0.29.1 References: http://support.novell.com/security/cve/CVE-2013-4296.html https://bugzilla.novell.com/817008 https://bugzilla.novell.com/838638 http://download.novell.com/patch/finder/?keywords=11804d9ffe6f244a8a3ae7b0c74f0150 From sle-updates at lists.suse.com Fri Nov 8 16:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Nov 2013 00:04:14 +0100 (CET) Subject: SUSE-SU-2013:1642-1: moderate: Security update for libvirt Message-ID: <20131108230414.A3C05323D9@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1642-1 Rating: moderate References: #836931 #837329 #837530 #837999 #838638 Cross-References: CVE-2013-4296 CVE-2013-5651 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. It includes one version update. Description: libvirt has been updated to the 1.0.5.6 stable release that fixes bugs and security issues: * CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats * CVE-2013-5651: virBitmapParse out-of-bounds read access Libvirt on SLES 11 SP3 is not affected: * CVE-2013-4311: Add support for using 3-arg pkcheck syntax for process () * CVE-2013-4291: security: provide supplemental groups even when parsing label () Changes in this version: * virsh: fix change-media bug on disk block type * Include process start time when doing polkit checks * qemuDomainChangeGraphics: Check listen address change by listen type * python: return dictionary without value in case of no blockjob * virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array Also the following bug has been fixed: * Fix retrieval of SRIOV VF info, which prevented using some SRIOV virtual functions in guest domains with "" (bnc#837329) Security Issue references: * CVE-2013-4296 * CVE-2013-5651 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libvirt-8421 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libvirt-8421 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libvirt-8421 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.6]: libvirt-devel-1.0.5.6-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.6]: libvirt-devel-32bit-1.0.5.6-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.6]: libvirt-1.0.5.6-0.7.1 libvirt-client-1.0.5.6-0.7.1 libvirt-doc-1.0.5.6-0.7.1 libvirt-lock-sanlock-1.0.5.6-0.7.1 libvirt-python-1.0.5.6-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 1.0.5.6]: libvirt-client-32bit-1.0.5.6-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.6]: libvirt-1.0.5.6-0.7.1 libvirt-client-1.0.5.6-0.7.1 libvirt-doc-1.0.5.6-0.7.1 libvirt-python-1.0.5.6-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.6]: libvirt-client-32bit-1.0.5.6-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4296.html http://support.novell.com/security/cve/CVE-2013-5651.html https://bugzilla.novell.com/836931 https://bugzilla.novell.com/837329 https://bugzilla.novell.com/837530 https://bugzilla.novell.com/837999 https://bugzilla.novell.com/838638 http://download.novell.com/patch/finder/?keywords=f802eb61fc52dbf7597c346fbf0076f3 From sle-updates at lists.suse.com Fri Nov 8 16:04:18 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Nov 2013 00:04:18 +0100 (CET) Subject: SUSE-SU-2013:1643-1: moderate: Security update for subversion Message-ID: <20131108230418.AB8CF323D9@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1643-1 Rating: moderate References: #834014 #836245 #841205 Cross-References: CVE-2013-4277 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This subversion update fixes a symlink attack against a pid file. * CVE-2013-4277: Svnserve in Apache Subversion allowed local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Also the following two bugs have been fixed: * bnc#841205: SVNListParentPath feature doesn't work when svn authz is used * bnc#834014: subversion ignored the http-proxy-exception setting Security Issue reference: * CVE-2013-4277 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-8432 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-8433 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-subversion-8432 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.21.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.21.3 subversion-devel-1.6.17-1.21.3 subversion-perl-1.6.17-1.21.3 subversion-python-1.6.17-1.21.3 subversion-server-1.6.17-1.21.3 subversion-tools-1.6.17-1.21.3 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.21.3 subversion-devel-1.6.17-1.21.3 subversion-perl-1.6.17-1.21.3 subversion-python-1.6.17-1.21.3 subversion-server-1.6.17-1.21.3 subversion-tools-1.6.17-1.21.3 References: http://support.novell.com/security/cve/CVE-2013-4277.html https://bugzilla.novell.com/834014 https://bugzilla.novell.com/836245 https://bugzilla.novell.com/841205 http://download.novell.com/patch/finder/?keywords=35448254fece4dd2466305bab7ac53fb http://download.novell.com/patch/finder/?keywords=8cd54bc6a2f3b2e4830865c25819b0bd From sle-updates at lists.suse.com Mon Nov 11 12:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Nov 2013 20:04:12 +0100 (CET) Subject: SUSE-SU-2013:1654-1: moderate: Security update for libxslt Message-ID: <20131111190412.17E1227FA9@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1654-1 Rating: moderate References: #746039 #769182 #811686 #849019 Cross-References: CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: libxslt receives hereby a LTSS roll-up security update to fix several security issues: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) * CVE-2012-6139: libxslt allowed remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. * CVE-2012-2825: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. * CVE-2011-3970: libxslt allowed remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Security Issue references: * CVE-2012-6139 * CVE-2012-2825 * CVE-2011-3970 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): libxslt-1.1.15-15.22.1 libxslt-devel-1.1.15-15.22.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): libxslt-32bit-1.1.15-15.22.1 libxslt-devel-32bit-1.1.15-15.22.1 References: http://support.novell.com/security/cve/CVE-2011-3970.html http://support.novell.com/security/cve/CVE-2012-2825.html http://support.novell.com/security/cve/CVE-2012-6139.html https://bugzilla.novell.com/746039 https://bugzilla.novell.com/769182 https://bugzilla.novell.com/811686 https://bugzilla.novell.com/849019 http://download.novell.com/patch/finder/?keywords=8f27549488997eeff15597ab0b7a9c1a From sle-updates at lists.suse.com Mon Nov 11 13:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Nov 2013 21:04:11 +0100 (CET) Subject: SUSE-SU-2013:1655-1: moderate: Security update for CUPS Message-ID: <20131111200411.095AE323DB@maintenance.suse.de> SUSE Security Update: Security update for CUPS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1655-1 Rating: moderate References: #789566 #827109 Cross-References: CVE-2012-5519 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The following security issue has been fixed in the CUPS print daemon CVE-2012-5519: The patch adds better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes The new ConfigurationChangeRestriction cupsd.conf directive specifies the level of restriction for cupsd.conf changes that happen via HTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or via the cupsctl command). By default certain cupsd.conf directives that deal with filenames, paths, and users can no longer be changed via requests to the running cupsd but only by manual editing the cupsd.conf file and its default file permissions permit only root to write the cupsd.conf file. Those directives are: ConfigurationChangeRestriction, AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin, ServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup, SystemGroupAuthKey, TempDir, User. The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to 'root' only. Additionally the following bug has been fixed: * strip trailing "@REALM" from username for Kerberos authentication (CUPS STR#3972 bnc#827109) Security Issue reference: * CVE-2012-5519 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cups-8437 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cups-8436 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cups-8437 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cups-8437 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cups-8436 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cups-8436 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cups-8437 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cups-8436 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): cups-devel-1.3.9-8.46.48.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): cups-devel-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cups-1.3.9-8.46.48.1 cups-client-1.3.9-8.46.48.1 cups-libs-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): cups-libs-32bit-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): cups-1.3.9-8.46.48.1 cups-client-1.3.9-8.46.48.1 cups-libs-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): cups-libs-x86-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): cups-1.3.9-8.46.48.1 cups-client-1.3.9-8.46.48.1 cups-libs-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): cups-libs-32bit-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): cups-1.3.9-8.46.48.1 cups-client-1.3.9-8.46.48.1 cups-libs-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.48.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): cups-libs-x86-1.3.9-8.46.48.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cups-1.3.9-8.46.48.1 cups-client-1.3.9-8.46.48.1 cups-libs-1.3.9-8.46.48.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): cups-libs-32bit-1.3.9-8.46.48.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): cups-1.3.9-8.46.48.1 cups-client-1.3.9-8.46.48.1 cups-libs-1.3.9-8.46.48.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): cups-libs-32bit-1.3.9-8.46.48.1 References: http://support.novell.com/security/cve/CVE-2012-5519.html https://bugzilla.novell.com/789566 https://bugzilla.novell.com/827109 http://download.novell.com/patch/finder/?keywords=ae557655624eb7bbf51bc0b9f9564386 http://download.novell.com/patch/finder/?keywords=c56a76c53ed2bd5acd30c1dc8beab6f6 From sle-updates at lists.suse.com Mon Nov 11 18:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Nov 2013 02:04:14 +0100 (CET) Subject: SUSE-SU-2013:1656-1: moderate: Security update for libxslt Message-ID: <20131112010414.7494027FA9@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1656-1 Rating: moderate References: #849019 Cross-References: CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 * CVE-2012-2825 * CVE-2011-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libxslt-8501 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libxslt-8500 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libxslt-8501 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libxslt-8501 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libxslt-8500 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libxslt-8500 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libxslt-8501 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libxslt-8500 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libxslt-devel-1.1.24-19.23.1 libxslt-python-1.1.24-19.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libxslt-devel-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxslt-devel-1.1.24-19.23.1 libxslt-python-1.1.24-19.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxslt-devel-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libxslt-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libxslt-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libxslt-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libxslt-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libxslt-x86-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libxslt-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libxslt-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxslt-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxslt-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxslt-x86-1.1.24-19.23.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): libxslt-1.1.15-15.22.1 libxslt-devel-1.1.15-15.22.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): libxslt-32bit-1.1.15-15.22.1 libxslt-devel-32bit-1.1.15-15.22.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libxslt-1.1.24-19.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libxslt-32bit-1.1.24-19.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxslt-1.1.24-19.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxslt-32bit-1.1.24-19.23.1 References: http://support.novell.com/security/cve/CVE-2011-3970.html http://support.novell.com/security/cve/CVE-2012-2825.html http://support.novell.com/security/cve/CVE-2012-6139.html https://bugzilla.novell.com/849019 http://download.novell.com/patch/finder/?keywords=4e6a2ff81c440983e4a78087fc7ea548 http://download.novell.com/patch/finder/?keywords=7132ba716239183cce846e5ad29bc072 http://download.novell.com/patch/finder/?keywords=7e8e3a6c8eb757836ba76ffb62d6f228 From sle-updates at lists.suse.com Tue Nov 12 11:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Nov 2013 19:04:12 +0100 (CET) Subject: SUSE-SU-2013:1659-1: moderate: Security update for ruby19 Message-ID: <20131112180412.0BCA7323CB@maintenance.suse.de> SUSE Security Update: Security update for ruby19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1659-1 Rating: moderate References: #837457 #843686 Cross-References: CVE-2013-2065 CVE-2013-4287 CVE-2013-4363 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: ruby19 has been updated to fix two security issues: * CVE-2013-2065: Object tainting was able to be bypassed in the DL and Fiddle modules. * CVE-2013-4287 CVE-2013-4363: An algorithmic complexity vulnerability within regular expression version checks has been fixed. Security Issue references: * CVE-2013-2065 * CVE-2013-4287 * CVE-2013-4363 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-8459 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]: ruby19-1.9.3.p392-0.13.1 ruby19-devel-1.9.3.p392-0.13.1 ruby19-devel-extra-1.9.3.p392-0.13.1 References: http://support.novell.com/security/cve/CVE-2013-2065.html http://support.novell.com/security/cve/CVE-2013-4287.html http://support.novell.com/security/cve/CVE-2013-4363.html https://bugzilla.novell.com/837457 https://bugzilla.novell.com/843686 http://download.novell.com/patch/finder/?keywords=6292f0ada7ba6c2a2118037992be516a From sle-updates at lists.suse.com Tue Nov 12 11:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Nov 2013 19:04:16 +0100 (CET) Subject: SUSE-SU-2013:1660-1: important: Security update for jakarta-commons-fileupload Message-ID: <20131112180416.1387F323CB@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1660-1 Rating: important References: #846174 Cross-References: CVE-2013-2186 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: jakarta-commons-fileupload received a security fix: * A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker could able to supply a serialized instance of the DiskFileItem class, which would be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process. (CVE-2013-2186) Security Issue reference: * CVE-2013-2186 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-jakarta-commons-fileupload-8446 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-jakarta-commons-fileupload-8446 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-jakarta-commons-fileupload-8445 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-jakarta-commons-fileupload-8445 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): jakarta-commons-fileupload-1.1.1-1.35.1 jakarta-commons-fileupload-javadoc-1.1.1-1.35.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): jakarta-commons-fileupload-1.1.1-1.35.1 jakarta-commons-fileupload-javadoc-1.1.1-1.35.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): jakarta-commons-fileupload-1.1.1-1.35.1 jakarta-commons-fileupload-javadoc-1.1.1-1.35.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): jakarta-commons-fileupload-1.1.1-1.35.1 jakarta-commons-fileupload-javadoc-1.1.1-1.35.1 References: http://support.novell.com/security/cve/CVE-2013-2186.html https://bugzilla.novell.com/846174 http://download.novell.com/patch/finder/?keywords=4e850046eae7d47e6c4921a6249812b8 http://download.novell.com/patch/finder/?keywords=56b6ca4a38407b07a824c188acd7263e From sle-updates at lists.suse.com Tue Nov 12 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Nov 2013 23:04:10 +0100 (CET) Subject: SUSE-SU-2013:1661-1: critical: Security update for spacewalk-java Message-ID: <20131112220410.3A921323D2@maintenance.suse.de> SUSE Security Update: Security update for spacewalk-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1661-1 Rating: critical References: #848639 Cross-References: CVE-2013-4480 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes an admin user dialog problem in spacewalk. The "add new admin user" functionality didn't get disabled after it was used. So after install/adding the first admin user anyone could have added additional admin users. Security Issue reference: * CVE-2013-4480 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-spacewalk-java-8506 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.28]: spacewalk-java-1.7.54.28-0.9.1 spacewalk-java-config-1.7.54.28-0.9.1 spacewalk-java-lib-1.7.54.28-0.9.1 spacewalk-java-oracle-1.7.54.28-0.9.1 spacewalk-java-postgresql-1.7.54.28-0.9.1 spacewalk-taskomatic-1.7.54.28-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-4480.html https://bugzilla.novell.com/848639 http://download.novell.com/patch/finder/?keywords=aa559fbaae468d78dbd943db5b17eeea From sle-updates at lists.suse.com Tue Nov 12 16:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Nov 2013 00:04:10 +0100 (CET) Subject: SUSE-RU-2013:1662-1: moderate: Recommended update for ceph and openvswitch Message-ID: <20131112230410.302AF323C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph and openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1662-1 Rating: moderate References: #839838 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph and openvswitch provides kernel modules signed for Secure Boot environments. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-ceph-openvswitch-201309-8374 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): ceph-kmp-default-0.56.6_3.0.93_0.8-0.18.1 ceph-kmp-xen-0.56.6_3.0.93_0.8-0.18.1 openvswitch-1.10.0-0.15.2 openvswitch-kmp-default-1.10.0_3.0.93_0.8-0.15.2 openvswitch-kmp-trace-1.10.0_3.0.93_0.8-0.15.2 openvswitch-kmp-xen-1.10.0_3.0.93_0.8-0.15.2 openvswitch-switch-1.10.0-0.15.2 References: https://bugzilla.novell.com/839838 http://download.novell.com/patch/finder/?keywords=12343e941c359114d28c0cc31431d0e8 From sle-updates at lists.suse.com Wed Nov 13 07:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Nov 2013 15:04:11 +0100 (CET) Subject: SUSE-SU-2013:1665-1: moderate: Security update for python-django Message-ID: <20131113140411.547FF32400@maintenance.suse.de> SUSE Security Update: Security update for python-django ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1665-1 Rating: moderate References: #840832 Cross-References: CVE-2013-1443 Affected Products: SUSE Cloud 2.0 SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This python-django version update fixes a denial-of-service issue via large passwords. * python-django: update to newer version (bnc#840832, CVE-2013-1443) Security Issue reference: * CVE-2013-1443 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-django-8368 - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-django-8367 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 1.4.8]: python-django-1.4.8-0.8.1 - SUSE Cloud 1.0 (x86_64) [New Version: 1.4.8]: python-django-1.4.8-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1443.html https://bugzilla.novell.com/840832 http://download.novell.com/patch/finder/?keywords=1e951c87f46a2aece695d73dcb49d5a5 http://download.novell.com/patch/finder/?keywords=e4e4919a009fe6caa440127239209006 From sle-updates at lists.suse.com Wed Nov 13 07:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Nov 2013 15:04:15 +0100 (CET) Subject: SUSE-SU-2013:1666-1: important: Security update for OpenJDK 7 Message-ID: <20131113140415.808E5280A8@maintenance.suse.de> SUSE Security Update: Security update for OpenJDK 7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1666-1 Rating: important References: #846999 Cross-References: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 30 vulnerabilities is now available. Description: This release updates our OpenJDK 7 support in the 2.4.x series with a number of security fixes and synchronises it with upstream development. The security issues fixed (a long list) can be found in the following link: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O ctober/025087.html Security Issue references: * CVE-2013-3829 * CVE-2013-5780 * CVE-2013-5772 * CVE-2013-5814 * CVE-2013-5790 * CVE-2013-5849 * CVE-2013-5802 * CVE-2013-5851 * CVE-2013-5809 * CVE-2013-5817 * CVE-2013-5783 * CVE-2013-5782 * CVE-2013-5778 * CVE-2013-5803 * CVE-2013-5840 * CVE-2013-5825 * CVE-2013-5842 * CVE-2013-5774 * CVE-2013-5804 * CVE-2013-5797 * CVE-2013-5850 * CVE-2013-5829 * CVE-2013-5830 * CVE-2013-4002 * CVE-2013-5784 * CVE-2013-5820 * CVE-2013-5805 * CVE-2013-5806 * CVE-2013-5823 * CVE-2013-5800 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-8494 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-0.21.1 java-1_7_0-openjdk-demo-1.7.0.6-0.21.1 java-1_7_0-openjdk-devel-1.7.0.6-0.21.1 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4002.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5800.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5805.html http://support.novell.com/security/cve/CVE-2013-5806.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html https://bugzilla.novell.com/846999 http://download.novell.com/patch/finder/?keywords=41b2667e06be42c5dcb1c022821e91ef From sle-updates at lists.suse.com Wed Nov 13 07:04:19 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Nov 2013 15:04:19 +0100 (CET) Subject: SUSE-SU-2013:1667-1: important: Security update for apache2-mod_fcgid Message-ID: <20131113140419.3A166280A8@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_fcgid ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1667-1 Rating: important References: #844935 Cross-References: CVE-2013-4365 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Cloud 2.0 SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap overflow in the apache2-mod_fcgid module has been fixed that could have been used by remote attackers to crash the server instance. (CVE-2013-4365) Security Issue reference: * CVE-2013-4365 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_fcgid-8507 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_fcgid-8513 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-apache2-mod_fcgid-8507 - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-apache2-mod_fcgid-8513 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_fcgid-2.2-31.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_fcgid-2.2-31.27.1 - SUSE Cloud 2.0 (x86_64): apache2-mod_fcgid-2.2-31.27.1 - SUSE Cloud 1.0 (x86_64): apache2-mod_fcgid-2.2-31.27.1 References: http://support.novell.com/security/cve/CVE-2013-4365.html https://bugzilla.novell.com/844935 http://download.novell.com/patch/finder/?keywords=2ea6e5e979750c5c03ff3b89d8cd4069 http://download.novell.com/patch/finder/?keywords=87bbba52e23e65f50c0e0337fbfc2e0a From sle-updates at lists.suse.com Thu Nov 14 05:13:47 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Nov 2013 13:13:47 +0100 (CET) Subject: SUSE-SU-2013:1668-1: moderate: Security update for nfs-utils Message-ID: <20131114121347.9BEB73213F@maintenance.suse.de> SUSE Security Update: Security update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1668-1 Rating: moderate References: #628887 #661493 #716463 #806840 #813464 Cross-References: CVE-2013-1923 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: nfs-utils receives hereby a LTSS roll-up security and bugfix update. * CVE-2013-1923: Allow DNS lookups to be avoided when determining kerberos identity of server. The NFS_GSSD_AVOID_DNS sysconfig variable must to be set for this to take full effect as some installations could be negatively affected by this change More bugs have been fixed: * Fixed bugs with the info provided by "showmount -e" not being updated correctly. (bnc#661493) * nfsserver.init: Fix initialization of /var/lib/nfs/state and run sm-notify at start up time when necessary (bnc#628887) * Increase number of supported krb5 mounts from 32 to 256. (bnc#716463) * Avoid crash if krb5_init_context fails (bnc#806840) Security Issue reference: * CVE-2013-1923 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): nfs-utils-1.0.7-36.39.42.1 References: http://support.novell.com/security/cve/CVE-2013-1923.html https://bugzilla.novell.com/628887 https://bugzilla.novell.com/661493 https://bugzilla.novell.com/716463 https://bugzilla.novell.com/806840 https://bugzilla.novell.com/813464 http://download.novell.com/patch/finder/?keywords=d09650071376a0484c040c98456e0ff5 From sle-updates at lists.suse.com Thu Nov 14 08:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Nov 2013 16:04:12 +0100 (CET) Subject: SUSE-SU-2013:1669-1: important: Security update for IBM Java 5 Message-ID: <20131114150412.D57E532148@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1669-1 Rating: important References: #849212 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 5 SR16-FP4 has been released which fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ The following CVEs are fixed: CVE-2013-4041,CVE-2013-5375,CVE-2013-5372,CVE-2013-5843,CVE- 2013-5830,CVE-2013-5829,CVE-2013-5842,CVE-2013-5782,CVE-2013 -5817,CVE-2013-5809,CVE-2013-5814,CVE-2013-5802,CVE-2013-580 4,CVE-2013-5783,CVE-2013-3829,CVE-2013-4002,CVE-2013-5774,CV E-2013-5825,CVE-2013-5840,CVE-2013-5801,CVE-2013-5778,CVE-20 13-5849,CVE-2013-5790,CVE-2013-5780,CVE-2013-5797,CVE-2013-5 803 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.4-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.4-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.4-0.5.1 References: https://bugzilla.novell.com/849212 http://download.novell.com/patch/finder/?keywords=5081cdae28bd8b3832e528c33135eb2a http://download.novell.com/patch/finder/?keywords=72ed1fe5b55bbe85bd66cb799815e617 From sle-updates at lists.suse.com Thu Nov 14 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Nov 2013 17:04:10 +0100 (CET) Subject: SUSE-RU-2013:1672-1: Recommended update for cluster-glue, corosync, crmsh, ldirectord, libdlm, openais, pacemaker, resource-agents and sbd Message-ID: <20131114160410.DFA9B32149@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue, corosync, crmsh, ldirectord, libdlm, openais, pacemaker, resource-agents and sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1672-1 Rating: low References: #815447 #816511 #821580 #822229 #822233 #823087 #823095 #824097 #825517 #825536 #825544 #825765 #827927 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. It includes two new package versions. Description: This collective update fixes the following issues for the respective packages: sbd (update to version 1.2.0): * sbd-pacemaker: handle transient failures of the CIB update processing * sbd-pacemaker: log two more cases where pacemaker state could become unhealthy. cluster-glue: * stonith: external/vcenter: do not list vms in status (bnc#825765) * hb_report: add "sudo" to package requirements (bnc#823087) * stonith: fix memory leak in external.c (bnc#822229). corosync (update to version 1.4.6): * add minor bug fixes to several sub-systems. openais: * init script: provide "force-start" action to support sbd cleanup after a fence (bnc#825544). resource-agents: * apache: remove unnecessary and imperfect checks from validate_all (bnc#827927) * mysql: test properly for failed process start (bnc#823095) * mysql: really use log setting (bnc#823095) * named: Attempt to autogen /etc/rndc.key using rndc-confgen tool * oracle/oralsnr: explicitly require bash (bnc#825517) * pgsql: set only one node into sync mode when using 3 nodes or higher * drbd: remove deprecated drbd agent * minor bug fixes to agents: VirtualDomain, nfsserver, ethmonitor, iSCSITarget, LVM. crmsh: * userprefs: fix regression in color scheme pacemaker: * crmd: Prevent messages for remote crmd clients from being relayed to wrong daemons * PE: Delete the old resource state on every node whenever the resource type is changed (bnc#822233) * crmd: Ensure operations for cleaned up resources don't block recovery (bnc#825536) * xml: Purge diff markers even if there's no digest (bnc#824097) * PE: Mark unrunnable stop actions as "blocked" (bnc#816511) * PE: Block the stop of resources if any depending resource is unmanaged (bnc#816511). The list above is not comprehensive. For details, please refer to the individual package change logs and Bugzilla. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-slehae-201307-8067 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.0 and 1.4.6]: cluster-glue-1.0.11-0.17.1 corosync-1.4.6-0.7.1 crmsh-1.2.5-0.24.1 libcorosync-devel-1.4.6-0.7.1 libcorosync4-1.4.6-0.7.1 libdlm-3.00.01-0.26.1 libdlm-devel-3.00.01-0.26.1 libdlm3-3.00.01-0.26.1 libglue-devel-1.0.11-0.17.1 libglue2-1.0.11-0.17.1 libopenais-devel-1.1.4-5.15.2 libopenais3-1.1.4-5.15.2 libpacemaker-devel-1.1.9-0.21.5 libpacemaker3-1.1.9-0.21.5 openais-1.1.4-5.15.2 pacemaker-1.1.9-0.21.5 sbd-1.2.0-0.7.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 s390x x86_64): ldirectord-3.9.5-0.30.12 nagios-plugins-metadata-3.9.5-0.30.12 resource-agents-3.9.5-0.30.12 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): ldirectord-3.9.5-0.30.11 nagios-plugins-metadata-3.9.5-0.30.11 resource-agents-3.9.5-0.30.11 References: https://bugzilla.novell.com/815447 https://bugzilla.novell.com/816511 https://bugzilla.novell.com/821580 https://bugzilla.novell.com/822229 https://bugzilla.novell.com/822233 https://bugzilla.novell.com/823087 https://bugzilla.novell.com/823095 https://bugzilla.novell.com/824097 https://bugzilla.novell.com/825517 https://bugzilla.novell.com/825536 https://bugzilla.novell.com/825544 https://bugzilla.novell.com/825765 https://bugzilla.novell.com/827927 http://download.novell.com/patch/finder/?keywords=89f6ae52855c03212ef86dc67fe7ff92 From sle-updates at lists.suse.com Thu Nov 14 09:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Nov 2013 17:04:14 +0100 (CET) Subject: SUSE-RU-2013:1673-1: Recommended update for pacemaker Message-ID: <20131114160414.E661632149@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1673-1 Rating: low References: #825051 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker-mgmt fixes the following issue in crm_gui: * Prompt user to disable "record-pending" only if it has been enabled in the same GUI session. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-pacemaker-mgmt-8066 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): pacemaker-mgmt-2.1.2-0.9.8 pacemaker-mgmt-client-2.1.2-0.9.8 pacemaker-mgmt-devel-2.1.2-0.9.8 References: https://bugzilla.novell.com/825051 http://download.novell.com/patch/finder/?keywords=95c69529ecba647c4ca05ee879b47890 From sle-updates at lists.suse.com Thu Nov 14 10:04:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Nov 2013 18:04:08 +0100 (CET) Subject: SUSE-RU-2013:1674-1: Recommended update for ocfs2-tools Message-ID: <20131114170408.7E2193214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1674-1 Rating: low References: #820014 #834191 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ocfs2-tools provides the following fixes: * Use new kernel interface to adjust OOM scores (/proc/$pid/oom_score_adj) * Ignore partitioned disks in mounted.ocfs2. (bnc#820014) * Fix corrupted index directories in fsck. (bnc#834191) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-ocfs2-tools-8448 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): ocfs2-tools-1.8.2-0.19.1 ocfs2-tools-devel-1.8.2-0.19.1 ocfs2-tools-o2cb-1.8.2-0.19.1 ocfs2console-1.8.2-0.19.1 References: https://bugzilla.novell.com/820014 https://bugzilla.novell.com/834191 http://download.novell.com/patch/finder/?keywords=c1bc16dcf797692a2c42c1a418e85946 From sle-updates at lists.suse.com Thu Nov 14 16:04:32 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Nov 2013 00:04:32 +0100 (CET) Subject: SUSE-SU-2013:1677-1: important: Security update for IBM Java 5 Message-ID: <20131114230432.71CD332168@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1677-1 Rating: important References: #849212 Cross-References: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: SUSE CORE 9 ______________________________________________________________________________ An update that fixes 47 vulnerabilities is now available. Description: IBM Java 5 SR16-FP4 has been released which fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-5458 * CVE-2013-5456 * CVE-2013-5457 * CVE-2013-4041 * CVE-2013-5375 * CVE-2013-5372 * CVE-2013-5843 * CVE-2013-5789 * CVE-2013-5830 * CVE-2013-5829 * CVE-2013-5787 * CVE-2013-5788 * CVE-2013-5824 * CVE-2013-5842 * CVE-2013-5782 * CVE-2013-5817 * CVE-2013-5809 * CVE-2013-5814 * CVE-2013-5832 * CVE-2013-5850 * CVE-2013-5838 * CVE-2013-5802 * CVE-2013-5812 * CVE-2013-5804 * CVE-2013-5783 * CVE-2013-3829 * CVE-2013-5823 * CVE-2013-5831 * CVE-2013-5820 * CVE-2013-5819 * CVE-2013-5818 * CVE-2013-5848 * CVE-2013-5776 * CVE-2013-5774 * CVE-2013-5825 * CVE-2013-5840 * CVE-2013-5801 * CVE-2013-5778 * CVE-2013-5851 * CVE-2013-5800 * CVE-2013-5784 * CVE-2013-5849 * CVE-2013-5790 * CVE-2013-5780 * CVE-2013-5797 * CVE-2013-5803 * CVE-2013-5772 Package List: - SUSE CORE 9 (i586 s390 s390x x86_64): IBMJava5-JRE-1.5.0_sr16.4-0.4 IBMJava5-SDK-1.5.0_sr16.4-0.4 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4041.html http://support.novell.com/security/cve/CVE-2013-5372.html http://support.novell.com/security/cve/CVE-2013-5375.html http://support.novell.com/security/cve/CVE-2013-5456.html http://support.novell.com/security/cve/CVE-2013-5457.html http://support.novell.com/security/cve/CVE-2013-5458.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5776.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5787.html http://support.novell.com/security/cve/CVE-2013-5788.html http://support.novell.com/security/cve/CVE-2013-5789.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5800.html http://support.novell.com/security/cve/CVE-2013-5801.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5812.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5818.html http://support.novell.com/security/cve/CVE-2013-5819.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5824.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5831.html http://support.novell.com/security/cve/CVE-2013-5832.html http://support.novell.com/security/cve/CVE-2013-5838.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5843.html http://support.novell.com/security/cve/CVE-2013-5848.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html https://bugzilla.novell.com/849212 http://download.novell.com/patch/finder/?keywords=ee3af08cb4368a9b3504c613b99084af From sle-updates at lists.suse.com Thu Nov 14 19:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Nov 2013 03:04:10 +0100 (CET) Subject: SUSE-SU-2013:1678-1: important: Security update for Mozilla Firefox Message-ID: <20131115020410.A070132168@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1678-1 Rating: important References: #847708 Cross-References: CVE-2013-1739 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes four new package versions. Description: Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues: * MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) * MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. * MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. * MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. * MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. o ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) o ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) o ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) * MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issue reference: * CVE-2013-1739 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201310-8491 sdksp3-mozilla-nss-201310-8485 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-mozilla-nss-201310-8484 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201310-8491 slessp3-mozilla-nss-201310-8485 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201310-8491 slessp3-mozilla-nss-201310-8485 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-201310-8545 slessp2-mozilla-nss-201310-8484 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-201310-8545 slessp2-mozilla-nss-201310-8484 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201310-8492 slessp1-mozilla-nss-201310-8486 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201310-8491 sledsp3-mozilla-nss-201310-8485 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-201310-8545 sledsp2-mozilla-nss-201310-8484 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.2 and 4.10.1]: MozillaFirefox-devel-17.0.10esr-0.7.4 mozilla-nspr-devel-4.10.1-0.3.1 mozilla-nss-devel-3.15.2-0.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.2 and 4.10.1]: mozilla-nspr-devel-4.10.1-0.3.1 mozilla-nss-devel-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 17.0.10esr,3.15.2 and 4.10.1]: MozillaFirefox-17.0.10esr-0.7.4 MozillaFirefox-translations-17.0.10esr-0.7.4 libfreebl3-3.15.2-0.8.1 libsoftokn3-3.15.2-0.8.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.8.1 mozilla-nss-tools-3.15.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.8.1 libsoftokn3-32bit-3.15.2-0.8.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.10esr,3.15.2 and 4.10.1]: MozillaFirefox-17.0.10esr-0.7.4 MozillaFirefox-branding-SLED-7-0.12.41 MozillaFirefox-translations-17.0.10esr-0.7.4 libfreebl3-3.15.2-0.8.1 libsoftokn3-3.15.2-0.8.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.8.1 mozilla-nss-tools-3.15.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.8.1 libsoftokn3-32bit-3.15.2-0.8.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-x86-3.15.2-0.8.1 libsoftokn3-x86-3.15.2-0.8.1 mozilla-nspr-x86-4.10.1-0.3.1 mozilla-nss-x86-3.15.2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.10esr,3.15.2 and 4.10.1]: MozillaFirefox-17.0.10esr-0.4.2.4 MozillaFirefox-translations-17.0.10esr-0.4.2.4 libfreebl3-3.15.2-0.3.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.3.1 mozilla-nss-tools-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.3.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.10esr,3.15.2 and 4.10.1]: MozillaFirefox-17.0.10esr-0.4.2.4 MozillaFirefox-branding-SLED-7-0.6.9.62 MozillaFirefox-translations-17.0.10esr-0.4.2.4 libfreebl3-3.15.2-0.3.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.3.1 mozilla-nss-tools-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.3.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-x86-3.15.2-0.3.1 mozilla-nspr-x86-4.10.1-0.3.1 mozilla-nss-x86-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 17.0.10esr,3.15.2,4.10.1 and 7]: MozillaFirefox-17.0.10esr-0.4.2.1 MozillaFirefox-branding-SLED-7-0.6.9.60 MozillaFirefox-translations-17.0.10esr-0.4.2.1 libfreebl3-3.15.2-0.3.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.3.1 mozilla-nss-tools-3.15.2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.3.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.15.2 and 4.10.1]: mozilla-nspr-4.10.1-0.5.1 mozilla-nspr-devel-4.10.1-0.5.1 mozilla-nss-3.15.2-0.5.1 mozilla-nss-devel-3.15.2-0.5.1 mozilla-nss-tools-3.15.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.15.2 and 4.10.1]: mozilla-nspr-32bit-4.10.1-0.5.1 mozilla-nss-32bit-3.15.2-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.15.2 and 4.10.1]: mozilla-nspr-4.10.1-0.5.1 mozilla-nspr-devel-4.10.1-0.5.1 mozilla-nss-3.15.2-0.5.1 mozilla-nss-devel-3.15.2-0.5.1 mozilla-nss-tools-3.15.2-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.15.2 and 4.10.1]: mozilla-nspr-32bit-4.10.1-0.5.1 mozilla-nss-32bit-3.15.2-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 17.0.10esr,3.15.2 and 4.10.1]: MozillaFirefox-17.0.10esr-0.7.4 MozillaFirefox-branding-SLED-7-0.12.41 MozillaFirefox-translations-17.0.10esr-0.7.4 libfreebl3-3.15.2-0.8.1 libsoftokn3-3.15.2-0.8.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.8.1 mozilla-nss-tools-3.15.2-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.8.1 libsoftokn3-32bit-3.15.2-0.8.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.8.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.10esr,3.15.2 and 4.10.1]: MozillaFirefox-17.0.10esr-0.4.2.4 MozillaFirefox-branding-SLED-7-0.6.9.62 MozillaFirefox-translations-17.0.10esr-0.4.2.4 libfreebl3-3.15.2-0.3.1 mozilla-nspr-4.10.1-0.3.1 mozilla-nss-3.15.2-0.3.1 mozilla-nss-tools-3.15.2-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.2 and 4.10.1]: libfreebl3-32bit-3.15.2-0.3.1 mozilla-nspr-32bit-4.10.1-0.3.1 mozilla-nss-32bit-3.15.2-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-1739.html https://bugzilla.novell.com/847708 http://download.novell.com/patch/finder/?keywords=07c7008fa5d3132fbafd48744ab7c997 http://download.novell.com/patch/finder/?keywords=1edf663f8550de4b96445d1cbca59315 http://download.novell.com/patch/finder/?keywords=30958073bccf2d3c9d16900439fc7ec3 http://download.novell.com/patch/finder/?keywords=574e354cc19e6404e0964c3b1348f211 http://download.novell.com/patch/finder/?keywords=92ad00fe40f67f855b720f6d4ae5751a http://download.novell.com/patch/finder/?keywords=96c6d994dc18c3fd7399e875d9d14ac1 http://download.novell.com/patch/finder/?keywords=d36d3817c15a3112e57723f3b4a2059a http://download.novell.com/patch/finder/?keywords=f4dc527883357fa1c73dfcbfaa52ddfe From sle-updates at lists.suse.com Fri Nov 15 16:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Nov 2013 00:04:11 +0100 (CET) Subject: SUSE-SU-2013:1716-1: important: Security update for flash-player Message-ID: <20131115230411.6A05E3216C@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1716-1 Rating: important References: #850220 Cross-References: CVE-2013-5329 CVE-2013-5330 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: Adobe has released Flash Player 11.2.202.327 for Linux to correct the following: * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-5329, CVE-2013-5330). More information can be found on: http://www.adobe.com/support/security/bulletins/apsb13-26.ht ml Security Issue references: * CVE-2013-5329 * CVE-2013-5330 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8555 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8554 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.327]: flash-player-11.2.202.327-0.3.1 flash-player-gnome-11.2.202.327-0.3.1 flash-player-kde4-11.2.202.327-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.327]: flash-player-11.2.202.327-0.3.1 flash-player-gnome-11.2.202.327-0.3.1 flash-player-kde4-11.2.202.327-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-5329.html http://support.novell.com/security/cve/CVE-2013-5330.html https://bugzilla.novell.com/850220 http://download.novell.com/patch/finder/?keywords=1ea0282b5c54059aad35cd74e888aff5 http://download.novell.com/patch/finder/?keywords=cbac3c783a0512a1421f2f2cd65aeedc From sle-updates at lists.suse.com Mon Nov 18 10:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Nov 2013 18:04:10 +0100 (CET) Subject: SUSE-SU-2013:1728-1: moderate: Security update for xorg-x11-server Message-ID: <20131118170410.397413215C@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1728-1 Rating: moderate References: #816813 #843652 Cross-References: CVE-2013-4396 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: xorg-x11-server was updated to fix the following security issue: * Fixed a security issue in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) A non-security issues was also fixed: * rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813) Security Issues: * CVE-2013-4396 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-Xvnc-8464 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-Xvnc-8463 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-Xvnc-8464 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-Xvnc-8464 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-Xvnc-8463 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-Xvnc-8463 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-Xvnc-8464 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-Xvnc-8463 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.83.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.70.74.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.83.2 xorg-x11-server-7.4-27.83.2 xorg-x11-server-extra-7.4-27.83.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.83.2 xorg-x11-server-7.4-27.83.2 xorg-x11-server-extra-7.4-27.83.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.74.1 xorg-x11-server-7.4-27.70.74.1 xorg-x11-server-extra-7.4-27.70.74.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.70.74.1 xorg-x11-server-7.4-27.70.74.1 xorg-x11-server-extra-7.4-27.70.74.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.83.2 xorg-x11-server-7.4-27.83.2 xorg-x11-server-extra-7.4-27.83.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.74.1 xorg-x11-server-7.4-27.70.74.1 xorg-x11-server-extra-7.4-27.70.74.1 References: http://support.novell.com/security/cve/CVE-2013-4396.html https://bugzilla.novell.com/816813 https://bugzilla.novell.com/843652 http://download.novell.com/patch/finder/?keywords=0098e7907ae8d69a80b724c0249178f2 http://download.novell.com/patch/finder/?keywords=b9c1c2f8520eaee88ff048981bb42d0e From sle-updates at lists.suse.com Mon Nov 18 16:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Nov 2013 00:04:10 +0100 (CET) Subject: SUSE-SU-2013:1677-2: important: Security update for Java 6 Message-ID: <20131118230410.F29C73215C@maintenance.suse.de> SUSE Security Update: Security update for Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1677-2 Rating: important References: #849212 Cross-References: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Java 11 SP3 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 47 vulnerabilities is now available. Description: IBM Java 6 SR15 has been released which fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-5458 * CVE-2013-5456 * CVE-2013-5457 * CVE-2013-4041 * CVE-2013-5375 * CVE-2013-5372 * CVE-2013-5843 * CVE-2013-5789 * CVE-2013-5830 * CVE-2013-5829 * CVE-2013-5787 * CVE-2013-5788 * CVE-2013-5824 * CVE-2013-5842 * CVE-2013-5782 * CVE-2013-5817 * CVE-2013-5809 * CVE-2013-5814 * CVE-2013-5832 * CVE-2013-5850 * CVE-2013-5838 * CVE-2013-5802 * CVE-2013-5812 * CVE-2013-5804 * CVE-2013-5783 * CVE-2013-3829 * CVE-2013-5823 * CVE-2013-5831 * CVE-2013-5820 * CVE-2013-5819 * CVE-2013-5818 * CVE-2013-5848 * CVE-2013-5776 * CVE-2013-5774 * CVE-2013-5825 * CVE-2013-5840 * CVE-2013-5801 * CVE-2013-5778 * CVE-2013-5851 * CVE-2013-5800 * CVE-2013-5784 * CVE-2013-5849 * CVE-2013-5790 * CVE-2013-5780 * CVE-2013-5797 * CVE-2013-5803 * CVE-2013-5772 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-8550 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_6_0-ibm-8549 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm-8550 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm-8550 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_6_0-ibm-8549 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_6_0-ibm-8549 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_6_0-ibm-8557 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_6_0-ibm-8550 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_6_0-ibm-8549 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.14.1 java-1_6_0-ibm-devel-1.6.0_sr15.0-0.14.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.14.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr15.0-0.14.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.14.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.14.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.0-0.14.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.0-0.14.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.14.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.9.9.1 java-1_6_0-ibm-devel-1.6.0_sr15.0-0.9.9.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.9.9.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.9.9.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr15.0-0.9.9.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.9.9.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.9.9.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.0-0.9.9.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.0-0.9.9.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.9.9.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4041.html http://support.novell.com/security/cve/CVE-2013-5372.html http://support.novell.com/security/cve/CVE-2013-5375.html http://support.novell.com/security/cve/CVE-2013-5456.html http://support.novell.com/security/cve/CVE-2013-5457.html http://support.novell.com/security/cve/CVE-2013-5458.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5776.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5787.html http://support.novell.com/security/cve/CVE-2013-5788.html http://support.novell.com/security/cve/CVE-2013-5789.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5800.html http://support.novell.com/security/cve/CVE-2013-5801.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5812.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5818.html http://support.novell.com/security/cve/CVE-2013-5819.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5824.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5831.html http://support.novell.com/security/cve/CVE-2013-5832.html http://support.novell.com/security/cve/CVE-2013-5838.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5843.html http://support.novell.com/security/cve/CVE-2013-5848.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html https://bugzilla.novell.com/849212 http://download.novell.com/patch/finder/?keywords=17a9db88ef351844a3d8a3520e5c917e http://download.novell.com/patch/finder/?keywords=59cacab82a07026e7b534dd6b64bd1d7 http://download.novell.com/patch/finder/?keywords=63037b81cb4f45a6e8f55663f0b31d59 http://download.novell.com/patch/finder/?keywords=92a6b678be36dd2d8ecf92f74430bc5b http://download.novell.com/patch/finder/?keywords=bfac4cdb47e4e4279150421690839df9 From sle-updates at lists.suse.com Tue Nov 19 10:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Nov 2013 18:04:14 +0100 (CET) Subject: SUSE-RU-2013:1733-1: moderate: Recommended update for mkinitrd Message-ID: <20131119170414.D03B13215F@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1733-1 Rating: moderate References: #830621 #835479 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mkinitrd provides the following fixes and enhancements: * Support IPv6 addresses in the iBFT for booting from iSCSI over IPv6 * Fix for a bug in the option parsing code to not accidentally match files in the current directory when an illegal option is given. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mkinitrd-8408 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mkinitrd-8408 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mkinitrd-8408 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mkinitrd-2.4.2-0.86.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.86.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mkinitrd-2.4.2-0.86.1 References: https://bugzilla.novell.com/830621 https://bugzilla.novell.com/835479 http://download.novell.com/patch/finder/?keywords=5515c2bf14bdcfaf8cb9b19678cdbea2 From sle-updates at lists.suse.com Tue Nov 19 10:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Nov 2013 18:04:17 +0100 (CET) Subject: SUSE-RU-2013:1734-1: moderate: Recommended update for mkinitrd Message-ID: <20131119170417.F1D1132167@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1734-1 Rating: moderate References: #835479 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mkinitrd fixes a bug in the option parsing code to not accidentally match files in the current directory when an illegal option is given. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-mkinitrd-8409 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-mkinitrd-8409 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-mkinitrd-8409 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): mkinitrd-2.4.2-0.57.63.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.57.63.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): mkinitrd-2.4.2-0.57.63.1 References: https://bugzilla.novell.com/835479 http://download.novell.com/patch/finder/?keywords=4c26808bea7b664d6c571533acb92f95 From sle-updates at lists.suse.com Tue Nov 19 10:04:21 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Nov 2013 18:04:21 +0100 (CET) Subject: SUSE-SU-2013:1735-1: moderate: Security update for Xen Message-ID: <20131119170421.237B632167@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1735-1 Rating: moderate References: #803712 #823011 #823608 #823786 #824676 #826882 #828623 #833251 #833796 #834751 #839596 #839600 #839618 #840196 #840592 #841766 #842511 #845520 Cross-References: CVE-2013-1432 CVE-2013-1442 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4416 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 7 fixes is now available. Description: XEN has been updated to version 4.1.6 which fixes various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-4329: XSA-61: libxl partially sets up HVM passthrough even with disabled iommu * CVE-2013-1432: XSA-58: x86: fix page refcount handling in page table pin error path * CVE-2013-2211: XSA-57: libxl allows guest write access to sensitive console related xenstore keys * xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) Various bugs have also been fixed: * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, "shutdown -y 0 -h" cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform and sles11sp3 with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * migrate.py support of short options dropped by PTF (bnc#824676) * after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing (bnc#803712) * various upstream fixes have been included Security Issue references: * CVE-2013-1432 * CVE-2013-1442 * CVE-2013-2194 * CVE-2013-2195 * CVE-2013-2196 * CVE-2013-2211 * CVE-2013-4329 * CVE-2013-4355 * CVE-2013-4361 * CVE-2013-4368 * CVE-2013-4416 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201310-8478 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201310-8478 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201310-8478 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201310-8478 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.6_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.6_02_3.0.93_0.5-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.6_02_3.0.93_0.5-0.5.1 xen-kmp-trace-4.1.6_02_3.0.93_0.5-0.5.1 xen-libs-4.1.6_02-0.5.1 xen-tools-domU-4.1.6_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.6_02-0.5.1 xen-doc-html-4.1.6_02-0.5.1 xen-doc-pdf-4.1.6_02-0.5.1 xen-libs-32bit-4.1.6_02-0.5.1 xen-tools-4.1.6_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.6_02_3.0.93_0.5-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.6_02_3.0.93_0.5-0.5.1 xen-kmp-trace-4.1.6_02_3.0.93_0.5-0.5.1 xen-libs-4.1.6_02-0.5.1 xen-tools-domU-4.1.6_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.6_02-0.5.1 xen-doc-html-4.1.6_02-0.5.1 xen-doc-pdf-4.1.6_02-0.5.1 xen-libs-32bit-4.1.6_02-0.5.1 xen-tools-4.1.6_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.6_02_3.0.93_0.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1432.html http://support.novell.com/security/cve/CVE-2013-1442.html http://support.novell.com/security/cve/CVE-2013-2194.html http://support.novell.com/security/cve/CVE-2013-2195.html http://support.novell.com/security/cve/CVE-2013-2196.html http://support.novell.com/security/cve/CVE-2013-2211.html http://support.novell.com/security/cve/CVE-2013-4329.html http://support.novell.com/security/cve/CVE-2013-4355.html http://support.novell.com/security/cve/CVE-2013-4361.html http://support.novell.com/security/cve/CVE-2013-4368.html http://support.novell.com/security/cve/CVE-2013-4416.html https://bugzilla.novell.com/803712 https://bugzilla.novell.com/823011 https://bugzilla.novell.com/823608 https://bugzilla.novell.com/823786 https://bugzilla.novell.com/824676 https://bugzilla.novell.com/826882 https://bugzilla.novell.com/828623 https://bugzilla.novell.com/833251 https://bugzilla.novell.com/833796 https://bugzilla.novell.com/834751 https://bugzilla.novell.com/839596 https://bugzilla.novell.com/839600 https://bugzilla.novell.com/839618 https://bugzilla.novell.com/840196 https://bugzilla.novell.com/840592 https://bugzilla.novell.com/841766 https://bugzilla.novell.com/842511 https://bugzilla.novell.com/845520 http://download.novell.com/patch/finder/?keywords=0358a604a91415d5bc35a5df0bbffa61 From sle-updates at lists.suse.com Wed Nov 20 07:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Nov 2013 15:04:13 +0100 (CET) Subject: SUSE-SU-2013:1736-1: moderate: Security update for curl Message-ID: <20131120140413.E473332167@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1736-1 Rating: moderate References: #765342 #769247 #814655 #824517 Cross-References: CVE-2013-1944 CVE-2013-2174 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. It includes one version update. Description: This is a LTSS roll-up update for the download library curl, fixing security issues and bugs. * A heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. (CVE-2013-2174) * The tailMatch function in cookie.c in cURL and libcurl did not properly match the path domain when sending cookies, which allowed remote attackers to steal cookies via a matching suffix in the domain of a URL. (CVE-2013-1944) Additionally, the following bug was fixed: * If a proxy offers NTML and Negotiate authentication and libcurl is set to not use the Negotiate scheme then the request never returns when the proxy answers with HTTP 407. (bnc#769247, bnc#765342) Security Issues: * CVE-2013-2174 * CVE-2013-1944 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-curl-8453 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-curl-8453 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 7.19.7]: curl-7.19.7-1.20.27.9 libcurl4-7.19.7-1.20.27.9 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (x86_64) [New Version: 7.19.7]: libcurl4-32bit-7.19.7-1.20.27.9 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 7.19.7]: curl-7.19.7-1.20.27.9 libcurl4-7.19.7-1.20.27.9 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 7.19.7]: libcurl4-32bit-7.19.7-1.20.27.9 References: http://support.novell.com/security/cve/CVE-2013-1944.html http://support.novell.com/security/cve/CVE-2013-2174.html https://bugzilla.novell.com/765342 https://bugzilla.novell.com/769247 https://bugzilla.novell.com/814655 https://bugzilla.novell.com/824517 http://download.novell.com/patch/finder/?keywords=b9c5f7f6584661b3c628c7965dcd5b65 From sle-updates at lists.suse.com Thu Nov 21 20:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 04:04:12 +0100 (CET) Subject: SUSE-RU-2013:1739-1: Recommended update for ocfs2-tools Message-ID: <20131122030412.B16BB32163@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1739-1 Rating: low References: #733353 #820014 #834191 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ocfs2-tools provides the following fixes: * Fix o2image segfault on big-endian platforms. (bnc#733353) * Ignore partitioned disks in mounted.ocfs2. (bnc#820014) * fsck: Fix corrupted index directories. (bnc#834191) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-ocfs2-tools-8458 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): ocfs2-tools-1.6.4-0.15.17.1 ocfs2-tools-devel-1.6.4-0.15.17.1 ocfs2-tools-o2cb-1.6.4-0.15.17.1 ocfs2console-1.6.4-0.15.17.1 References: https://bugzilla.novell.com/733353 https://bugzilla.novell.com/820014 https://bugzilla.novell.com/834191 http://download.novell.com/patch/finder/?keywords=1f26bc55e49a3e52f73b6178101b780a From sle-updates at lists.suse.com Thu Nov 21 20:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 04:04:15 +0100 (CET) Subject: SUSE-RU-2013:1740-1: Recommended update for ipmitool Message-ID: <20131122030415.C24B032168@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1740-1 Rating: low References: #797903 #799357 #817676 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for ipmitools provides the following fixes: * Re-evaluate dependencies and clean-up dead symlinks after package installation and removal. (bnc#797903, bnc#817676) * Add ipmidrv as a dependency in initialization script. (bnc#797903) * Fix sequence numbering. (bnc#799357) * Add timeout/retry to LAN. (bnc#799357) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ipmitool-8320 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ipmitool-8320 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ipmitool-8320 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ipmitool-1.8.11-0.20.26.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ipmitool-1.8.11-0.20.26.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ipmitool-1.8.11-0.20.26.1 References: https://bugzilla.novell.com/797903 https://bugzilla.novell.com/799357 https://bugzilla.novell.com/817676 http://download.novell.com/patch/finder/?keywords=03f0e6c76223b2b42817563aa15889a3 From sle-updates at lists.suse.com Thu Nov 21 20:04:18 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 04:04:18 +0100 (CET) Subject: SUSE-RU-2013:1741-1: Recommended update for pacemaker-mgmt Message-ID: <20131122030418.A5F3032168@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker-mgmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1741-1 Rating: low References: #753373 #753376 #825051 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for pacemaker-mgmt provides the following fixes: * crm_gui: Prompt user to disable "record-pending" only if it has been enabled in the same GUI session. (bnc#825051) * haclient: Save the size of main window into user's profile for future restoring. * core: Replace crm_free() wrapper with standard calls to free(). * haclient: Restorable position of divider in management pane. (bnc#753373, bnc#753376) * mgmt: Tweaks to "Transition Information". * mgmtd: Replace use of ptest with crm_simulate. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-pacemaker-mgmt-8055 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.1.2]: pacemaker-mgmt-2.1.2-0.6.2.1 pacemaker-mgmt-client-2.1.2-0.6.2.1 pacemaker-mgmt-devel-2.1.2-0.6.2.1 References: https://bugzilla.novell.com/753373 https://bugzilla.novell.com/753376 https://bugzilla.novell.com/825051 http://download.novell.com/patch/finder/?keywords=2831c26b952932ac08df2d6108806d3a From sle-updates at lists.suse.com Thu Nov 21 21:04:49 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 05:04:49 +0100 (CET) Subject: SUSE-SU-2013:1743-1: Security update for lcms Message-ID: <20131122040449.640C132158@maintenance.suse.de> SUSE Security Update: Security update for lcms ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1743-1 Rating: low References: #843716 Cross-References: CVE-2013-4276 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lcms-8425 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-lcms-8424 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-lcms-8425 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-lcms-8425 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-lcms-8424 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-lcms-8424 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-lcms-8425 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-lcms-8424 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): liblcms-devel-1.17-77.16.1 python-lcms-1.17-77.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): liblcms-devel-32bit-1.17-77.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): liblcms-devel-1.17-77.16.1 python-lcms-1.17-77.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): liblcms-devel-32bit-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): lcms-1.17-77.16.1 liblcms1-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): liblcms1-32bit-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): lcms-1.17-77.16.1 liblcms1-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): liblcms1-32bit-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): liblcms1-x86-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): lcms-1.17-77.16.1 liblcms1-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): liblcms1-32bit-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): lcms-1.17-77.16.1 liblcms1-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): liblcms1-32bit-1.17-77.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): liblcms1-x86-1.17-77.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): lcms-1.17-77.16.1 liblcms1-1.17-77.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): liblcms1-32bit-1.17-77.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): lcms-1.17-77.16.1 liblcms1-1.17-77.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): liblcms1-32bit-1.17-77.16.1 References: http://support.novell.com/security/cve/CVE-2013-4276.html https://bugzilla.novell.com/843716 http://download.novell.com/patch/finder/?keywords=ce49f7acdd5a778cb113f184b73ce701 http://download.novell.com/patch/finder/?keywords=d00423381141a7236da38f55064045a2 From sle-updates at lists.suse.com Thu Nov 21 21:04:52 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 05:04:52 +0100 (CET) Subject: SUSE-SU-2013:1744-1: important: Security update for Real Time Linux Kernel Message-ID: <20131122040452.96F9132158@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1744-1 Rating: important References: #763463 #794824 #797526 #804950 #816099 #820848 #821259 #821465 #826102 #827246 #827416 #828714 #828894 #829682 #831029 #831143 #831380 #832292 #833321 #833588 #833635 #833820 #833858 #834204 #834600 #834905 #835094 #835684 #835930 #836218 #836347 #836801 #837372 #837803 #838346 #838448 #840830 #841094 #841402 #841498 #842063 #842604 #844513 Cross-References: CVE-2013-2206 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 42 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel for RealTime was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)). * mm, memcg: introduce own oom handler to iterate only over its own threads. * mm, memcg: move all oom handling to memcontrol.c. * mm, oom: avoid looping when chosen thread detaches its mm. * mm, oom: fold oom_kill_task() into oom_kill_process(). * mm, oom: introduce helper function to process threads during scan. * mm, oom: reduce dependency on tasklist_lock. * kernel: sclp console hangs (bnc#841498, LTC#95711). * splice: fix racy pipe->buffers uses (bnc#827246). * blktrace: fix race with open trace files and directory removal (bnc#832292). * Set proper SK when CK_COND is set (bnc#833588). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). * iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513). * iommu: Remove stack trace from broken irq remapping warning (bnc#844513). * intel-iommu: Fix leaks in pagetable freeing (bnc#841402). * softirq: reduce latencies (bnc#797526). * softirq: Fix lockup related to stop_machine being stuck in __do_softirq (bnc#797526). * bounce: Bounce memory pool initialisation (bnc#836347) * writeback: Do not sync data dirtied after sync start (bnc#833820). * config//debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372). * Fixed Xen guest freezes (bnc#829682, bnc#842063). * SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824). * NFS: make nfs_flush_incompatible more generous (bnc#816099). * NFS: don't try to use lock state when we hold a delegation (bnc#831029). * nfs_lookup_revalidate(): fix a leak (bnc#828894). * fs: do_add_mount()/umount -l races (bnc#836801). * cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). * cifs: Fix EREMOTE errors encountered on DFS links (bnc#831143). * xfs: growfs: use uncached buffers for new headers (bnc#842604). * xfs: avoid double-free in xfs_attr_node_addname. * xfs: Check the return value of xfs_buf_get() (bnc#842604). * iscsi: don't hang in endless loop if no targets present (bnc#841094). * reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803). * md: Throttle number of pending write requests in md/raid10 (bnc#833858). * dm: ignore merge_bvec for snapshots when safe (bnc#820848). * rcu: Do not trigger false positive RCU stall detection (bnc#834204). * net/mlx4_en: Fix BlueFlame race (bnc#835684). * net: remove skb_orphan_try() (bnc#834600). * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905). * ipv6: don't call fib6_run_gc() until routing is ready (bnc#836218). * ipv6: prevent fib6_run_gc() contention (bnc#797526). * ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526). * netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853 bugzilla.netfilter.org:714). * netfilter: prevent race condition breaking net reference counting (bnc#835094). * sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). * quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930). * bnx2x: Change to D3hot only on removal (bnc#838448). * vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). * elousb: some systems cannot stomach work around (bnc#840830). * bio-integrity: track owner of integrity payload (bnc#831380). * lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). * series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635) * rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465). * rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file. * rpm/old-flavors: Convert the old-packages.conf file to a flat list. * rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465). * rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465). * rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465). * sched/workqueue: Only wake up idle workers if not blocked on sleeping spin lock. * genirq: Set irq thread to RT priority on creation. * timers: prepare for full preemption improve. * kernel/cpu: fix cpu down problem if kthread's cpu is going down. * kernel/hotplug: restore original cpu mask oncpu/down. * drm/i915: drop trace_i915_gem_ring_dispatch on rt. * rt,ntp: Move call to schedule_delayed_work() to helper thread. * hwlat-detector: Update hwlat_detector to add outer loop detection. * hwlat-detect/trace: Export trace_clock_local for hwlat-detector. * hwlat-detector: Use trace_clock_local if available. * hwlat-detector: Use thread instead of stop machine. * genirq: do not invoke the affinity callback via a workqueue. Security Issues: * CVE-2013-2206 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-8546 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.5-2.18.71 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.5-2.18.71 drbd-kmp-rt-8.4.2_3.0.101_rt130_0.5-0.6.6.62 drbd-kmp-rt_trace-8.4.2_3.0.101_rt130_0.5-0.6.6.62 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.5-0.25.25.10 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.5-0.25.25.10 kernel-rt-3.0.101.rt130-0.5.1 kernel-rt-base-3.0.101.rt130-0.5.1 kernel-rt-devel-3.0.101.rt130-0.5.1 kernel-rt_trace-3.0.101.rt130-0.5.1 kernel-rt_trace-base-3.0.101.rt130-0.5.1 kernel-rt_trace-devel-3.0.101.rt130-0.5.1 kernel-source-rt-3.0.101.rt130-0.5.1 kernel-syms-rt-3.0.101.rt130-0.5.1 lttng-modules-kmp-rt-2.0.4_3.0.101_rt130_0.5-0.9.9.1 lttng-modules-kmp-rt_trace-2.0.4_3.0.101_rt130_0.5-0.9.9.1 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.5-0.11.70 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.5-0.11.70 ofed-kmp-rt-1.5.2_3.0.101_rt130_0.5-0.28.28.42 ofed-kmp-rt_trace-1.5.2_3.0.101_rt130_0.5-0.28.28.42 References: http://support.novell.com/security/cve/CVE-2013-2206.html https://bugzilla.novell.com/763463 https://bugzilla.novell.com/794824 https://bugzilla.novell.com/797526 https://bugzilla.novell.com/804950 https://bugzilla.novell.com/816099 https://bugzilla.novell.com/820848 https://bugzilla.novell.com/821259 https://bugzilla.novell.com/821465 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/827246 https://bugzilla.novell.com/827416 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/828894 https://bugzilla.novell.com/829682 https://bugzilla.novell.com/831029 https://bugzilla.novell.com/831143 https://bugzilla.novell.com/831380 https://bugzilla.novell.com/832292 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/833588 https://bugzilla.novell.com/833635 https://bugzilla.novell.com/833820 https://bugzilla.novell.com/833858 https://bugzilla.novell.com/834204 https://bugzilla.novell.com/834600 https://bugzilla.novell.com/834905 https://bugzilla.novell.com/835094 https://bugzilla.novell.com/835684 https://bugzilla.novell.com/835930 https://bugzilla.novell.com/836218 https://bugzilla.novell.com/836347 https://bugzilla.novell.com/836801 https://bugzilla.novell.com/837372 https://bugzilla.novell.com/837803 https://bugzilla.novell.com/838346 https://bugzilla.novell.com/838448 https://bugzilla.novell.com/840830 https://bugzilla.novell.com/841094 https://bugzilla.novell.com/841402 https://bugzilla.novell.com/841498 https://bugzilla.novell.com/842063 https://bugzilla.novell.com/842604 https://bugzilla.novell.com/844513 http://download.novell.com/patch/finder/?keywords=9b7b4d9abfb4ec87d3d2090a6f40b7d0 From sle-updates at lists.suse.com Thu Nov 21 21:05:34 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 05:05:34 +0100 (CET) Subject: SUSE-RU-2013:1747-1: Recommended update for cluster-glue, crmsh, ldirectord, resource-agents and pacemaker Message-ID: <20131122040534.AEC5132158@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue, crmsh, ldirectord, resource-agents and pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1747-1 Rating: low References: #803991 #804003 #804704 #808373 #809635 #813815 #815447 #816511 #821219 #821580 #821861 #821871 #822233 #823095 #823177 #825517 #825536 #825629 #825765 #825959 #826812 #827927 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has 22 recommended fixes can now be installed. It includes four new package versions. Description: This collective update fixes the following issues for the respective packages: resource-agents: * apache: remove unnecessary and imperfect checks from validate_all (bnc#827927) * mysql: test properly for failed process start (bnc#823095) * mysql: really use log setting (bnc#823095) * oracle/oralsnr: explicitly require bash (bnc#825517) * doc: fix spelling and improve style in meta-data (bnc#821871) * raid1: do not test for device existence in the stop operation (bnc#821861) * raid1: wait for udevd to settle (bnc#821861). cluster-glue: * stonith: external/vcenter: do not list vms in status (bnc#825765) * hb_report: reduce severity of several info messages (bnc#804704) * hb_report: enable ssh to prompt for passwords (bnc#808373). crmsh: * history: create missing parts of the history cache directory (bnc#825629) * resource: prevent whitespace in meta_attributes when setting attributes in nested elements such as groups (bnc#815447). pacemaker: * PE: Correctly get clone instance number (bnc#821219) * PE: Delete the old resource state on every node whenever the resource type is changed (bnc#822233) * crmd: Ensure operations for cleaned up resources don't block recovery (bnc#825536) * crmd: cl#5063 - Remove cancelled ops from history cache (bnc#821580, bnc#823177, bnc#825959, bnc#826812) * PE: cl#5155 - Block the stop of resources if any depending resource is unmanaged (bnc#816511) * cib: Strip text nodes on writing CIB to disk (bnc#815447, bnc#809635) * crmd: Do not update fail-count and last-failure for old failures (bnc#804003) * crmd: Prevent use-of-NULL when free'ing empty hashtables (bnc#813815) * Core: Prevent ordering changes when applying xml diffs (bnc#803991) * Core: Correctly process XML diff's involving element removal (bnc#803991). The list above is not comprehensive. For details, please refer to the individual package change logs and Bugzilla. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-slehae-201307-8303 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.11,1.1.7,1.2.4 and 3.9.5]: cluster-glue-1.0.11-0.6.34.1 crmsh-1.2.4-0.8.8.8 ldirectord-3.9.5-0.6.26.11 libglue-devel-1.0.11-0.6.34.1 libglue2-1.0.11-0.6.34.1 libpacemaker-devel-1.1.7-0.15.7 libpacemaker3-1.1.7-0.15.7 pacemaker-1.1.7-0.15.7 resource-agents-3.9.5-0.6.26.11 References: https://bugzilla.novell.com/803991 https://bugzilla.novell.com/804003 https://bugzilla.novell.com/804704 https://bugzilla.novell.com/808373 https://bugzilla.novell.com/809635 https://bugzilla.novell.com/813815 https://bugzilla.novell.com/815447 https://bugzilla.novell.com/816511 https://bugzilla.novell.com/821219 https://bugzilla.novell.com/821580 https://bugzilla.novell.com/821861 https://bugzilla.novell.com/821871 https://bugzilla.novell.com/822233 https://bugzilla.novell.com/823095 https://bugzilla.novell.com/823177 https://bugzilla.novell.com/825517 https://bugzilla.novell.com/825536 https://bugzilla.novell.com/825629 https://bugzilla.novell.com/825765 https://bugzilla.novell.com/825959 https://bugzilla.novell.com/826812 https://bugzilla.novell.com/827927 http://download.novell.com/patch/finder/?keywords=a482ca52bcb35801a268d21a4a79677e From sle-updates at lists.suse.com Fri Nov 22 00:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 08:04:17 +0100 (CET) Subject: SUSE-SU-2013:1677-3: important: Security update for IBM Java 7 Message-ID: <20131122070417.AC9BF3216B@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1677-3 Rating: important References: #849212 Cross-References: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP3 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 47 vulnerabilities is now available. Description: IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-5458 * CVE-2013-5456 * CVE-2013-5457 * CVE-2013-4041 * CVE-2013-5375 * CVE-2013-5372 * CVE-2013-5843 * CVE-2013-5789 * CVE-2013-5830 * CVE-2013-5829 * CVE-2013-5787 * CVE-2013-5788 * CVE-2013-5824 * CVE-2013-5842 * CVE-2013-5782 * CVE-2013-5817 * CVE-2013-5809 * CVE-2013-5814 * CVE-2013-5832 * CVE-2013-5850 * CVE-2013-5838 * CVE-2013-5802 * CVE-2013-5812 * CVE-2013-5804 * CVE-2013-5783 * CVE-2013-3829 * CVE-2013-5823 * CVE-2013-5831 * CVE-2013-5820 * CVE-2013-5819 * CVE-2013-5818 * CVE-2013-5848 * CVE-2013-5776 * CVE-2013-5774 * CVE-2013-5825 * CVE-2013-5840 * CVE-2013-5801 * CVE-2013-5778 * CVE-2013-5851 * CVE-2013-5800 * CVE-2013-5784 * CVE-2013-5849 * CVE-2013-5790 * CVE-2013-5780 * CVE-2013-5797 * CVE-2013-5803 * CVE-2013-5772 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-8566 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_7_0-ibm-8565 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_7_0-ibm-8566 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_7_0-ibm-8566 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_7_0-ibm-8565 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_7_0-ibm-8565 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_7_0-ibm-8566 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_7_0-ibm-8565 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1 java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4041.html http://support.novell.com/security/cve/CVE-2013-5372.html http://support.novell.com/security/cve/CVE-2013-5375.html http://support.novell.com/security/cve/CVE-2013-5456.html http://support.novell.com/security/cve/CVE-2013-5457.html http://support.novell.com/security/cve/CVE-2013-5458.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5776.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5787.html http://support.novell.com/security/cve/CVE-2013-5788.html http://support.novell.com/security/cve/CVE-2013-5789.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5800.html http://support.novell.com/security/cve/CVE-2013-5801.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5812.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5818.html http://support.novell.com/security/cve/CVE-2013-5819.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5824.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5831.html http://support.novell.com/security/cve/CVE-2013-5832.html http://support.novell.com/security/cve/CVE-2013-5838.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5843.html http://support.novell.com/security/cve/CVE-2013-5848.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html https://bugzilla.novell.com/849212 http://download.novell.com/patch/finder/?keywords=ef51c242d9ef6e9ca30f6407189dda8b http://download.novell.com/patch/finder/?keywords=f509561ef73c266408b23c081a5bfd6f From sle-updates at lists.suse.com Fri Nov 22 00:04:21 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 08:04:21 +0100 (CET) Subject: SUSE-SU-2013:1749-1: important: Security update for Linux kernel Message-ID: <20131122070421.BCAC03216B@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1749-1 Rating: important References: #763463 #794824 #797526 #800875 #804950 #808079 #816099 #820848 #821259 #821465 #821948 #822433 #825291 #826102 #827246 #827416 #827966 #828714 #828894 #829682 #830985 #831029 #831143 #831380 #832292 #833097 #833151 #833321 #833588 #833635 #833820 #833858 #834204 #834600 #834905 #835094 #835189 #835684 #835930 #836218 #836347 #836801 #837372 #837596 #837741 #837803 #838346 #838448 #839407 #839973 #840830 #841050 #841094 #841402 #841498 #841656 #842057 #842063 #842604 #842820 #843429 #843445 #843642 #843645 #843732 #843753 #843950 #844513 #845352 #847319 #847721 Cross-References: CVE-2013-2206 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves one vulnerability and has 70 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * mm, memcg: introduce own oom handler to iterate only over its own threads. * mm, memcg: move all oom handling to memcontrol.c. * mm, oom: avoid looping when chosen thread detaches its mm. * mm, oom: fold oom_kill_task() into oom_kill_process(). * mm, oom: introduce helper function to process threads during scan. * mm, oom: reduce dependency on tasklist_lock (Reduce tasklist_lock hold times) (bnc#821259). * mm: do not walk all of system memory during show_mem (Reduce tasklist_lock hold times) (bnc#821259). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). * iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513). * iommu: Remove stack trace from broken irq remapping warning (bnc#844513). * intel-iommu: Fix leaks in pagetable freeing (bnc#841402). * Revert aer_recover_queue() __GENKSYMS__ hack, add a fake symset with the previous value instead (bnc#847721). * i2c: ismt: initialize DMA buffer (bnc#843753). * powerpc/irq: Run softirqs off the top of the irq stack (bnc#847319). * quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930). * kernel: sclp console hangs (bnc#841498, LTC#95711). * tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973,LTC#97595). * tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973,LTC#97595). * softirq: reduce latencies (bnc#797526). * X.509: Remove certificate date checks (bnc#841656). * config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372). * splice: fix racy pipe->buffers uses (bnc#827246). * blktrace: fix race with open trace files and directory removal (bnc#832292). * rcu: Do not trigger false positive RCU stall detection (bnc#834204). * kernel: allow program interruption filtering in user space (bnc#837596, LTC#97332). * Audit: do not print error when LSMs disabled (bnc#842057). * SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824). * Btrfs: fix negative qgroup tracking from owner accounting (bnc#821948). * cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). * NFS: make nfs_flush_incompatible more generous (bnc#816099). * xfs: growfs: use uncached buffers for new headers (bnc#842604). * NFS: do not try to use lock state when we hold a delegation (bnc#831029). * NFS: nfs_lookup_revalidate(): fix a leak (bnc#828894). * fs: do_add_mount()/umount -l races (bnc#836801). * xfs: avoid double-free in xfs_attr_node_addname. * xfs: Check the return value of xfs_buf_get() (bnc#842604). * iscsi: do not hang in endless loop if no targets present (bnc#841094). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * cifs: revalidate directories instiantiated via FIND_ in order to handle DFS referrals (bnc#831143). * cifs: do not instantiate new dentries in readdir for inodes that need to be revalidated immediately (bnc#831143). * cifs: rename cifs_readdir_lookup to cifs_prime_dcache and make it void return (bnc#831143). * cifs: get rid of blind d_drop() in readdir (bnc#831143). * cifs: cleanup cifs_filldir (bnc#831143). * cifs: on send failure, readjust server sequence number downward (bnc#827966). * cifs: adjust sequence number downward after signing NT_CANCEL request (bnc#827966). * cifs: on send failure, readjust server sequence number downward (bnc#827966). * cifs: adjust sequence number downward after signing NT_CANCEL request (bnc#827966). * reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803). * reiserfs: remove useless flush_old_journal_lists. * lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). * md: Throttle number of pending write requests in md/raid10 (bnc#833858). * dm: ignore merge_bvec for snapshots when safe (bnc#820848). * ata: Set proper SK when CK_COND is set (bnc#833588). * Btrfs: abort unlink trans in missed error case. * Btrfs: add all ioctl checks before user change for quota operations. * Btrfs: add a rb_tree to improve performance of ulist search. * Btrfs: add btrfs_fs_incompat helper. * Btrfs: add ioctl to wait for qgroup rescan completion. * Btrfs: add log message stubs. * Btrfs: add missing error checks to add_data_references. * Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP handler. * Btrfs: add missing error handling to read_tree_block. * Btrfs: add missing mounting options in btrfs_show_options(). * Btrfs: add sanity checks regarding to parsing mount options. * Btrfs: add some missing iput()s in btrfs_orphan_cleanup. * Btrfs: add tree block level sanity check. * Btrfs: allocate new chunks if the space is not enough for global rsv. * Btrfs: allow file data clone within a file. * Btrfs: allow superblock mismatch from older mkfs. * Btrfs: annotate quota tree for lockdep. * Btrfs: automatic rescan after "quota enable" command (FATE#312751). * Btrfs: change how we queue blocks for backref checking. * Btrfs: check if leafs parent exists before pushing items around. * Btrfs: check if we can nocow if we do not have data space. * Btrfs: check return value of commit when recovering log. * Btrfs: clean snapshots one by one. * Btrfs: cleanup destroy_marked_extents. * Btrfs: cleanup fs roots if we fail to mount. * Btrfs: cleanup orphaned root orphan item. * Btrfs: cleanup reloc roots properly on error. * Btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range(). * Btrfs: clean up transaction abort messages. * Btrfs: cleanup unused arguments of btrfs_csum_data. * Btrfs: clear received_uuid field for new writable snapshots. * Btrfs: compare relevant parts of delayed tree refs. * Btrfs: cover more error codes in btrfs_decode_error. * Btrfs: creating the subvolume qgroup automatically when enabling quota. * Btrfs: deal with bad mappings in btrfs_map_block. * Btrfs: deal with errors in write_dev_supers. * Btrfs: deal with free space cache errors while replaying log. * Btrfs: deprecate subvolrootid mount option. * Btrfs: do away with non-whole_page extent I/O. * Btrfs: do delay iput in sync_fs. * Btrfs: do not clear our orphan item runtime flag on eexist. * Btrfs: do not continue if out of memory happens. * Btrfs: do not offset physical if we are compressed. * Btrfs: do not pin while under spin lock. * Btrfs: do not abort the current transaction if there is no enough space for inode cache. * Btrfs: do not allow a subvol to be deleted if it is the default subovl. * Btrfs: do not BUG_ON() in btrfs_num_copies. * Btrfs: do not bug_on when we fail when cleaning up transactions. * Btrfs: do not call readahead hook until we have read the entire eb. * Btrfs: do not delete fs_roots until after we cleanup the transaction. * Btrfs: dont do log_removal in insert_new_root. * Btrfs: do not force pages under writeback to finish when aborting. * Btrfs: do not ignore errors from btrfs_run_delayed_items. * Btrfs: do not invoke btrfs_invalidate_inodes() in the spin lock context. * Btrfs: do not miss inode ref items in BTRFS_IOC_INO_LOOKUP. * Btrfs: do not null pointer deref on abort. * Btrfs: do not panic if we are trying to drop too many refs. * Btrfs: do not steal the reserved space from the global reserve if their space type is different. * Btrfs: do not stop searching after encountering the wrong item. * Btrfs: do not try and free ebs twice in log replay. * Btrfs: do not use global block reservation for inode cache truncation. * Btrfs: do not wait on ordered extents if we have a trans open. * Btrfs: Drop inode if inode root is NULL. * Btrfs: enhance superblock checks. * Btrfs: exclude logged extents before replying when we are mixed. * Btrfs: explicitly use global_block_rsv for quota_tree. * Btrfs: fall back to global reservation when removing subvolumes. * Btrfs: fix a bug of snapshot-aware defrag to make it work on partial extents. * Btrfs: fix accessing a freed tree root. * Btrfs: fix accessing the root pointer in tree mod log functions. * Btrfs: fix all callers of read_tree_block. * Btrfs: fix a warning when disabling quota. * Btrfs: fix a warning when updating qgroup limit. * Btrfs: fix backref walking when we hit a compressed extent. * Btrfs: fix bad extent logging. * Btrfs: fix broken nocow after balance. * Btrfs: fix confusing edquot happening case. * Btrfs: fix double free in the iterate_extent_inodes(). * Btrfs: fix error handling in btrfs_ioctl_send(). * Btrfs: fix error handling in make/read block group. * Btrfs: fix estale with btrfs send. * Btrfs: fix extent buffer leak after backref walking. * Btrfs: fix extent logging with O_DIRECT into prealloc. * Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is specified. * Btrfs: fix get set label blocking against balance. * Btrfs: fix infinite loop when we abort on mount. * Btrfs: fix inode leak on kmalloc failure in tree-log.c. * Btrfs: fix lockdep warning. * Btrfs: fix lock leak when resuming snapshot deletion. * Btrfs: fix memory leak of orphan block rsv. * Btrfs: fix missing check about ulist_add() in qgroup.c. * Btrfs: fix missing check before creating a qgroup relation. * Btrfs: fix missing check in the btrfs_qgroup_inherit(). * Btrfs: fix off-by-one in fiemap. * Btrfs: fix oops when writing dirty qgroups to disk. * Btrfs: fix possible infinite loop in slow caching. * Btrfs: fix possible memory leak in replace_path(). * Btrfs: fix possible memory leak in the find_parent_nodes(). * Btrfs: fix printing of non NULL terminated string. * Btrfs: fix qgroup rescan resume on mount. * Btrfs: fix reada debug code compilation. * Btrfs: fix the error handling wrt orphan items. * Btrfs: fix transaction throttling for delayed refs. * Btrfs: fix tree mod log regression on root split operations. * Btrfs: fix unblocked autodefraggers when remount. * Btrfs: fix unlock after free on rewinded tree blocks. * Btrfs: fix unprotected root node of the subvolumes inode rb-tree. * Btrfs: fix use-after-free bug during umount. * Btrfs: free csums when we are done scrubbing an extent. * Btrfs: handle errors returned from get_tree_block_key. * Btrfs: handle errors when doing slow caching. * Btrfs: hold the tree mod lock in __tree_mod_log_rewind. * Btrfs: ignore device open failures in __btrfs_open_devices. * Btrfs: improve the loop of scrub_stripe. * Btrfs: improve the performance of the csums lookup. * Btrfs: init relocate extent_io_tree with a mapping. * Btrfs: introduce a mutex lock for btrfs quota operations. * Btrfs: kill some BUG_ONs() in the find_parent_nodes(). * Btrfs: log ram bytes properly. * Btrfs: make __merge_refs() return type be void. * Btrfs: make orphan cleanup less verbose. * Btrfs: make static code static & remove dead code. * Btrfs: make subvol creation/deletion killable in the early stages. * Btrfs: make sure roots are assigned before freeing their nodes. * Btrfs: make sure the backref walker catches all refs to our extent. * Btrfs: make the cleaner complete early when the fs is going to be umounted. * Btrfs: make the snap/subv deletion end more early when the fs is R/O. * Btrfs: merge save_error_info helpers into one. * Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot(). * Btrfs: only do the tree_mod_log_free_eb if this is our last ref. * Btrfs: only exclude supers in the range of our block group. * Btrfs: optimize key searches in btrfs_search_slot. * Btrfs: optimize the error handle of use_block_rsv(). * Btrfs: pause the space balance when remounting to R/O. * Btrfs: put our inode if orphan cleanup fails. * Btrfs: re-add root to dead root list if we stop dropping it. * Btrfs: read entire device info under lock. * Btrfs: release both paths before logging dir/changed extents. * Btrfs: Release uuid_mutex for shrink during device delete. * Btrfs: remove almost all of the BUG()s from tree-log.c. * Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix(). * Btrfs: remove ourselves from the cluster list under lock. * Btrfs: remove some BUG_ONs() when walking backref tree. * Btrfs: remove some unnecessary spin_lock usages. * Btrfs: remove unnecessary ->s_umount in cleaner_kthread(). * Btrfs: remove unused argument of fixup_low_keys(). * Btrfs: remove unused gfp mask parameter from release_extent_buffer callchain. * Btrfs: remove useless copy in quota_ctl. * Btrfs: remove warn on in free space cache writeout. * Btrfs: rescan for qgroups (FATE#312751). * Btrfs: reset ret in record_one_backref. * Btrfs: return ENOSPC when target space is full. * Btrfs: return errno if possible when we fail to allocate memory. * Btrfs: return error code in btrfs_check_trunc_cache_free_space(). * Btrfs: return error when we specify wrong start to defrag. * Btrfs: return free space in cow error path. * Btrfs: separate sequence numbers for delayed ref tracking and tree mod log. * Btrfs: set UUID in root_item for created trees. * Btrfs: share stop worker code. * Btrfs: simplify unlink reservations. * Btrfs: split btrfs_qgroup_account_ref into four functions. * Btrfs: stop all workers before cleaning up roots. * Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc. * Btrfs: stop waiting on current trans if we aborted. * Btrfs: unlock extent range on enospc in compressed submit. * Btrfs: update drop progress before stopping snapshot dropping. * Btrfs: update fixups from 3.11 * Btrfs: update the global reserve if it is empty. * Btrfs: use helper to cleanup tree roots. * Btrfs: use REQ_META for all metadata IO. * Btrfs: use tree_root to avoid edquot when disabling quota. * Btrfs: use u64 for subvolid when parsing mount options. * Btrfs: use unsigned long type for extent state bits. * Btrfs: various abort cleanups. * Btrfs: wait ordered range before doing direct io. * Btrfs: wake up delayed ref flushing waiters on abort. * net/mlx4_en: Fix BlueFlame race (bnc#835684). * ipv6: do not call fib6_run_gc() until routing is ready (bnc#836218). * ipv6: prevent fib6_run_gc() contention (bnc#797526). * ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526). * netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853). * netfilter: prevent race condition breaking net reference counting (bnc#835094). * net: remove skb_orphan_try() (bnc#834600). * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905). * sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). * mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in mlx4_ib_create_qp() (bnc#822433). * drm/i915: disable sound first on intel_disable_ddi (bnc#833151). * drm/i915: HDMI/DP - ELD info refresh support for Haswell (bnc#833151). * drm/cirrus: This is a cirrus version of Egbert Eichs patch for mgag200 (bnc#808079). * drm/i915: Disable GGTT PTEs on GEN6+ suspend (bnc#800875). * drm/i915/hsw: Disable L3 caching of atomic memory operations (bnc#800875). * ALSA: hda - Re-setup HDMI pin and audio infoframe on stream switches (bnc#833151). * vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). * mvsas: add support for 9480 device id (bnc#843950). * r8169: fix argument in rtl_hw_init_8168g (bnc#845352,bnc#842820). * r8169: support RTL8168G (bnc#845352,bnc#842820). * r8169: abstract out loop conditions (bnc#845352,bnc#842820). * r8169: mdio_ops signature change (bnc#845352,bnc#842820). * thp: reduce khugepaged freezing latency (khugepaged blocking suspend-to-ram (bnc#825291)). * bnx2x: Change to D3hot only on removal (bnc#838448). * megaraid_sas: Disable controller reset for ppc (bnc#841050). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: retry command on "mode parameter changed" sense code (bnc#843645). * scsi_dh_alua: invalid state information for "optimized" paths (bnc#843445). * scsi_dh_alua: reattaching device handler fails with "Error 15" (bnc#843429). * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: vmbus: Do not attempt to negoatiate a new version prematurely. * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: vmbus: Terminate vmbus version negotiation on timeout. * Drivers: hv: vmbus: Fix a bug in the handling of channel offers. * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: balloon: Initialize the transaction ID just before sending the packet. * Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). * be2net: Check for POST state in suspend-resume sequence (bnc#835189). * be2net: bug fix on returning an invalid nic descriptor (bnc#835189). * be2net: provision VF resources before enabling SR-IOV (bnc#835189). * be2net: Fix firmware download for Lancer (bnc#835189). * be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (bnc#835189). * be2net: Use GET_FUNCTION_CONFIG V1 cmd (bnc#835189). * be2net: Avoid flashing BE3 UFI on BE3-R chip (bnc#835189). * be2net: Use TXQ_CREATE_V2 cmd (bnc#835189). * writeback: Do not sync data dirtied after sync start (bnc#833820). * elousb: some systems cannot stomach work around (bnc#840830,bnc#830985). * bounce: allow use of bounce pool via config option (Bounce memory pool initialisation (bnc#836347)). * block: initialize the bounce pool if high memory may be added later (Bounce memory pool initialisation (bnc#836347)). * bio-integrity: track owner of integrity payload (bnc#831380). * xhci: Fix spurious wakeups after S5 on Haswell (bnc#833097). * s390/cio: handle unknown pgroup state (bnc#837741,LTC#97048). * s390/cio: export vpm via sysfs (bnc#837741,LTC#97048). * s390/cio: skip broken paths (bnc#837741,LTC#97048). * s390/cio: dont abort verification after missing irq (bnc#837741,LTC#97048). * cio: add message for timeouts on internal I/O (bnc#837741,LTC#97048). * series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635). * Update EC2 config files (STRICT_DEVMEM off, bnc#843732). * Fixed Xen guest freezes (bnc#829682, bnc#842063). * tools: hv: Improve error logging in VSS daemon. * tools: hv: Check return value of poll call. * tools: hv: Check return value of setsockopt call. * Tools: hv: fix send/recv buffer allocation. * Tools: hv: check return value of daemon to fix compiler warning. * Tools: hv: in kvp_set_ip_info free mac_addr right after usage. * Tools: hv: check return value of system in hv_kvp_daemon. * Tools: hv: correct payload size in netlink_send. * Tools: hv: use full nlmsghdr in netlink_send. * rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465). * rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file. * rpm/old-flavors: Convert the old-packages.conf file to a flat list. * rpm/mkspec: Adjust. * rpm/old-packages.conf: Delete. * rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465). * rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465). * rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465). Security Issues: * CVE-2013-2206 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-8525 slessp3-kernel-8528 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-8522 slessp3-kernel-8523 slessp3-kernel-8524 slessp3-kernel-8525 slessp3-kernel-8528 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-8522 slehasp3-kernel-8523 slehasp3-kernel-8524 slehasp3-kernel-8525 slehasp3-kernel-8528 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-8525 sledsp3-kernel-8528 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.8.1 kernel-default-base-3.0.101-0.8.1 kernel-default-devel-3.0.101-0.8.1 kernel-source-3.0.101-0.8.1 kernel-syms-3.0.101-0.8.1 kernel-trace-3.0.101-0.8.1 kernel-trace-base-3.0.101-0.8.1 kernel-trace-devel-3.0.101-0.8.1 kernel-xen-devel-3.0.101-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.8.1 kernel-pae-base-3.0.101-0.8.1 kernel-pae-devel-3.0.101-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.8.1 kernel-default-base-3.0.101-0.8.1 kernel-default-devel-3.0.101-0.8.1 kernel-source-3.0.101-0.8.1 kernel-syms-3.0.101-0.8.1 kernel-trace-3.0.101-0.8.1 kernel-trace-base-3.0.101-0.8.1 kernel-trace-devel-3.0.101-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.8.1 kernel-ec2-base-3.0.101-0.8.1 kernel-ec2-devel-3.0.101-0.8.1 kernel-xen-3.0.101-0.8.1 kernel-xen-base-3.0.101-0.8.1 kernel-xen-devel-3.0.101-0.8.1 xen-kmp-default-4.2.3_02_3.0.101_0.8-0.7.9 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.8.1 kernel-ppc64-base-3.0.101-0.8.1 kernel-ppc64-devel-3.0.101-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.8.1 kernel-pae-base-3.0.101-0.8.1 kernel-pae-devel-3.0.101-0.8.1 xen-kmp-pae-4.2.3_02_3.0.101_0.8-0.7.9 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.8-2.27.22 cluster-network-kmp-trace-1.4_3.0.101_0.8-2.27.22 gfs2-kmp-default-2_3.0.101_0.8-0.16.28 gfs2-kmp-trace-2_3.0.101_0.8-0.16.28 ocfs2-kmp-default-1.6_3.0.101_0.8-0.20.22 ocfs2-kmp-trace-1.6_3.0.101_0.8-0.20.22 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.8-2.27.22 gfs2-kmp-xen-2_3.0.101_0.8-0.16.28 ocfs2-kmp-xen-1.6_3.0.101_0.8-0.20.22 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.8-2.27.22 gfs2-kmp-ppc64-2_3.0.101_0.8-0.16.28 ocfs2-kmp-ppc64-1.6_3.0.101_0.8-0.20.22 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.8-2.27.22 gfs2-kmp-pae-2_3.0.101_0.8-0.16.28 ocfs2-kmp-pae-1.6_3.0.101_0.8-0.20.22 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.8.1 kernel-default-base-3.0.101-0.8.1 kernel-default-devel-3.0.101-0.8.1 kernel-default-extra-3.0.101-0.8.1 kernel-source-3.0.101-0.8.1 kernel-syms-3.0.101-0.8.1 kernel-trace-devel-3.0.101-0.8.1 kernel-xen-3.0.101-0.8.1 kernel-xen-base-3.0.101-0.8.1 kernel-xen-devel-3.0.101-0.8.1 kernel-xen-extra-3.0.101-0.8.1 xen-kmp-default-4.2.3_02_3.0.101_0.8-0.7.9 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.8.1 kernel-pae-base-3.0.101-0.8.1 kernel-pae-devel-3.0.101-0.8.1 kernel-pae-extra-3.0.101-0.8.1 xen-kmp-pae-4.2.3_02_3.0.101_0.8-0.7.9 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.8.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.8.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.8.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-2206.html https://bugzilla.novell.com/763463 https://bugzilla.novell.com/794824 https://bugzilla.novell.com/797526 https://bugzilla.novell.com/800875 https://bugzilla.novell.com/804950 https://bugzilla.novell.com/808079 https://bugzilla.novell.com/816099 https://bugzilla.novell.com/820848 https://bugzilla.novell.com/821259 https://bugzilla.novell.com/821465 https://bugzilla.novell.com/821948 https://bugzilla.novell.com/822433 https://bugzilla.novell.com/825291 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/827246 https://bugzilla.novell.com/827416 https://bugzilla.novell.com/827966 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/828894 https://bugzilla.novell.com/829682 https://bugzilla.novell.com/830985 https://bugzilla.novell.com/831029 https://bugzilla.novell.com/831143 https://bugzilla.novell.com/831380 https://bugzilla.novell.com/832292 https://bugzilla.novell.com/833097 https://bugzilla.novell.com/833151 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/833588 https://bugzilla.novell.com/833635 https://bugzilla.novell.com/833820 https://bugzilla.novell.com/833858 https://bugzilla.novell.com/834204 https://bugzilla.novell.com/834600 https://bugzilla.novell.com/834905 https://bugzilla.novell.com/835094 https://bugzilla.novell.com/835189 https://bugzilla.novell.com/835684 https://bugzilla.novell.com/835930 https://bugzilla.novell.com/836218 https://bugzilla.novell.com/836347 https://bugzilla.novell.com/836801 https://bugzilla.novell.com/837372 https://bugzilla.novell.com/837596 https://bugzilla.novell.com/837741 https://bugzilla.novell.com/837803 https://bugzilla.novell.com/838346 https://bugzilla.novell.com/838448 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/839973 https://bugzilla.novell.com/840830 https://bugzilla.novell.com/841050 https://bugzilla.novell.com/841094 https://bugzilla.novell.com/841402 https://bugzilla.novell.com/841498 https://bugzilla.novell.com/841656 https://bugzilla.novell.com/842057 https://bugzilla.novell.com/842063 https://bugzilla.novell.com/842604 https://bugzilla.novell.com/842820 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/843732 https://bugzilla.novell.com/843753 https://bugzilla.novell.com/843950 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/845352 https://bugzilla.novell.com/847319 https://bugzilla.novell.com/847721 http://download.novell.com/patch/finder/?keywords=0c0af0004bc0563109dff923684e2fba http://download.novell.com/patch/finder/?keywords=2c018cfd8b6b78121b6365c6978e23c1 http://download.novell.com/patch/finder/?keywords=32e0346fa1aa6438c937e4826a2aaebd http://download.novell.com/patch/finder/?keywords=46a7d61b0cb602556c7b2bc0266dff49 http://download.novell.com/patch/finder/?keywords=4b52e68f96bee7b4037dbfbd81e56b8c http://download.novell.com/patch/finder/?keywords=5137aa2b6ba9426dc8a9fd45649a3b56 http://download.novell.com/patch/finder/?keywords=5302038940615a465c7370e9492edbfa http://download.novell.com/patch/finder/?keywords=6b1ca8c711701ab3f6565187ddcc1da2 http://download.novell.com/patch/finder/?keywords=a14631178ead7c39a27329f7ea401672 http://download.novell.com/patch/finder/?keywords=daca8d4524a4dbd82fa3052185b205e5 From sle-updates at lists.suse.com Fri Nov 22 00:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 08:04:14 +0100 (CET) Subject: SUSE-SU-2013:1748-1: important: Security update for Linux Kernel Message-ID: <20131122070414.50E963216B@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1748-1 Rating: important References: #763463 #794824 #797526 #804950 #816099 #820848 #821259 #821465 #826102 #827246 #827416 #828714 #828894 #829682 #831029 #831143 #831380 #832292 #833321 #833588 #833635 #833820 #833858 #834204 #834600 #834905 #835094 #835684 #835930 #836218 #836347 #836801 #837372 #837803 #838346 #838448 #840830 #841094 #841402 #841498 #842063 #842604 #844513 Cross-References: CVE-2013-2206 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves one vulnerability and has 42 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * kernel: sclp console hangs (bnc#841498, LTC#95711). * intel-iommu: Fix leaks in pagetable freeing (bnc#841402). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). * iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513). * iommu: Remove stack trace from broken irq remapping warning (bnc#844513). * softirq: reduce latencies (bnc#797526). * Fix lockup related to stop_machine being stuck in __do_softirq (bnc#797526). * splice: fix racy pipe->buffers uses (bnc#827246). * blktrace: fix race with open trace files and directory removal (bnc#832292). * mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)). * mm: Bounce memory pool initialisation (bnc#836347). * mm, memcg: introduce own oom handler to iterate only over its own threads. * mm, memcg: move all oom handling to memcontrol.c. * mm, oom: avoid looping when chosen thread detaches its mm. * mm, oom: fold oom_kill_task() into oom_kill_process(). * mm, oom: introduce helper function to process threads during scan. * mm, oom: reduce dependency on tasklist_lock. * ipv6: do not call fib6_run_gc() until routing is ready (bnc#836218). * ipv6: prevent fib6_run_gc() contention (bnc#797526). * ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526). * net/mlx4_en: Fix BlueFlame race (bnc#835684). * netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853). * netfilter: prevent race condition breaking net reference counting (bnc#835094). * net: remove skb_orphan_try() (bnc#834600). * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905). * sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). * SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824). * NFS: make nfs_flush_incompatible more generous (bnc#816099). * NFS: do not try to use lock state when we hold a delegation (bnc#831029). * nfs_lookup_revalidate(): fix a leak (bnc#828894). * xfs: growfs: use uncached buffers for new headers (bnc#842604). * xfs: Check the return value of xfs_buf_get() (bnc#842604). * xfs: avoid double-free in xfs_attr_node_addname. * do_add_mount()/umount -l races (bnc#836801). * cifs: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). * cifs: Fix EREMOTE errors encountered on DFS links (bnc#831143). * reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803). * reiserfs: remove useless flush_old_journal_lists. * fs: writeback: Do not sync data dirtied after sync start (bnc#833820). * rcu: Do not trigger false positive RCU stall detection (bnc#834204). * lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). * bnx2x: Change to D3hot only on removal (bnc#838448). * vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). * Drivers: hv: Support handling multiple VMBUS versions (fate#314665). * Drivers: hv: Save and export negotiated vmbus version (fate#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (fate#314665). * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). * iscsi: do not hang in endless loop if no targets present (bnc#841094). * ata: Set proper SK when CK_COND is set (bnc#833588). * md: Throttle number of pending write requests in md/raid10 (bnc#833858). * dm: ignore merge_bvec for snapshots when safe (bnc#820848). * elousb: some systems cannot stomach work around (bnc#840830). * bio-integrity: track owner of integrity payload (bnc#831380). * quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930). * Fixed Xen guest freezes (bnc#829682, bnc#842063). * config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372). * series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635). * rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465). * rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file. * rpm/old-flavors: Convert the old-packages.conf file to a flat list. * rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465). * rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465). * rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465). Security Issue references: * CVE-2013-2206 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-8516 slessp2-kernel-8518 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-8509 slessp2-kernel-8514 slessp2-kernel-8515 slessp2-kernel-8516 slessp2-kernel-8518 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-8509 sleshasp2-kernel-8514 sleshasp2-kernel-8515 sleshasp2-kernel-8516 sleshasp2-kernel-8518 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-8516 sledsp2-kernel-8518 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.5.1 kernel-default-base-3.0.101-0.5.1 kernel-default-devel-3.0.101-0.5.1 kernel-source-3.0.101-0.5.1 kernel-syms-3.0.101-0.5.1 kernel-trace-3.0.101-0.5.1 kernel-trace-base-3.0.101-0.5.1 kernel-trace-devel-3.0.101-0.5.1 kernel-xen-devel-3.0.101-0.5.1 xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.5.1 kernel-pae-base-3.0.101-0.5.1 kernel-pae-devel-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.5.1 kernel-default-base-3.0.101-0.5.1 kernel-default-devel-3.0.101-0.5.1 kernel-source-3.0.101-0.5.1 kernel-syms-3.0.101-0.5.1 kernel-trace-3.0.101-0.5.1 kernel-trace-base-3.0.101-0.5.1 kernel-trace-devel-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.5.1 kernel-ec2-base-3.0.101-0.5.1 kernel-ec2-devel-3.0.101-0.5.1 kernel-xen-3.0.101-0.5.1 kernel-xen-base-3.0.101-0.5.1 kernel-xen-devel-3.0.101-0.5.1 xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5 xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.5.1 kernel-ppc64-base-3.0.101-0.5.1 kernel-ppc64-devel-3.0.101-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.5.1 kernel-pae-base-3.0.101-0.5.1 kernel-pae-devel-3.0.101-0.5.1 xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.5-2.18.69 cluster-network-kmp-trace-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-default-2_3.0.101_0.5-0.7.98 gfs2-kmp-trace-2_3.0.101_0.5-0.7.98 ocfs2-kmp-default-1.6_3.0.101_0.5-0.11.68 ocfs2-kmp-trace-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-xen-2_3.0.101_0.5-0.7.98 ocfs2-kmp-xen-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-ppc64-2_3.0.101_0.5-0.7.98 ocfs2-kmp-ppc64-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.5-2.18.69 gfs2-kmp-pae-2_3.0.101_0.5-0.7.98 ocfs2-kmp-pae-1.6_3.0.101_0.5-0.11.68 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.5.1 kernel-default-base-3.0.101-0.5.1 kernel-default-devel-3.0.101-0.5.1 kernel-default-extra-3.0.101-0.5.1 kernel-source-3.0.101-0.5.1 kernel-syms-3.0.101-0.5.1 kernel-trace-3.0.101-0.5.1 kernel-trace-base-3.0.101-0.5.1 kernel-trace-devel-3.0.101-0.5.1 kernel-trace-extra-3.0.101-0.5.1 kernel-xen-3.0.101-0.5.1 kernel-xen-base-3.0.101-0.5.1 kernel-xen-devel-3.0.101-0.5.1 kernel-xen-extra-3.0.101-0.5.1 xen-kmp-default-4.1.6_02_3.0.101_0.5-0.5.5 xen-kmp-trace-4.1.6_02_3.0.101_0.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.5.1 kernel-pae-base-3.0.101-0.5.1 kernel-pae-devel-3.0.101-0.5.1 kernel-pae-extra-3.0.101-0.5.1 xen-kmp-pae-4.1.6_02_3.0.101_0.5-0.5.5 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.5-0.14.79 ext4-writeable-kmp-trace-0_3.0.101_0.5-0.14.79 kernel-default-extra-3.0.101-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.5-0.14.79 kernel-xen-extra-3.0.101-0.5.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.101_0.5-0.14.79 kernel-ppc64-extra-3.0.101-0.5.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.5-0.14.79 kernel-pae-extra-3.0.101-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2206.html https://bugzilla.novell.com/763463 https://bugzilla.novell.com/794824 https://bugzilla.novell.com/797526 https://bugzilla.novell.com/804950 https://bugzilla.novell.com/816099 https://bugzilla.novell.com/820848 https://bugzilla.novell.com/821259 https://bugzilla.novell.com/821465 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/827246 https://bugzilla.novell.com/827416 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/828894 https://bugzilla.novell.com/829682 https://bugzilla.novell.com/831029 https://bugzilla.novell.com/831143 https://bugzilla.novell.com/831380 https://bugzilla.novell.com/832292 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/833588 https://bugzilla.novell.com/833635 https://bugzilla.novell.com/833820 https://bugzilla.novell.com/833858 https://bugzilla.novell.com/834204 https://bugzilla.novell.com/834600 https://bugzilla.novell.com/834905 https://bugzilla.novell.com/835094 https://bugzilla.novell.com/835684 https://bugzilla.novell.com/835930 https://bugzilla.novell.com/836218 https://bugzilla.novell.com/836347 https://bugzilla.novell.com/836801 https://bugzilla.novell.com/837372 https://bugzilla.novell.com/837803 https://bugzilla.novell.com/838346 https://bugzilla.novell.com/838448 https://bugzilla.novell.com/840830 https://bugzilla.novell.com/841094 https://bugzilla.novell.com/841402 https://bugzilla.novell.com/841498 https://bugzilla.novell.com/842063 https://bugzilla.novell.com/842604 https://bugzilla.novell.com/844513 http://download.novell.com/patch/finder/?keywords=014f991484d20757de9526cb248bccd3 http://download.novell.com/patch/finder/?keywords=241c1cd269f2d6c946750be922bf77fa http://download.novell.com/patch/finder/?keywords=29adfe67e725d67c311a0d762c7ef693 http://download.novell.com/patch/finder/?keywords=2f6d9dd2345e27452c0f4f8406222a7f http://download.novell.com/patch/finder/?keywords=43bef7672074508c7f5cb7f86cbb1e60 http://download.novell.com/patch/finder/?keywords=4b0266473a79db08cd217a9013aa07e9 http://download.novell.com/patch/finder/?keywords=6143e2e6aa3e373197bc1dfda831fcf8 http://download.novell.com/patch/finder/?keywords=6f18fc180df1025daa721c72d012acbd http://download.novell.com/patch/finder/?keywords=e004410f0af237e1cc306eea34a4b8f2 http://download.novell.com/patch/finder/?keywords=e10aac7447253ec336025bc035dd213f From sle-updates at lists.suse.com Fri Nov 22 00:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Nov 2013 08:04:27 +0100 (CET) Subject: SUSE-SU-2013:1750-1: important: Security update for Real Time Linux Kernel Message-ID: <20131122070427.67C0D3216B@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1750-1 Rating: important References: #754690 #763463 #794824 #797526 #800875 #804950 #808079 #816099 #820848 #821259 #821465 #821948 #822433 #822942 #825291 #826102 #827246 #827416 #827966 #828714 #828894 #829682 #830985 #831029 #831143 #831380 #832292 #833097 #833151 #833321 #833588 #833635 #833820 #833858 #834204 #834600 #834905 #835094 #835189 #835684 #835930 #836218 #836347 #836801 #837372 #837596 #837741 #837803 #838346 #838448 #839407 #839973 #840830 #841050 #841094 #841402 #841498 #841656 #842057 #842063 #842604 #842820 #843429 #843445 #843642 #843645 #843732 #843753 #843950 #844513 #845352 #847319 Cross-References: CVE-2013-2206 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 71 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to version 3.0.101 to fix various bugs and security issues. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * kernel: sclp console hangs (bnc#841498, LTC#95711). * kernel: allow program interruption filtering in user space (bnc#837596, LTC#97332). * Audit: do not print error when LSMs disabled (bnc#842057). * i2c: ismt: initialize DMA buffer (bnc#843753). * powerpc/irq: Run softirqs off the top of the irq stack (bnc#847319). * softirq: reduce latencies (bnc#797526). * softirq: Fix lockup related to stop_machine being stuck in __do_softirq (bnc#797526). * thp: reduce khugepaged freezing latency (khugepaged blocking suspend-to-ram (bnc#825291)). * X.509: Remove certificate date checks (bnc#841656). * splice: fix racy pipe->buffers uses (bnc#827246). * blktrace: fix race with open trace files and directory removal (bnc#832292). * writeback: Do not sync data dirtied after sync start (bnc#833820). * elousb: some systems cannot stomach work around (bnc#840830). * bounce: allow use of bounce pool via config option (Bounce memory pool initialisation (bnc#836347)). * block: initialize the bounce pool if high memory may be added later (Bounce memory pool initialization (bnc#836347)). * config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372). * xhci: Fix spurious wakeups after S5 on Haswell (bnc#833097). * cio: add message for timeouts on internal I/O (bnc#837741,LTC#97048). * elousb: some systems cannot stomach work around (bnc#830985). * s390/cio: handle unknown pgroup state (bnc#837741,LTC#97048). * s390/cio: export vpm via sysfs (bnc#837741,LTC#97048). * s390/cio: skip broken paths (bnc#837741,LTC#97048). * s390/cio: dont abort verification after missing irq (bnc#837741,LTC#97048). * bio-integrity: track owner of integrity payload (bnc#831380). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). * iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513). * iommu: Remove stack trace from broken irq remapping warning (bnc#844513). * intel-iommu: Fix leaks in pagetable freeing (bnc#841402). * mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)). * mm, memcg: introduce own oom handler to iterate only over its own threads. * mm, memcg: move all oom handling to memcontrol.c. * mm, oom: avoid looping when chosen thread detaches its mm. * mm, oom: fold oom_kill_task() into oom_kill_process(). * mm, oom: introduce helper function to process threads during scan. * mm, oom: reduce dependency on tasklist_lock. (Reduce tasklist_lock hold times (bnc#821259). * mm: vmscan: Do not continue scanning if reclaim was aborted for compaction (Limit reclaim in the preserve of IO (bnc#754690)). * mm: vmscan: take page buffers dirty and locked state into account (Limit reclaim in the preserve of IO (bnc#754690)). * mm: vmscan: treat pages marked for immediate reclaim as zone congestion (Limit reclaim in the preserve of IO (bnc#754690)). * mm: vmscan: move direct reclaim wait_iff_congested into shrink_list (Limit reclaim in the preserve of IO (bnc#754690)). * mm: vmscan: set zone flags before blocking (Limit reclaim in the preserve of IO (bnc#754690)). * mm: vmscan: stall page reclaim after a list of pages have been processed (Limit reclaim in the preserve of IO (bnc#754690)). * mm: vmscan: stall page reclaim and writeback pages based on dirty/writepage pages encountered (Limit reclaim in the reserve of IO (bnc#754690)). * mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (bnc#822942). * Update EC2 config files (STRICT_DEVMEM off, bnc#843732). * Fixed Xen guest freezes (bnc#829682, bnc#842063). * rcu: Do not trigger false positive RCU stall detection (bnc#834204). * libata: Set proper SK when CK_COND is set (bnc#833588). * libata: Set proper Sense Key for Check Condition (bnc#833588). * lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). * md: Throttle number of pending write requests in md/raid10 (bnc#833858). * dm: ignore merge_bvec for snapshots when safe (bnc#820848). * fs: do_add_mount()/umount -l races (bnc#836801). * SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824). * NFS: make nfs_flush_incompatible more generous (bnc#816099). * NFS: don't try to use lock state when we hold a delegation (bnc#831029). * NFS: nfs_lookup_revalidate(): fix a leak (bnc#828894). * cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). * xfs: growfs: use uncached buffers for new headers (bnc#842604). * xfs: avoid double-free in xfs_attr_node_addname. * xfs: Check the return value of xfs_buf_get() (bnc#842604). * cifs: revalidate directories instiantiated via FIND_* in order to handle DFS referrals (bnc#831143). * cifs: don't instantiate new dentries in readdir for inodes that need to be revalidated immediately (bnc#831143). * cifs: rename cifs_readdir_lookup to cifs_prime_dcache and make it void return (bnc#831143). * cifs: get rid of blind d_drop() in readdir (bnc#831143). * cifs: cleanup cifs_filldir (bnc#831143). * cifs: on send failure, readjust server sequence number downward (bnc#827966). * cifs: adjust sequence number downward after signing NT_CANCEL request (bnc#827966). * cifs: on send failure, readjust server sequence number downward (bnc#827966). * cifs: adjust sequence number downward after signing NT_CANCEL request (bnc#827966). * reiserfs: fix race with flush_used_journal_lists and flush_journal_list (bnc#837803). * reiserfs: remove useless flush_old_journal_lists. * mvsas: add support for 9480 device id (bnc#843950). * drm/i915: Disable GGTT PTEs on GEN6+ suspend (bnc#800875). * drm/i915/hsw: Disable L3 caching of atomic memory operations (bnc#800875). * r8169: fix argument in rtl_hw_init_8168g (bnc#845352,bnc#842820). * r8169: support RTL8168G (bnc#845352,bnc#842820). * r8169: abstract out loop conditions (bnc#845352,bnc#842820). * r8169: mdio_ops signature change (bnc#845352,bnc#842820). * megaraid_sas: Disable controller reset for ppc (bnc#841050). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). * scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). * scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). * iscsi: don't hang in endless loop if no targets present (bnc#841094). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930). * bnx2x: Change to D3hot only on removal (bnc#838448). * tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973,LTC#97595). * tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973,LTC#97595). * series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem (bnc#833635) * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: vmbus: Do not attempt to negoatiate a new version prematurely. * Drivers: hv: util: Correctly support ws2008R2 and earlier (bnc#838346). * Drivers: hv: vmbus: Terminate vmbus version negotiation on timeout. * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * Drivers: hv: balloon: Initialize the transaction ID just before sending the packet. * Drivers: hv: remove HV_DRV_VERSION. * Drivers: hv: vmbus: Fix a bug in the handling of channel offers. * Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). * mlx4: allow IB_QP_CREATE_USE_GFP_NOFS in mlx4_ib_create_qp() (bnc#822433). * drm/i915: disable sound first on intel_disable_ddi (bnc#833151). * ALSA: hda - Re-setup HDMI pin and audio infoframe on stream switches (bnc#833151). * drm/i915: HDMI/DP - ELD info refresh support for Haswell (bnc#833151). * drm/cirrus: This is a cirrus version of Egbert Eich's patch for mgag200 (bnc#808079). * vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). * net/mlx4_en: Fix BlueFlame race (bnc#835684). * be2net: Check for POST state in suspend-resume sequence (bnc#835189). * be2net: bug fix on returning an invalid nic descriptor (bnc#835189). * be2net: provision VF resources before enabling SR-IOV (bnc#835189). * be2net: Fix firmware download for Lancer (bnc#835189). * be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (bnc#835189). * be2net: Use GET_FUNCTION_CONFIG V1 cmd (bnc#835189). * be2net: Avoid flashing BE3 UFI on BE3-R chip (bnc#835189). * be2net: Use TXQ_CREATE_V2 cmd (bnc#835189). * ipv6: don't call fib6_run_gc() until routing is ready (bnc#836218). * ipv6: prevent fib6_run_gc() contention (bnc#797526). * ipv6: update ip6_rt_last_gc every time GC is run (bnc#797526). * netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853 bugzilla.netfilter.org:714). * netfilter: prevent race condition breaking net reference counting (bnc#835094). * sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). * net: remove skb_orphan_try() (bnc#834600). * bonding: check bond->vlgrp in bond_vlan_rx_kill_vid() (bnc#834905). * tools: hv: Improve error logging in VSS daemon. * tools: hv: Check return value of poll call. * tools: hv: Check return value of setsockopt call. * Tools: hv: fix send/recv buffer allocation. * Tools: hv: check return value of daemon to fix compiler warning. * Tools: hv: in kvp_set_ip_info free mac_addr right after usage. * Tools: hv: check return value of system in hv_kvp_daemon. * Tools: hv: correct payload size in netlink_send. * Tools: hv: use full nlmsghdr in netlink_send. * rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors (bnc#821465). * rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file. * rpm/old-flavors: Convert the old-packages.conf file to a flat list. * rpm/old-packages.conf: Drop bogus obsoletes for "smp" (bnc#821465). * rpm/kernel-binary.spec.in: Make sure that all KMP obsoletes are versioned (bnc#821465). * rpm/kernel-binary.spec.in: Remove unversioned provides/obsoletes for packages that were only seen in openSUSE releases up to 11.0. (bnc#821465). * sched/workqueue: Only wake up idle workers if not blocked on sleeping spin lock. * genirq: Set irq thread to RT priority on creation. * timers: prepare for full preemption improve. * kernel/cpu: fix cpu down problem if kthread's cpu is going down. * kernel/hotplug: restore original cpu mask oncpu/down. * drm/i915: drop trace_i915_gem_ring_dispatch on rt. * rt,ntp: Move call to schedule_delayed_work() to helper thread. * hwlat-detector: Update hwlat_detector to add outer loop detection. * hwlat-detect/trace: Export trace_clock_local for hwlat-detector. * hwlat-detector: Use trace_clock_local if available. * hwlat-detector: Use thread instead of stop machine. * genirq: do not invoke the affinity callback via a workqueue. * Btrfs: fix negative qgroup tracking from owner accounting (bnc#821948). * Btrfs: add missing error checks to add_data_references. * Btrfs: change how we queue blocks for backref checking. * Btrfs: add missing error handling to read_tree_block. * Btrfs: handle errors when doing slow caching. * Btrfs: fix inode leak on kmalloc failure in tree-log.c. * Btrfs: don't ignore errors from btrfs_run_delayed_items. * Btrfs: fix oops when writing dirty qgroups to disk. * Btrfs: do not clear our orphan item runtime flag on eexist. * Btrfs: remove ourselves from the cluster list under lock. * Btrfs: remove unnecessary ->s_umount in cleaner_kthread(). * Btrfs: make the cleaner complete early when the fs is going to be umounted. * Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot(). * Btrfs: make the snap/subv deletion end more early when the fs is R/O. * Btrfs: optimize key searches in btrfs_search_slot. * Btrfs: fix printing of non NULL terminated string. * Btrfs: fix memory leak of orphan block rsv. * Btrfs: don't miss inode ref items in BTRFS_IOC_INO_LOOKUP. * Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP handler. * Btrfs: fix the error handling wrt orphan items. * Btrfs: don't allow a subvol to be deleted if it is the default subovl. * Btrfs: return ENOSPC when target space is full. * Btrfs: don't bug_on when we fail when cleaning up transactions. * Btrfs: add missing mounting options in btrfs_show_options(). * Btrfs: use u64 for subvolid when parsing mount options. * Btrfs: add sanity checks regarding to parsing mount options. * Btrfs: cleanup reloc roots properly on error. * Btrfs: reset ret in record_one_backref. * Btrfs: fix get set label blocking against balance. * Btrfs: fall back to global reservation when removing subvolumes. * Btrfs: Release uuid_mutex for shrink during device delete. * Btrfs: update fixups from 3.11 * Btrfs: add ioctl to wait for qgroup rescan completion. * Btrfs: remove useless copy in quota_ctl. * Btrfs: do delay iput in sync_fs. * Btrfs: fix estale with btrfs send. * Btrfs: return error code in btrfs_check_trunc_cache_free_space(). * Btrfs: dont do log_removal in insert_new_root. * Btrfs: check if leaf's parent exists before pushing items around. * Btrfs: allow file data clone within a file. * Btrfs: simplify unlink reservations. * Btrfs: fix qgroup rescan resume on mount. * Btrfs: do not pin while under spin lock. * Btrfs: add some missing iput()'s in btrfs_orphan_cleanup. * Btrfs: put our inode if orphan cleanup fails. * Btrfs: exclude logged extents before replying when we are mixed. * Btrfs: fix broken nocow after balance. * Btrfs: wake up delayed ref flushing waiters on abort. * Btrfs: stop waiting on current trans if we aborted. * Btrfs: fix transaction throttling for delayed refs. * Btrfs: free csums when we're done scrubbing an extent. * Btrfs: unlock extent range on enospc in compressed submit. * Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc. * Btrfs: check if we can nocow if we don't have data space. * Btrfs: cleanup orphaned root orphan item. * Btrfs: hold the tree mod lock in __tree_mod_log_rewind. * Btrfs: only do the tree_mod_log_free_eb if this is our last ref. * Btrfs: wait ordered range before doing direct io. * Btrfs: update drop progress before stopping snapshot dropping. * Btrfs: fix lock leak when resuming snapshot deletion. * Btrfs: re-add root to dead root list if we stop dropping it. * Btrfs: fix file truncation if FALLOC_FL_KEEP_SIZE is specified. * Btrfs: fix a bug of snapshot-aware defrag to make it work on partial extents. * Btrfs: fix extent buffer leak after backref walking. * Btrfs: do not offset physical if we're compressed. * Btrfs: fix backref walking when we hit a compressed extent. * Btrfs: make sure the backref walker catches all refs to our extent. * Btrfs: release both paths before logging dir/changed extents. * Btrfs: add btrfs_fs_incompat helper. * Btrfs: merge save_error_info helpers into one. * Btrfs: clean up transaction abort messages. * Btrfs: cleanup unused arguments of btrfs_csum_data. * Btrfs: use helper to cleanup tree roots. * Btrfs: share stop worker code. * Btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range(). * Btrfs: clean snapshots one by one. * Btrfs: deprecate subvolrootid mount option. * Btrfs: make orphan cleanup less verbose. * Btrfs: cover more error codes in btrfs_decode_error. * Btrfs: make subvol creation/deletion killable in the early stages. * Btrfs: fix a warning when disabling quota. * Btrfs: fix infinite loop when we abort on mount. * Btrfs: compare relevant parts of delayed tree refs. * Btrfs: kill some BUG_ONs() in the find_parent_nodes(). * Btrfs: fix double free in the iterate_extent_inodes(). * Btrfs: fix error handling in make/read block group. * Btrfs: don't wait on ordered extents if we have a trans open. * Btrfs: log ram bytes properly. * Btrfs: fix bad extent logging. * Btrfs: improve the performance of the csums lookup. * Btrfs: ignore device open failures in __btrfs_open_devices. * Btrfs: abort unlink trans in missed error case. * Btrfs: creating the subvolume qgroup automatically when enabling quota. * Btrfs: introduce a mutex lock for btrfs quota operations. * Btrfs: remove some unnecessary spin_lock usages. * Btrfs: fix missing check before creating a qgroup relation. * Btrfs: fix missing check in the btrfs_qgroup_inherit(). * Btrfs: fix a warning when updating qgroup limit. * Btrfs: use tree_root to avoid edquot when disabling quota. * Btrfs: remove some BUG_ONs() when walking backref tree. * Btrfs: make __merge_refs() return type be void. * Btrfs: add a rb_tree to improve performance of ulist search. * Btrfs: fix unblocked autodefraggers when remount. * Btrfs: fix tree mod log regression on root split operations. * Btrfs: fix accessing the root pointer in tree mod log functions. * Btrfs: fix unlock after free on rewinded tree blocks. * Btrfs: do not continue if out of memory happens. * Btrfs: fix confusing edquot happening case. * Btrfs: remove unused argument of fixup_low_keys(). * Btrfs: fix reada debug code compilation. * Btrfs: return error when we specify wrong start to defrag. * Btrfs: don't force pages under writeback to finish when aborting. * Btrfs: clear received_uuid field for new writable snapshots. * Btrfs: fix missing check about ulist_add() in qgroup.c. * Btrfs: add all ioctl checks before user change for quota operations. * Btrfs: fix lockdep warning. * Btrfs: fix possible infinite loop in slow caching. * Btrfs: use REQ_META for all metadata IO. * Btrfs: deal with bad mappings in btrfs_map_block. * Btrfs: don't call readahead hook until we have read the entire eb. * Btrfs: don't BUG_ON() in btrfs_num_copies. * Btrfs: don't try and free ebs twice in log replay. * Btrfs: add tree block level sanity check. * Btrfs: only exclude supers in the range of our block group. * Btrfs: fix all callers of read_tree_block. * Btrfs: fix extent logging with O_DIRECT into prealloc. * Btrfs: cleanup fs roots if we fail to mount. * Btrfs: don't panic if we're trying to drop too many refs. * Btrfs: check return value of commit when recovering log. * Btrfs: cleanup destroy_marked_extents. * Btrfs: various abort cleanups. * Btrfs: fix error handling in btrfs_ioctl_send(). * Btrfs: set UUID in root_item for created trees. * Btrfs: return free space in cow error path. * Btrfs: separate sequence numbers for delayed ref tracking and tree mod log. * Btrfs: allocate new chunks if the space is not enough for global rsv. * Btrfs: split btrfs_qgroup_account_ref into four functions (FATE#312751). * Btrfs: rescan for qgroups (FATE#312751). * Btrfs: automatic rescan after "quota enable" command (FATE#312751). * Btrfs: deal with free space cache errors while replaying log. * Btrfs: remove almost all of the BUG()'s from tree-log.c. * Btrfs: deal with errors in write_dev_supers. * Btrfs: make static code static & remove dead code. * Btrfs: handle errors returned from get_tree_block_key. * Btrfs: remove unused gfp mask parameter from release_extent_buffer callchain. * Btrfs: read entire device info under lock. * Btrfs: improve the loop of scrub_stripe. * Btrfs: use unsigned long type for extent state bits. * Btrfs: enhance superblock checks. * Btrfs: allow superblock mismatch from older mkfs. * Btrfs: annotate quota tree for lockdep. * Btrfs: fix off-by-one in fiemap. * Btrfs: don't stop searching after encountering the wrong item. * Btrfs: don't null pointer deref on abort. * Btrfs: remove warn on in free space cache writeout. * Btrfs: fix possible memory leak in the find_parent_nodes(). * Btrfs: fix possible memory leak in replace_path(). * Btrfs: don't abort the current transaction if there is no enough space for inode cache. * Btrfs: don't use global block reservation for inode cache truncation. * Btrfs: optimize the error handle of use_block_rsv(). * Btrfs: don't steal the reserved space from the global reserve if their space type is different. * Btrfs: update the global reserve if it is empty. * Btrfs: return errno if possible when we fail to allocate memory. * Btrfs: fix accessing a freed tree root. * Btrfs: fix unprotected root node of the subvolume's inode rb-tree. * Btrfs: pause the space balance when remounting to R/O. * Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix(). * Btrfs: don't invoke btrfs_invalidate_inodes() in the spin lock context. * Btrfs: do away with non-whole_page extent I/O. * Btrfs: explicitly use global_block_rsv for quota_tree. * Btrfs: make sure roots are assigned before freeing their nodes. * Btrfs: don't delete fs_roots until after we cleanup the transaction. * Btrfs: Drop inode if inode root is NULL. * Btrfs: init relocate extent_io_tree with a mapping. * Btrfs: fix use-after-free bug during umount. * Btrfs: stop all workers before cleaning up roots. * Btrfs: add log message stubs. Security Issues: * CVE-2013-2206 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-8544 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.8-2.27.24 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.8-2.27.24 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.8-0.18.8 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.8-0.18.8 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.8-0.38.9 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.8-0.38.9 kernel-rt-3.0.101.rt130-0.8.3 kernel-rt-base-3.0.101.rt130-0.8.3 kernel-rt-devel-3.0.101.rt130-0.8.3 kernel-rt_trace-3.0.101.rt130-0.8.3 kernel-rt_trace-base-3.0.101.rt130-0.8.3 kernel-rt_trace-devel-3.0.101.rt130-0.8.3 kernel-source-rt-3.0.101.rt130-0.8.1 kernel-syms-rt-3.0.101.rt130-0.8.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.8-0.11.11 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.8-0.11.11 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.8-0.20.24 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.8-0.20.24 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.8-0.13.15 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.8-0.13.15 References: http://support.novell.com/security/cve/CVE-2013-2206.html https://bugzilla.novell.com/754690 https://bugzilla.novell.com/763463 https://bugzilla.novell.com/794824 https://bugzilla.novell.com/797526 https://bugzilla.novell.com/800875 https://bugzilla.novell.com/804950 https://bugzilla.novell.com/808079 https://bugzilla.novell.com/816099 https://bugzilla.novell.com/820848 https://bugzilla.novell.com/821259 https://bugzilla.novell.com/821465 https://bugzilla.novell.com/821948 https://bugzilla.novell.com/822433 https://bugzilla.novell.com/822942 https://bugzilla.novell.com/825291 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/827246 https://bugzilla.novell.com/827416 https://bugzilla.novell.com/827966 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/828894 https://bugzilla.novell.com/829682 https://bugzilla.novell.com/830985 https://bugzilla.novell.com/831029 https://bugzilla.novell.com/831143 https://bugzilla.novell.com/831380 https://bugzilla.novell.com/832292 https://bugzilla.novell.com/833097 https://bugzilla.novell.com/833151 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/833588 https://bugzilla.novell.com/833635 https://bugzilla.novell.com/833820 https://bugzilla.novell.com/833858 https://bugzilla.novell.com/834204 https://bugzilla.novell.com/834600 https://bugzilla.novell.com/834905 https://bugzilla.novell.com/835094 https://bugzilla.novell.com/835189 https://bugzilla.novell.com/835684 https://bugzilla.novell.com/835930 https://bugzilla.novell.com/836218 https://bugzilla.novell.com/836347 https://bugzilla.novell.com/836801 https://bugzilla.novell.com/837372 https://bugzilla.novell.com/837596 https://bugzilla.novell.com/837741 https://bugzilla.novell.com/837803 https://bugzilla.novell.com/838346 https://bugzilla.novell.com/838448 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/839973 https://bugzilla.novell.com/840830 https://bugzilla.novell.com/841050 https://bugzilla.novell.com/841094 https://bugzilla.novell.com/841402 https://bugzilla.novell.com/841498 https://bugzilla.novell.com/841656 https://bugzilla.novell.com/842057 https://bugzilla.novell.com/842063 https://bugzilla.novell.com/842604 https://bugzilla.novell.com/842820 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/843732 https://bugzilla.novell.com/843753 https://bugzilla.novell.com/843950 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/845352 https://bugzilla.novell.com/847319 http://download.novell.com/patch/finder/?keywords=a82ba878ac66780ee782fc723b8b8a40 From sle-updates at lists.suse.com Tue Nov 26 09:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Nov 2013 17:04:13 +0100 (CET) Subject: SUSE-RU-2013:1771-1: moderate: Recommended update for grub Message-ID: <20131126160413.57FDC32174@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1771-1 Rating: moderate References: #682337 #805732 #844893 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub provides fixes for the following issues: * grub post-install might freeze in chroot * grub tries to access incomplete disk tracks. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-grub-8450 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-grub-8450 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-grub-8450 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): grub-0.97-162.170.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): grub-0.97-162.170.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): grub-0.97-162.170.1 References: https://bugzilla.novell.com/682337 https://bugzilla.novell.com/805732 https://bugzilla.novell.com/844893 http://download.novell.com/patch/finder/?keywords=6d0b46dcf488dd90d4f8548649578823 From sle-updates at lists.suse.com Tue Nov 26 11:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Nov 2013 19:04:13 +0100 (CET) Subject: SUSE-RU-2013:1772-1: moderate: Recommended update for apparmor Message-ID: <20131126180413.E27E332174@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1772-1 Rating: moderate References: #839554 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Apparmor fixes an issue that prevented Tomcat 6 from starting in a confined environment. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_apparmor-8471 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_apparmor-8531 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_apparmor-8471 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_apparmor-8471 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_apparmor-8531 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_apparmor-8531 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-apache2-mod_apparmor-8471 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-apache2-mod_apparmor-8531 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libapparmor-devel-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libapparmor-devel-2.5.1.r1445-55.61.61.1 tomcat_apparmor-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.64.1 apparmor-docs-2.5.1.r1445-55.64.1 apparmor-parser-2.5.1.r1445-55.64.1 apparmor-utils-2.5.1.r1445-55.64.1 libapparmor1-2.5.1.r1445-55.64.1 pam_apparmor-2.5.1.r1445-55.64.1 perl-apparmor-2.5.1.r1445-55.64.1 tomcat_apparmor-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libapparmor1-32bit-2.5.1.r1445-55.64.1 pam_apparmor-32bit-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_apparmor-2.5.1.r1445-55.64.1 apparmor-docs-2.5.1.r1445-55.64.1 apparmor-parser-2.5.1.r1445-55.64.1 apparmor-utils-2.5.1.r1445-55.64.1 libapparmor1-2.5.1.r1445-55.64.1 pam_apparmor-2.5.1.r1445-55.64.1 perl-apparmor-2.5.1.r1445-55.64.1 tomcat_apparmor-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libapparmor1-32bit-2.5.1.r1445-55.64.1 pam_apparmor-32bit-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libapparmor1-x86-2.5.1.r1445-55.64.1 pam_apparmor-x86-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.61.61.1 apparmor-docs-2.5.1.r1445-55.61.61.1 apparmor-parser-2.5.1.r1445-55.61.61.1 apparmor-utils-2.5.1.r1445-55.61.61.1 libapparmor1-2.5.1.r1445-55.61.61.1 pam_apparmor-2.5.1.r1445-55.61.61.1 perl-apparmor-2.5.1.r1445-55.61.61.1 perl-libapparmor-2.3-51.16.4 tomcat_apparmor-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libapparmor1-32bit-2.5.1.r1445-55.61.61.1 pam_apparmor-32bit-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_apparmor-2.5.1.r1445-55.61.61.1 apparmor-docs-2.5.1.r1445-55.61.61.1 apparmor-parser-2.5.1.r1445-55.61.61.1 apparmor-utils-2.5.1.r1445-55.61.61.1 libapparmor1-2.5.1.r1445-55.61.61.1 pam_apparmor-2.5.1.r1445-55.61.61.1 perl-apparmor-2.5.1.r1445-55.61.61.1 perl-libapparmor-2.3-51.16.4 tomcat_apparmor-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libapparmor1-32bit-2.5.1.r1445-55.61.61.1 pam_apparmor-32bit-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libapparmor1-x86-2.5.1.r1445-55.61.61.1 pam_apparmor-x86-2.5.1.r1445-55.61.61.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): apparmor-docs-2.5.1.r1445-55.64.1 apparmor-parser-2.5.1.r1445-55.64.1 apparmor-utils-2.5.1.r1445-55.64.1 libapparmor1-2.5.1.r1445-55.64.1 pam_apparmor-2.5.1.r1445-55.64.1 perl-apparmor-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libapparmor1-32bit-2.5.1.r1445-55.64.1 pam_apparmor-32bit-2.5.1.r1445-55.64.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): apparmor-docs-2.5.1.r1445-55.61.61.1 apparmor-parser-2.5.1.r1445-55.61.61.1 apparmor-utils-2.5.1.r1445-55.61.61.1 libapparmor1-2.5.1.r1445-55.61.61.1 pam_apparmor-2.5.1.r1445-55.61.61.1 perl-apparmor-2.5.1.r1445-55.61.61.1 perl-libapparmor-2.3-51.16.4 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libapparmor1-32bit-2.5.1.r1445-55.61.61.1 pam_apparmor-32bit-2.5.1.r1445-55.61.61.1 References: https://bugzilla.novell.com/839554 http://download.novell.com/patch/finder/?keywords=b5c506b5ea3ba34dd681c22fe53c9c3e http://download.novell.com/patch/finder/?keywords=fd822f230e0d330093a2284d60627d44 From sle-updates at lists.suse.com Wed Nov 27 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Nov 2013 17:04:10 +0100 (CET) Subject: SUSE-SU-2013:1774-1: moderate: Security update for Xen Message-ID: <20131127160410.9A59B32174@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1774-1 Rating: moderate References: #817799 #824676 #826882 #828623 #833251 #833483 #833796 #834751 #835896 #836239 #839596 #839600 #840196 #840592 #841766 #842511 #842512 #842513 #842514 #842515 #845520 Cross-References: CVE-2013-1432 CVE-2013-1442 CVE-2013-1918 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 10 fixes is now available. Description: XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-4369: XSA-68: Fixed possible null dereference when parsing vif ratelimiting info * CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub * CVE-2013-4371: XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure * CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed: * Boot failure with xen kernel in UEFI mode with error "No memory for trampoline" (bnc#833483) * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage, xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, "shutdown -y 0 -h" cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3 (bnc#835896) * SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary (bnc#836239) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3 (bnc#817799) * Various upstream fixes have been included. Security Issues: * CVE-2013-1432 * CVE-2013-1442 * CVE-2013-1918 * CVE-2013-4355 * CVE-2013-4361 * CVE-2013-4368 * CVE-2013-4369 * CVE-2013-4370 * CVE-2013-4371 * CVE-2013-4375 * CVE-2013-4416 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xen-201310-8479 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xen-201310-8479 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xen-201310-8479 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): xen-devel-4.2.3_02-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): xen-kmp-default-4.2.3_02_3.0.93_0.8-0.7.1 xen-libs-4.2.3_02-0.7.1 xen-tools-domU-4.2.3_02-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-4.2.3_02-0.7.1 xen-doc-html-4.2.3_02-0.7.1 xen-doc-pdf-4.2.3_02-0.7.1 xen-libs-32bit-4.2.3_02-0.7.1 xen-tools-4.2.3_02-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586): xen-kmp-pae-4.2.3_02_3.0.93_0.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xen-kmp-default-4.2.3_02_3.0.93_0.8-0.7.1 xen-libs-4.2.3_02-0.7.1 xen-tools-domU-4.2.3_02-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-4.2.3_02-0.7.1 xen-doc-html-4.2.3_02-0.7.1 xen-doc-pdf-4.2.3_02-0.7.1 xen-libs-32bit-4.2.3_02-0.7.1 xen-tools-4.2.3_02-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): xen-kmp-pae-4.2.3_02_3.0.93_0.8-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-1432.html http://support.novell.com/security/cve/CVE-2013-1442.html http://support.novell.com/security/cve/CVE-2013-1918.html http://support.novell.com/security/cve/CVE-2013-4355.html http://support.novell.com/security/cve/CVE-2013-4361.html http://support.novell.com/security/cve/CVE-2013-4368.html http://support.novell.com/security/cve/CVE-2013-4369.html http://support.novell.com/security/cve/CVE-2013-4370.html http://support.novell.com/security/cve/CVE-2013-4371.html http://support.novell.com/security/cve/CVE-2013-4375.html http://support.novell.com/security/cve/CVE-2013-4416.html https://bugzilla.novell.com/817799 https://bugzilla.novell.com/824676 https://bugzilla.novell.com/826882 https://bugzilla.novell.com/828623 https://bugzilla.novell.com/833251 https://bugzilla.novell.com/833483 https://bugzilla.novell.com/833796 https://bugzilla.novell.com/834751 https://bugzilla.novell.com/835896 https://bugzilla.novell.com/836239 https://bugzilla.novell.com/839596 https://bugzilla.novell.com/839600 https://bugzilla.novell.com/840196 https://bugzilla.novell.com/840592 https://bugzilla.novell.com/841766 https://bugzilla.novell.com/842511 https://bugzilla.novell.com/842512 https://bugzilla.novell.com/842513 https://bugzilla.novell.com/842514 https://bugzilla.novell.com/842515 https://bugzilla.novell.com/845520 http://download.novell.com/patch/finder/?keywords=44263de6887ab03471056913790a1e0e From sle-updates at lists.suse.com Wed Nov 27 10:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Nov 2013 18:04:11 +0100 (CET) Subject: SUSE-RU-2013:1775-1: Recommended update for sg3_utils Message-ID: <20131127170411.1581332174@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1775-1 Rating: low References: #719449 #780946 #805059 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sg3_utils provides the following fixes: * Add -f option to rescan-scsi-bus.sh to flush failed multipath devices * Add --export option to sg_inq for 61-msft.rules * Fixup T10 Vendor designator display * In rescan-scsi-bus.sh, check if the HBA driver exports issue_lip in sysfs before using it. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-sg3_utils-8296 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-sg3_utils-8296 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-sg3_utils-8296 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-sg3_utils-8296 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): sg3_utils-devel-1.31-1.19.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): sg3_utils-1.31-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): sg3_utils-1.31-1.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): sg3_utils-1.31-1.19.1 References: https://bugzilla.novell.com/719449 https://bugzilla.novell.com/780946 https://bugzilla.novell.com/805059 http://download.novell.com/patch/finder/?keywords=8ee16557c8d57eb77bd0ade2ad14a45f From sle-updates at lists.suse.com Thu Nov 28 13:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Nov 2013 21:04:11 +0100 (CET) Subject: SUSE-SU-2013:1783-1: moderate: Security update for openvpn Message-ID: <20131128200411.B6F9F3217B@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1783-1 Rating: moderate References: #843509 Cross-References: CVE-2013-2061 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpn_decrypt that might have allowed remote attackers to gain knowledge of plaintext data. (CVE-2013-2061) Security Issues: * CVE-2013-2061 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openvpn-8493 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openvpn-8493 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openvpn-8496 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openvpn-8496 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openvpn-8493 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-openvpn-8496 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): openvpn-2.0.9-143.40.5 openvpn-auth-pam-plugin-2.0.9-143.40.5 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.40.5 openvpn-auth-pam-plugin-2.0.9-143.40.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openvpn-2.0.9-143.33.3.1 openvpn-auth-pam-plugin-2.0.9-143.33.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.33.3.1 openvpn-auth-pam-plugin-2.0.9-143.33.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): openvpn-2.0.9-143.40.5 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): openvpn-2.0.9-143.33.3.1 References: http://support.novell.com/security/cve/CVE-2013-2061.html https://bugzilla.novell.com/843509 http://download.novell.com/patch/finder/?keywords=f305d64a55b5c18ded8b53766324abec http://download.novell.com/patch/finder/?keywords=f4d8b131056fb4788f8628df6041fa7f From sle-updates at lists.suse.com Thu Nov 28 13:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Nov 2013 21:04:16 +0100 (CET) Subject: SUSE-SU-2013:1784-1: moderate: Security update for wireshark Message-ID: <20131128200416.894CA3217B@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1784-1 Rating: moderate References: #839607 #848738 Cross-References: CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. It includes one version update. Description: Wireshark has been updated to version 1.8.11 to fix bugs and security issues. Security Issue references: * CVE-2013-6336 * CVE-2013-6337 * CVE-2013-6338 * CVE-2013-6339 * CVE-2013-6340 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark-8504 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-8503 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark-8504 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark-8504 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-8503 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-8503 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark-8504 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-8503 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.11]: wireshark-devel-1.8.11-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.11]: wireshark-devel-1.8.11-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.11]: wireshark-1.8.11-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-6336.html http://support.novell.com/security/cve/CVE-2013-6337.html http://support.novell.com/security/cve/CVE-2013-6338.html http://support.novell.com/security/cve/CVE-2013-6339.html http://support.novell.com/security/cve/CVE-2013-6340.html https://bugzilla.novell.com/839607 https://bugzilla.novell.com/848738 http://download.novell.com/patch/finder/?keywords=c472b5e0729755c075a9d8e34d8229bf http://download.novell.com/patch/finder/?keywords=e88e5696a507e9aa77fbbd4683dfb1bf From sle-updates at lists.suse.com Fri Nov 29 12:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Nov 2013 20:04:10 +0100 (CET) Subject: SUSE-OU-2013:1785-1: Optional update for apache2-mod_nss Message-ID: <20131129190410.40B2C32175@maintenance.suse.de> SUSE Optional Update: Optional update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-OU-2013:1785-1 Rating: low References: #847216 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This feature update provides a new Apache2 module "mod_nss" which implements an https provider as a replacement of mod_ssl. (FATE#316419) mod_nss uses the Mozilla NSS libraries to provide SSL support and so is able to supply TLS 1.1 and TLS 1.2 for your Apache web server. The package includes a README-SUSE.txt with detailed setup instructions. Also some glue documentation can be found in /etc/apache2/conf.d/mod_nss.conf and covers: * Simultaneous usage of mod_ssl and mod_nss * SNI concurrency * SUSE framework for Apache configuration, Listen directive * Module initialization. Indications: Install this module to enable support for TLS 1.1 and 1.2. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_nss-8553 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_nss-8553 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_nss-8552 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_nss-8552 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.5.1 References: https://bugzilla.novell.com/847216 http://download.novell.com/patch/finder/?keywords=37a9715f1d2e7be6af4596e78caebbfe http://download.novell.com/patch/finder/?keywords=8e8fc0fa9b3ef4045615268a60213e53 From sle-updates at lists.suse.com Fri Nov 29 21:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Nov 2013 05:04:14 +0100 (CET) Subject: SUSE-RU-2013:1789-1: important: Recommended update for timezone Message-ID: <20131130040414.BF48A32149@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1789-1 Rating: important References: #807624 #845530 #850462 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Update to version 2013h (bnc#850462): o Lybia has switched back to UTC+2 o Western Sahara uses Morocco's DST rules o Acre switches from UTC-4 to UTC-5 on Nov. 10th * Define TM_GMTOFF and TM_ZONE like glibc did (bnc#807624) * Correct path expansion for local time link (bnc#845530). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2013h-8560 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-timezone-2013h-8559 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2013h-8560 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2013h-8560 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-timezone-2013h-8559 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-timezone-2013h-8559 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-timezone-2013h-8561 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2013h-8561 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2013h-8560 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-timezone-2013h-8559 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch): timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2013h]: timezone-2013h-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 2013h]: timezone-java-2013h-0.7.1 References: https://bugzilla.novell.com/807624 https://bugzilla.novell.com/845530 https://bugzilla.novell.com/850462 http://download.novell.com/patch/finder/?keywords=34a5cddb8da3f6e341c147ccd98eb2a2 http://download.novell.com/patch/finder/?keywords=42a06dcf634a6d8fa0c708f636f17f3c http://download.novell.com/patch/finder/?keywords=fb5d0f270b40f4b2f00b027ac1a1c421