From sle-updates at lists.suse.com Tue Apr 1 12:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Apr 2014 20:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0470-1: important: Security update for Xen Message-ID: <20140401180412.D5B00320B9@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0470-1 Rating: important References: #786516 #786517 #787163 #789950 #789951 #813673 #813677 #823011 #840592 #842511 #848657 #849668 #853049 Cross-References: CVE-2012-4535 CVE-2012-4537 CVE-2012-4544 CVE-2012-5513 CVE-2012-5515 CVE-2013-1917 CVE-2013-1920 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-4355 CVE-2013-4368 CVE-2013-4494 CVE-2013-4554 CVE-2013-6885 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: The SUSE Linux Enterprise 10 Service Pack 3 LTSS Xen hypervisor and toolset have been updated to fix various security issues: The following security issues have been addressed: * XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline". (bnc#786516) * XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability". (bnc#786517) * XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. (bnc#787163) * XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. (bnc#789951) * XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. (bnc#789950) * XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (bnc#813673) * XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. (bnc#813677) * XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. (bnc#823011) * XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. (bnc#823011) * XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. (bnc#823011) * XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) * XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) * XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) Security Issues references: * CVE-2012-4535 * CVE-2012-4537 * CVE-2012-4544 * CVE-2012-5513 * CVE-2012-5515 * CVE-2013-1917 * CVE-2013-1920 * CVE-2013-2194 * CVE-2013-2195 * CVE-2013-2196 * CVE-2013-4355 * CVE-2013-4368 * CVE-2013-4494 * CVE-2013-4554 * CVE-2013-6885 Indications: Everyone using the Xen hypervisor should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): xen-3.2.3_17040_28-0.6.21.3 xen-devel-3.2.3_17040_28-0.6.21.3 xen-doc-html-3.2.3_17040_28-0.6.21.3 xen-doc-pdf-3.2.3_17040_28-0.6.21.3 xen-doc-ps-3.2.3_17040_28-0.6.21.3 xen-kmp-debug-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-kmp-default-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-kmp-kdump-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-kmp-smp-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-libs-3.2.3_17040_28-0.6.21.3 xen-tools-3.2.3_17040_28-0.6.21.3 xen-tools-domU-3.2.3_17040_28-0.6.21.3 xen-tools-ioemu-3.2.3_17040_28-0.6.21.3 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_28-0.6.21.3 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-kmp-kdumppae-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-kmp-vmi-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 xen-kmp-vmipae-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3 References: http://support.novell.com/security/cve/CVE-2012-4535.html http://support.novell.com/security/cve/CVE-2012-4537.html http://support.novell.com/security/cve/CVE-2012-4544.html http://support.novell.com/security/cve/CVE-2012-5513.html http://support.novell.com/security/cve/CVE-2012-5515.html http://support.novell.com/security/cve/CVE-2013-1917.html http://support.novell.com/security/cve/CVE-2013-1920.html http://support.novell.com/security/cve/CVE-2013-2194.html http://support.novell.com/security/cve/CVE-2013-2195.html http://support.novell.com/security/cve/CVE-2013-2196.html http://support.novell.com/security/cve/CVE-2013-4355.html http://support.novell.com/security/cve/CVE-2013-4368.html http://support.novell.com/security/cve/CVE-2013-4494.html http://support.novell.com/security/cve/CVE-2013-4554.html http://support.novell.com/security/cve/CVE-2013-6885.html https://bugzilla.novell.com/786516 https://bugzilla.novell.com/786517 https://bugzilla.novell.com/787163 https://bugzilla.novell.com/789950 https://bugzilla.novell.com/789951 https://bugzilla.novell.com/813673 https://bugzilla.novell.com/813677 https://bugzilla.novell.com/823011 https://bugzilla.novell.com/840592 https://bugzilla.novell.com/842511 https://bugzilla.novell.com/848657 https://bugzilla.novell.com/849668 https://bugzilla.novell.com/853049 http://download.suse.com/patch/finder/?keywords=6f43bf900a8ce3d35255c35946732753 From sle-updates at lists.suse.com Tue Apr 1 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Apr 2014 01:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0471-1: important: Security update for mutt Message-ID: <20140401230411.E3A03320A0@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0471-1 Rating: important References: #868115 Cross-References: CVE-2014-0467 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. Security Issues references: * CVE-2014-0467 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mutt-9023 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mutt-9023 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mutt-9023 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mutt-1.5.17-42.37.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mutt-1.5.17-42.37.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mutt-1.5.17-42.37.1 References: http://support.novell.com/security/cve/CVE-2014-0467.html https://bugzilla.novell.com/868115 http://download.suse.com/patch/finder/?keywords=dcc3a50329b03a50dab960aa4c2251c8 From sle-updates at lists.suse.com Tue Apr 1 19:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Apr 2014 03:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0472-1: Recommended update for logrotate Message-ID: <20140402010412.F1523320A0@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0472-1 Rating: low References: #831057 #843171 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for logrotate fixes calling of prerotate/postrotate scripts in nosharedscripts mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-logrotate-8953 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-logrotate-8953 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-logrotate-8953 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): logrotate-3.7.7-10.28.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): logrotate-3.7.7-10.28.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): logrotate-3.7.7-10.28.1 References: https://bugzilla.novell.com/831057 https://bugzilla.novell.com/843171 http://download.suse.com/patch/finder/?keywords=6594801d219add56da5d7009285fe5fe From sle-updates at lists.suse.com Thu Apr 3 11:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Apr 2014 19:04:10 +0200 (CEST) Subject: SUSE-SU-2014:0474-1: important: Security update for lighttpd Message-ID: <20140403170410.9272832067@maintenance.suse.de> SUSE Security Update: Security update for lighttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0474-1 Rating: important References: #867350 Cross-References: CVE-2014-2323 CVE-2014-2324 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The HTTP server lighttpd was updated to fix the following security issues: * CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name. * CVE-2014-2323: Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd allowed remote attackers to read arbitrary files via .. (dot dot) in the host name. More information can be found on the lighttpd advisory page: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2 014_01.txt Security Issues references: * CVE-2014-2323 * CVE-2014-2324 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lighttpd-9031 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-lighttpd-9031 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.54.1 lighttpd-mod_cml-1.4.20-2.54.1 lighttpd-mod_magnet-1.4.20-2.54.1 lighttpd-mod_mysql_vhost-1.4.20-2.54.1 lighttpd-mod_rrdtool-1.4.20-2.54.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.54.1 lighttpd-mod_webdav-1.4.20-2.54.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.54.1 References: http://support.novell.com/security/cve/CVE-2014-2323.html http://support.novell.com/security/cve/CVE-2014-2324.html https://bugzilla.novell.com/867350 http://download.suse.com/patch/finder/?keywords=052dffefc1e084c898a83671a4359f4c From sle-updates at lists.suse.com Thu Apr 3 12:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Apr 2014 20:04:10 +0200 (CEST) Subject: SUSE-SU-2014:0475-1: important: Security update for sudo Message-ID: <20140403180410.3C559320A2@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0475-1 Rating: important References: #863025 #866503 #868444 Cross-References: CVE-2014-0106 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This collective update for sudo provides fixes for the following issues: * Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running "sudo -s". (bnc#868444) * Command "who -m" prints no output when using log_input/log_output sudo options. (bnc#863025) Security Issues references: * CVE-2014-0106 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-sudo-9044 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-sudo-9044 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sudo-9044 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): sudo-1.7.6p2-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): sudo-1.7.6p2-0.21.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): sudo-1.7.6p2-0.21.1 References: http://support.novell.com/security/cve/CVE-2014-0106.html https://bugzilla.novell.com/863025 https://bugzilla.novell.com/866503 https://bugzilla.novell.com/868444 http://download.suse.com/patch/finder/?keywords=7394054678cda176999ab258b218cb1d From sle-updates at lists.suse.com Mon Apr 7 21:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Apr 2014 05:04:10 +0200 (CEST) Subject: SUSE-SU-2014:0487-1: moderate: Security update for wireshark Message-ID: <20140408030410.DC70132098@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0487-1 Rating: moderate References: #867485 Cross-References: CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: Wireshark was updated to version 1.8.13 to fix security and stability issues. The following security vulnerabilities have been fixed: * CVE-2014-2281: The NFS dissector could crash. * CVE-2014-2283: The RLC dissector could crash. * CVE-2014-2299: The MPEG file parser could overflow a buffer. For more information about additional bug fixes and updated protocol support, please refer to: https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.htm l Security Issues references: * CVE-2014-2281 * CVE-2014-2283 * CVE-2014-2299 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark-9060 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark-9060 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark-9060 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark-9060 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.13]: wireshark-devel-1.8.13-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.8.13]: wireshark-1.8.13-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.8.13]: wireshark-1.8.13-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.13]: wireshark-1.8.13-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.8.13]: wireshark-1.8.13-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-2281.html http://support.novell.com/security/cve/CVE-2014-2282.html http://support.novell.com/security/cve/CVE-2014-2283.html http://support.novell.com/security/cve/CVE-2014-2299.html https://bugzilla.novell.com/867485 http://download.suse.com/patch/finder/?keywords=8dfaf12b668c0ce73a8b244adb1176f7 From sle-updates at lists.suse.com Mon Apr 7 21:04:28 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Apr 2014 05:04:28 +0200 (CEST) Subject: SUSE-RU-2014:0488-1: important: Recommended update for multipath-tools Message-ID: <20140408030428.C710932098@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0488-1 Rating: important References: #868443 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for multipath-tools fixes a potential segmentation fault when reading multipath's configuration file. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kpartx-9058 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kpartx-9058 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kpartx-9058 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kpartx-0.4.9-0.97.1 multipath-tools-0.4.9-0.97.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kpartx-0.4.9-0.97.1 multipath-tools-0.4.9-0.97.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kpartx-0.4.9-0.97.1 multipath-tools-0.4.9-0.97.1 References: https://bugzilla.novell.com/868443 http://download.suse.com/patch/finder/?keywords=e5ee8603d3ad5d3fa069f57a0eb1366d From sle-updates at lists.suse.com Mon Apr 7 21:04:49 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Apr 2014 05:04:49 +0200 (CEST) Subject: SUSE-RU-2014:0489-1: Recommended update for Release Notes Message-ID: <20140408030449.EFB9132098@maintenance.suse.de> SUSE Recommended Update: Recommended update for Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0489-1 Rating: low References: #803794 #864277 #865814 #866875 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise Server 11 SP3. * Updated entries: btrfs (bnc#864277); WebYaST (bnc#865814). * New entries: Installation via USB (bnc#803794 via fate#312662). * Use suse2013 style sheets (bnc#866875). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-release-notes-sles-201403-9001 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-release-notes-sles-201403-9001 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 11.3.31]: release-notes-SLES-for-VMware-11.3.31-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.3.31]: release-notes-sles-11.3.31-0.7.2 References: https://bugzilla.novell.com/803794 https://bugzilla.novell.com/864277 https://bugzilla.novell.com/865814 https://bugzilla.novell.com/866875 http://download.suse.com/patch/finder/?keywords=adc34b82fe2a5cc2fe60071c5fb46ac7 From sle-updates at lists.suse.com Mon Apr 7 21:05:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Apr 2014 05:05:41 +0200 (CEST) Subject: SUSE-SU-2014:0430-2: Security update for rubygem-mail-2_3 Message-ID: <20140408030541.5E60A32098@maintenance.suse.de> SUSE Security Update: Security update for rubygem-mail-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0430-2 Rating: low References: #864873 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Various Ruby gems were released where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files. (bnc#864873) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-mail-2_3-8962 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-mail-2_3-2.3.0-0.12.1 References: https://bugzilla.novell.com/864873 http://download.suse.com/patch/finder/?keywords=ed92f794845ae22c39551cf75430cb17 From sle-updates at lists.suse.com Mon Apr 7 22:04:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Apr 2014 06:04:09 +0200 (CEST) Subject: SUSE-RU-2014:0490-1: Recommended update for HAE Release Notes Message-ID: <20140408040409.214C032098@maintenance.suse.de> SUSE Recommended Update: Recommended update for HAE Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0490-1 Rating: low References: #866875 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise High Availability Extension 11 SP3. * Use suse2013 style sheets (bnc#866875). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-release-notes-hae-8999 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.3.18]: release-notes-hae-11.3.18-0.10.1 References: https://bugzilla.novell.com/866875 http://download.suse.com/patch/finder/?keywords=d3e018eee346afb901ccf9e4f714a8d8 From sle-updates at lists.suse.com Tue Apr 8 15:04:38 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Apr 2014 23:04:38 +0200 (CEST) Subject: SUSE-SU-2014:0497-1: important: Security update for Samba Message-ID: <20140408210438.964D23209F@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0497-1 Rating: important References: #726937 #786677 #844307 #847009 #849224 #863748 #865561 Cross-References: CVE-2013-4496 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed: * No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been added: * Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). And the following bugs have been fixed: * Fixed problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). * Fixed memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). * Fixed Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). * Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937). Security Issue reference: * CVE-2013-4496 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cifs-mount-9010 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cifs-mount-9010 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cifs-mount-9010 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cifs-mount-9010 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.50.1 libnetapi-devel-3.6.3-0.50.1 libnetapi0-3.6.3-0.50.1 libsmbclient-devel-3.6.3-0.50.1 libsmbsharemodes-devel-3.6.3-0.50.1 libsmbsharemodes0-3.6.3-0.50.1 libtalloc-devel-3.6.3-0.50.1 libtdb-devel-3.6.3-0.50.1 libtevent-devel-3.6.3-0.50.1 libwbclient-devel-3.6.3-0.50.1 samba-devel-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.50.1 libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.50.1 libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.50.1 libtalloc2-x86-3.6.3-0.50.1 libtdb1-x86-3.6.3-0.50.1 libwbclient0-x86-3.6.3-0.50.1 samba-client-x86-3.6.3-0.50.1 samba-winbind-x86-3.6.3-0.50.1 samba-x86-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.50.1 libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.50.1 References: http://support.novell.com/security/cve/CVE-2013-4496.html https://bugzilla.novell.com/726937 https://bugzilla.novell.com/786677 https://bugzilla.novell.com/844307 https://bugzilla.novell.com/847009 https://bugzilla.novell.com/849224 https://bugzilla.novell.com/863748 https://bugzilla.novell.com/865561 http://download.suse.com/patch/finder/?keywords=4a7ee13a3179340603da9ffb1703c20a From sle-updates at lists.suse.com Tue Apr 8 17:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Apr 2014 01:04:14 +0200 (CEST) Subject: SUSE-RU-2014:0490-2: Recommended update for SDK Release Notes Message-ID: <20140408230414.0FC593209F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SDK Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0490-2 Rating: low References: #866875 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise High Availability Geographic Cluster 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise Software Development Kit 11 SP3. * New entry: Ruby on Rails 2.1, 2.3, and 3.1 discontinued (FATE#316975). * Use suse2013 style sheets (bnc#866875). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-release-notes-sdk-9024 - SUSE Linux Enterprise High Availability Geographic Cluster 11 SP3: zypper in -t patch sleshagsp3-release-notes-ha-geo-8998 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 11.3.14]: release-notes-sdk-11.3.14-0.7.1 - SUSE Linux Enterprise High Availability Geographic Cluster 11 SP3 (s390x x86_64): release-notes-ha-geo-11.3.2-0.13.1 References: https://bugzilla.novell.com/866875 http://download.suse.com/patch/finder/?keywords=22f1cf919cf50785b3e3af31920223b1 http://download.suse.com/patch/finder/?keywords=95d5e127af9549a0edbfeb136a27632b From sle-updates at lists.suse.com Wed Apr 9 11:04:38 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Apr 2014 19:04:38 +0200 (CEST) Subject: SUSE-RU-2014:0502-1: Recommended update for crowbar-barclamp-ceilometer, crowbar-barclamp-swift Message-ID: <20140409170438.827B1320A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer, crowbar-barclamp-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0502-1 Rating: low References: #844044 #861313 #863339 #863720 #864197 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This consolidated update for SUSE Cloud 3 provides the following fixes and enhancements: crowbar-barclamp-swift: * Marker for maintenance update containing all recent improvements. (bnc#864197) * Sync templates with Havana * Set keystone_api_insecure option in dispersion.conf * Remove unneeded variable for template * Always define the filters * Rename auth_token filter to authtoken * Rework the pipeline in proxy-server.conf * Create SSL certificate automatically for smoketest * Revert workers settings to previous state * Always have ceilometer last before proxy-server in pipeline * Fail if storage node has no disk for swift * Fix keystone-signing directory * Install via zypper on SUSE based systems * Do not fail on storage nodes if rsync of rings fails * Remove hardcoded path to certificate & key * Drop "hide_auth" config value * Drop allow_account_management * Drop "group" configurable * Clarify string for delayed_auth * Do not fail with missing certificates if SSL is disabled * Add ability to enable/disable SSL * Revert generate_certs to false * Use memcached user for memcached on SUSE. (bnc#861313) * Replaced nav link with real route and replaced some instance vars with local vars * Hide the cluster admin password from the UI: this is only useful when using swauth, not keystone. crowbar-barclamp-ceilometer: * Only give ResellerAdmin role to ceilometer after creation of user. * Check if mongodb is running. (bnc#863720) * Require 'timeout' inside ruby_block. (bnc#863720) * Make ceilometer owner, allow group write (for swift). (bnc#844044) * Ceilometer requires user rights. (bnc#844044) * Always start mongodb service in recipe. (bnc#863339) * Do not execute ceilometer-dbsync on SUSE. (bnc#863339) * Fix keystone-signing dir. (bnc#863339) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-ceilometer-swift-8946 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-ceilometer-1.7+git.1392818925.71169fa-0.7.2 crowbar-barclamp-swift-1.7+git.1392222318.2ee5ea8-0.7.2 References: https://bugzilla.novell.com/844044 https://bugzilla.novell.com/861313 https://bugzilla.novell.com/863339 https://bugzilla.novell.com/863720 https://bugzilla.novell.com/864197 http://download.suse.com/patch/finder/?keywords=6f08662d5c61894cb4496c0ea199b852 From sle-updates at lists.suse.com Wed Apr 9 16:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Apr 2014 00:04:11 +0200 (CEST) Subject: SUSE-RU-2014:0503-1: Recommended update for ipsec-tools Message-ID: <20140409220411.4AEA1320A0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipsec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0503-1 Rating: low References: #849058 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipsec-tools fixes the Dead Peer Detection algorithm that previously failed to properly clean up Security Associations in the kernel. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ipsec-tools-8983 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ipsec-tools-8983 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ipsec-tools-0.7.3-1.4.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ipsec-tools-0.7.3-1.4.1 References: https://bugzilla.novell.com/849058 http://download.suse.com/patch/finder/?keywords=41873062e4671e30633f4fb1ca7cdf57 From sle-updates at lists.suse.com Thu Apr 10 11:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Apr 2014 19:04:10 +0200 (CEST) Subject: SUSE-SU-2014:0510-1: important: Security update for puppet Message-ID: <20140410170410.9F964320A1@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0510-1 Rating: important References: #864082 Cross-References: CVE-2013-4761 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The deployment framework puppet received an update for a security issue in January. The backport of this security issue was however incomplete and broke existing setups. As the scope of the problem is limited to local scenarios where an attacker likely has access already, and backporting is not trivial, this update reverts the fix for now. We are evaluating the possibility of an update to puppet 2.7 in the future. Security Issue reference: * CVE-2013-4761 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-puppet-9033 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-puppet-9033 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-puppet-9034 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-puppet-9033 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): puppet-2.6.18-0.14.1 puppet-server-2.6.18-0.14.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): puppet-2.6.18-0.14.1 puppet-server-2.6.18-0.14.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.14.1 puppet-server-2.6.18-0.14.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): puppet-2.6.18-0.14.1 References: http://support.novell.com/security/cve/CVE-2013-4761.html https://bugzilla.novell.com/864082 http://download.suse.com/patch/finder/?keywords=24c2c59c4dad1805552510a5de57785e http://download.suse.com/patch/finder/?keywords=a6a4981325dec6da4f36ae2016a2464d From sle-updates at lists.suse.com Thu Apr 10 11:04:27 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Apr 2014 19:04:27 +0200 (CEST) Subject: SUSE-RU-2014:0511-1: Recommended update for openstack-neutron and python-neutron Message-ID: <20140410170427.6EC3A320A1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron and python-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0511-1 Rating: low References: #864195 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This consolidated update for openstack-neutron and python-neutron provides the following fixes and enhancements: * bnc#864195: o Avoid loading policy when processing RPC requests o Fixes external network sometimes not visible for non-admin users * Send DHCP notifications regardless of agent status * Don't allow qpid receiving thread to die * Remove and recreate interface if already exists * Multiple Neutron operations using script fails on Brocade plug-in * Fix passing keystone token to neutronclient instance. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-neutron-8956 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.2.dev18.g4265436]: openstack-neutron-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-dhcp-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-l3-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-lbaas-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-linuxbridge-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-metadata-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-metering-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-mlnx-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-nec-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-openvswitch-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-plugin-cisco-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-ryu-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-server-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-vmware-agent-2013.2.2.dev18.g4265436-0.7.2 openstack-neutron-vpn-agent-2013.2.2.dev18.g4265436-0.7.2 python-neutron-2013.2.2.dev18.g4265436-0.7.2 - SUSE Cloud 3 (noarch) [New Version: 2013.2.2.dev18.g4265436]: openstack-neutron-doc-2013.2.2.dev18.g4265436-0.7.3 References: https://bugzilla.novell.com/864195 http://download.suse.com/patch/finder/?keywords=238022142af0d651c1e6fd81efe5a363 From sle-updates at lists.suse.com Thu Apr 10 11:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Apr 2014 19:04:41 +0200 (CEST) Subject: SUSE-RU-2014:0512-1: Recommended update for python-neutronclient Message-ID: <20140410170441.43D58320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-neutronclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0512-1 Rating: low References: #864196 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-neutronclient provides the following non-security fix: * bnc#864196: Fixed get_auth_info for pre-authenticated clients. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-python-neutronclient-8961 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): python-neutronclient-2.3.3-0.11.2 References: https://bugzilla.novell.com/864196 http://download.suse.com/patch/finder/?keywords=f85ae79d6ff611a92e8622e48fe059f7 From sle-updates at lists.suse.com Thu Apr 10 11:04:54 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Apr 2014 19:04:54 +0200 (CEST) Subject: SUSE-RU-2014:0233-2: moderate: Recommended update for rubygem-chef Message-ID: <20140410170454.61DF1320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0233-2 Rating: moderate References: #860565 #860865 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef fixes the following non-security issues: * bnc#860865: Fixed race conditions when chef-client is started when there is already an instance running. * bnc#860565: chef-client terminated by logrotate script when chef-client run is ongoing. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rubygem-chef-9004 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): rubygem-chef-10.24.4-0.23.3 rubygem-chef-doc-10.24.4-0.23.3 References: https://bugzilla.novell.com/860565 https://bugzilla.novell.com/860865 http://download.suse.com/patch/finder/?keywords=f795ccb3a29df2e1dbadd1be5712edd3 From sle-updates at lists.suse.com Fri Apr 11 17:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Apr 2014 01:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0519-1: moderate: Security update for openstack-keystone Message-ID: <20140411230415.0550732085@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0519-1 Rating: moderate References: #866483 #869326 Cross-References: CVE-2014-2237 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: Openstack Keystone has been updated to fix bugs and security issues. The following security issue has been fixed: * CVE-2014-2237: trustee token revocation did not work with the memcache backend. Additional changes: * Bump stable/havana next version to 2013.2.3. * SQLAlchemy: Change to support more strict dialect checking * Add hybrid identity and assignment keystone backends added patch for gettext import (bnc#869326) Security Issue references: * CVE-2014-2237 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-keystone-9062 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev4.g27e1469]: openstack-keystone-2013.2.3.dev4.g27e1469-0.7.1 python-keystone-2013.2.3.dev4.g27e1469-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-2237.html https://bugzilla.novell.com/866483 https://bugzilla.novell.com/869326 http://download.suse.com/patch/finder/?keywords=76434e96c11fb21bf42b289e970b820f From sle-updates at lists.suse.com Mon Apr 14 11:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Apr 2014 19:04:10 +0200 (CEST) Subject: SUSE-SU-2014:0523-1: moderate: Security update for python-setuptools Message-ID: <20140414170410.A8A19320A9@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0523-1 Rating: moderate References: #843759 Cross-References: CVE-2013-1633 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: python-setuptools so far used only HTTP to retrieve packages, which could have lead to man in the middle attacks on newly installed python code. This update adjusts it to use HTTPS, guaranteeing better connection integrity. Security Issue reference: * CVE-2013-1633 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-setuptools-9116 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-setuptools-9116 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-setuptools-0.6c8-10.19.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-setuptools-0.6c8-10.19.6.1 References: http://support.novell.com/security/cve/CVE-2013-1633.html https://bugzilla.novell.com/843759 http://download.suse.com/patch/finder/?keywords=1aef002e40c14ef725314a7058cabe41 From sle-updates at lists.suse.com Mon Apr 14 11:04:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Apr 2014 19:04:25 +0200 (CEST) Subject: SUSE-SU-2014:0524-1: moderate: Security update for net-snmp Message-ID: <20140414170425.17DAB320A9@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0524-1 Rating: moderate References: #866942 #867349 Cross-References: CVE-2014-2284 CVE-2014-2310 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The net-snmp remote service received security and bugfixes: * A remote denial of service flaw in Linux implementation of ICMP-MIB has been fixed (CVE-2014-2284) * snmptrapd could have crashed when using a trap with empty community string. This has been fixed. (CVE-2014-2285) * The AgentX subagent of net-snmp could have been stalled when a manager sent a multi-object request with a different number of subids. (CVE-2014-2310) Security Issue references: * CVE-2014-2284 * CVE-2014-2310 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libsnmp15-9015 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libsnmp15-9015 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libsnmp15-9015 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libsnmp15-9015 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libsnmp15-5.4.2.1-8.12.20.1 net-snmp-5.4.2.1-8.12.20.1 perl-SNMP-5.4.2.1-8.12.20.1 snmp-mibs-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsnmp15-32bit-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.20.1 net-snmp-5.4.2.1-8.12.20.1 perl-SNMP-5.4.2.1-8.12.20.1 snmp-mibs-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsnmp15-x86-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libsnmp15-5.4.2.1-8.12.20.1 net-snmp-5.4.2.1-8.12.20.1 perl-SNMP-5.4.2.1-8.12.20.1 snmp-mibs-5.4.2.1-8.12.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.20.1 References: http://support.novell.com/security/cve/CVE-2014-2284.html http://support.novell.com/security/cve/CVE-2014-2310.html https://bugzilla.novell.com/866942 https://bugzilla.novell.com/867349 http://download.suse.com/patch/finder/?keywords=99c3539b84fd176ccc48a21ee6e78d4e From sle-updates at lists.suse.com Mon Apr 14 11:04:49 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Apr 2014 19:04:49 +0200 (CEST) Subject: SUSE-SU-2014:0525-1: Security update for freeradius Message-ID: <20140414170449.1486B320A9@maintenance.suse.de> SUSE Security Update: Security update for freeradius ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0525-1 Rating: low References: #864576 Cross-References: CVE-2014-2015 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a denial of service (crash) security issue rlm_pap hash processing in FreeRadius, which could have been caused by special passwords fed into the RLM-PAP password checking method via LDAP by remote attackers. Security Issue reference: * CVE-2014-2015 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-freeradius-server-8968 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-freeradius-server-8968 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-freeradius-server-8968 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): freeradius-server-devel-2.1.1-7.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): freeradius-server-libs-2.1.1-7.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): freeradius-server-2.1.1-7.18.1 freeradius-server-dialupadmin-2.1.1-7.18.1 freeradius-server-doc-2.1.1-7.18.1 freeradius-server-libs-2.1.1-7.18.1 freeradius-server-utils-2.1.1-7.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): freeradius-server-2.1.1-7.18.1 freeradius-server-dialupadmin-2.1.1-7.18.1 freeradius-server-doc-2.1.1-7.18.1 freeradius-server-libs-2.1.1-7.18.1 freeradius-server-utils-2.1.1-7.18.1 References: http://support.novell.com/security/cve/CVE-2014-2015.html https://bugzilla.novell.com/864576 http://download.suse.com/patch/finder/?keywords=c3896d7e5c74c86a7370e3e110867c58 From sle-updates at lists.suse.com Tue Apr 15 13:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Apr 2014 21:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0529-1: important: Security update for strongswan Message-ID: <20140415190413.31B94320AA@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0529-1 Rating: important References: #870572 Cross-References: CVE-2014-2338 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following security issue is fixed by this update: * bnc#870572: strongswan has been updated to fix an authentication problem where attackers could have bypassed the IKEv2 authentication. (CVE-2014-2338) Security Issue reference: * CVE-2014-2338 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-strongswan-9089 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-strongswan-9089 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-strongswan-9091 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-strongswan-9090 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-strongswan-9089 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): strongswan-4.4.0-6.23.1 strongswan-doc-4.4.0-6.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.23.1 strongswan-doc-4.4.0-6.23.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): strongswan-4.4.0-6.23.1 strongswan-doc-4.4.0-6.23.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 4.4.0]: strongswan-4.4.0-6.23.1 strongswan-doc-4.4.0-6.23.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): strongswan-4.4.0-6.17.1 strongswan-doc-4.4.0-6.17.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): strongswan-4.1.10-0.20.1 strongswan-doc-4.1.10-0.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): strongswan-4.4.0-6.23.1 strongswan-doc-4.4.0-6.23.1 References: http://support.novell.com/security/cve/CVE-2014-2338.html https://bugzilla.novell.com/870572 http://download.suse.com/patch/finder/?keywords=2fa17d32e96a0a6e75cf09c3ee27248a http://download.suse.com/patch/finder/?keywords=6934f5428f28e943d4b95fb80186e500 http://download.suse.com/patch/finder/?keywords=a056596e6640418d5e1521a74c8dddb7 http://download.suse.com/patch/finder/?keywords=bf28f278dcbe157650c32cbc4472be03 http://download.suse.com/patch/finder/?keywords=fcda2d9564b781d675247b9a0b0cc648 From sle-updates at lists.suse.com Tue Apr 15 17:05:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Apr 2014 01:05:12 +0200 (CEST) Subject: SUSE-SU-2014:0531-1: important: Security update for Linux kernel Message-ID: <20140415230512.B2E83320A0@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0531-1 Rating: important References: #599263 #827670 #833968 #844513 #846790 #847672 #852488 #852967 #853162 #853166 #853455 #854025 #854445 #855825 #856848 #857358 #857643 #858604 #859225 #859342 #861093 #862796 #862957 #863178 #863526 #864025 #864058 #864833 #864880 #865342 #865783 #866253 #866428 #870801 Cross-References: CVE-2013-4470 CVE-2013-6885 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2014-0069 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. ------------------------------------------------------------ ------------ WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following support document before installing this update: https://www.suse.com/support/kb/doc.php?id=7014344 You will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel. ------------------------------------------------------------ ------------ The following security bugs have been fixed: * CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) * CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967) * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643) * CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643) * CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643) * CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025) Also the following non-security bugs have been fixed: * kabi: protect symbols modified by bnc#864833 fix (bnc#864833). * mm: mempolicy: fix mbind_range() && vma_adjust() interaction (VM Functionality (bnc#866428)). * mm: merging memory blocks resets mempolicy (VM Functionality (bnc#866428)). * mm/page-writeback.c: do not count anon pages as dirtyable memory (High memory utilisation performance (bnc#859225)). * mm: vmscan: Do not force reclaim file pages until it exceeds anon (High memory utilisation performance (bnc#859225)). * mm: vmscan: fix endless loop in kswapd balancing (High memory utilisation performance (bnc#859225)). * mm: vmscan: Update rotated and scanned when force reclaimed (High memory utilisation performance (bnc#859225)). * mm: exclude memory less nodes from zone_reclaim (bnc#863526). * mm: fix return type for functions nr_free_*_pages kabi fixup (bnc#864058). * mm: fix return type for functions nr_free_*_pages (bnc#864058). * mm: swap: Use swapfiles in priority order (Use swap files in priority order (bnc#862957)). * x86: Save cr2 in NMI in case NMIs take a page fault (follow-up for patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch). * powerpc: Add VDSO version of getcpu (fate#316816, bnc#854445). * vmscan: change type of vm_total_pages to unsigned long (bnc#864058). * audit: dynamically allocate audit_names when not enough space is in the names array (bnc#857358). * audit: make filetype matching consistent with other filters (bnc#857358). * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT (bnc#863178). * hwmon: (coretemp) Fix truncated name of alarm attributes. * privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). * nohz: Check for nohz active instead of nohz enabled (bnc#846790). * nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off (bnc#846790). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513) * balloon: do not crash in HVM-with-PoD guests. * crypto: s390 - fix des and des3_ede ctr concurrency issue (bnc#862796, LTC#103744). * crypto: s390 - fix des and des3_ede cbc concurrency issue (bnc#862796, LTC#103743). * kernel: oops due to linkage stack instructions (bnc#862796, LTC#103860). * crypto: s390 - fix concurrency issue in aes-ctr mode (bnc#862796, LTC#103742). * dump: Fix dump memory detection (bnc#862796,LTC#103575). * net: change type of virtio_chan->p9_max_pages (bnc#864058). * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801). * inet: Avoid potential NULL peer dereference (bnc#864833). * inet: Hide route peer accesses behind helpers (bnc#864833). * inet: Pass inetpeer root into inet_getpeer*() interfaces (bnc#864833). * tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968). * tcp: syncookies: reduce mss table to four values (bnc#833968). * ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag (bnc#865783). * ipv6: send router reachability probe if route has an unreachable gateway (bnc#853162). * sctp: Implement quick failover draft from tsvwg (bnc#827670). * ipvs: fix AF assignment in ip_vs_conn_new() (bnc#856848). * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure (bnc#853455). * btrfs: bugfix collection * fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058). * fs/buffer.c: change type of max_buffer_heads to unsigned long (bnc#864058). * ncpfs: fix rmdir returns Device or resource busy (bnc#864880). * scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025). * scsi_dh_alua: Simplify state machine (bnc#854025). * xhci: Fix resume issues on Renesas chips in Samsung laptops (bnc#866253). * bonding: disallow enslaving a bond to itself (bnc#599263). * USB: hub: handle -ETIMEDOUT during enumeration (bnc#855825). * dm-multipath: Do not stall on invalid ioctls (bnc#865342). * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342). * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604). * dlm: remove get_comm (bnc#827670). * dlm: Avoid LVB truncation (bnc#827670). * dlm: disable nagle for SCTP (bnc#827670). * dlm: retry failed SCTP sends (bnc#827670). * dlm: try other IPs when sctp init assoc fails (bnc#827670). * dlm: clear correct bit during sctp init failure handling (bnc#827670). * dlm: set sctp assoc id during setup (bnc#827670). * dlm: clear correct init bit during sctp setup (bnc#827670). * dlm: fix deadlock between dlm_send and dlm_controld (bnc#827670). * dlm: Fix return value from lockspace_busy() (bnc#827670). * Avoid occasional hang with NFS (bnc#852488). * mpt2sas: Fix unsafe using smp_processor_id() in preemptible (bnc#853166). * lockd: send correct lock when granting a delayed lock (bnc#859342). Security Issue references: * CVE-2013-4470 * CVE-2013-6885 * CVE-2013-7263 * CVE-2013-7264 * CVE-2013-7265 * CVE-2014-0069 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-9102 slessp3-kernel-9105 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-9102 slessp3-kernel-9103 slessp3-kernel-9104 slessp3-kernel-9105 slessp3-kernel-9113 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-9102 slehasp3-kernel-9103 slehasp3-kernel-9104 slehasp3-kernel-9105 slehasp3-kernel-9113 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-9102 sledsp3-kernel-9105 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.21.1 kernel-default-base-3.0.101-0.21.1 kernel-default-devel-3.0.101-0.21.1 kernel-source-3.0.101-0.21.1 kernel-syms-3.0.101-0.21.1 kernel-trace-3.0.101-0.21.1 kernel-trace-base-3.0.101-0.21.1 kernel-trace-devel-3.0.101-0.21.1 kernel-xen-devel-3.0.101-0.21.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.21.1 kernel-pae-base-3.0.101-0.21.1 kernel-pae-devel-3.0.101-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.21.1 kernel-default-base-3.0.101-0.21.1 kernel-default-devel-3.0.101-0.21.1 kernel-source-3.0.101-0.21.1 kernel-syms-3.0.101-0.21.1 kernel-trace-3.0.101-0.21.1 kernel-trace-base-3.0.101-0.21.1 kernel-trace-devel-3.0.101-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.21.1 kernel-ec2-base-3.0.101-0.21.1 kernel-ec2-devel-3.0.101-0.21.1 kernel-xen-3.0.101-0.21.1 kernel-xen-base-3.0.101-0.21.1 kernel-xen-devel-3.0.101-0.21.1 xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.21.1 kernel-ppc64-base-3.0.101-0.21.1 kernel-ppc64-devel-3.0.101-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.21.1 kernel-pae-base-3.0.101-0.21.1 kernel-pae-devel-3.0.101-0.21.1 xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54 cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54 gfs2-kmp-default-2_3.0.101_0.21-0.16.60 gfs2-kmp-trace-2_3.0.101_0.21-0.16.60 ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54 ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.21-2.27.54 gfs2-kmp-xen-2_3.0.101_0.21-0.16.60 ocfs2-kmp-xen-1.6_3.0.101_0.21-0.20.54 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.21-2.27.54 gfs2-kmp-ppc64-2_3.0.101_0.21-0.16.60 ocfs2-kmp-ppc64-1.6_3.0.101_0.21-0.20.54 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.21-2.27.54 gfs2-kmp-pae-2_3.0.101_0.21-0.16.60 ocfs2-kmp-pae-1.6_3.0.101_0.21-0.20.54 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.21.1 kernel-default-base-3.0.101-0.21.1 kernel-default-devel-3.0.101-0.21.1 kernel-default-extra-3.0.101-0.21.1 kernel-source-3.0.101-0.21.1 kernel-syms-3.0.101-0.21.1 kernel-trace-devel-3.0.101-0.21.1 kernel-xen-3.0.101-0.21.1 kernel-xen-base-3.0.101-0.21.1 kernel-xen-devel-3.0.101-0.21.1 kernel-xen-extra-3.0.101-0.21.1 xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.21.1 kernel-pae-base-3.0.101-0.21.1 kernel-pae-devel-3.0.101-0.21.1 kernel-pae-extra-3.0.101-0.21.1 xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.21.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.21.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.21.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.21.1 References: http://support.novell.com/security/cve/CVE-2013-4470.html http://support.novell.com/security/cve/CVE-2013-6885.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2013-7264.html http://support.novell.com/security/cve/CVE-2013-7265.html http://support.novell.com/security/cve/CVE-2014-0069.html https://bugzilla.novell.com/599263 https://bugzilla.novell.com/827670 https://bugzilla.novell.com/833968 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/846790 https://bugzilla.novell.com/847672 https://bugzilla.novell.com/852488 https://bugzilla.novell.com/852967 https://bugzilla.novell.com/853162 https://bugzilla.novell.com/853166 https://bugzilla.novell.com/853455 https://bugzilla.novell.com/854025 https://bugzilla.novell.com/854445 https://bugzilla.novell.com/855825 https://bugzilla.novell.com/856848 https://bugzilla.novell.com/857358 https://bugzilla.novell.com/857643 https://bugzilla.novell.com/858604 https://bugzilla.novell.com/859225 https://bugzilla.novell.com/859342 https://bugzilla.novell.com/861093 https://bugzilla.novell.com/862796 https://bugzilla.novell.com/862957 https://bugzilla.novell.com/863178 https://bugzilla.novell.com/863526 https://bugzilla.novell.com/864025 https://bugzilla.novell.com/864058 https://bugzilla.novell.com/864833 https://bugzilla.novell.com/864880 https://bugzilla.novell.com/865342 https://bugzilla.novell.com/865783 https://bugzilla.novell.com/866253 https://bugzilla.novell.com/866428 https://bugzilla.novell.com/870801 http://download.suse.com/patch/finder/?keywords=16687a9fa96ac20af4faa8cdfc9e65af http://download.suse.com/patch/finder/?keywords=22dc1e8af18524473cafffecb4b4b14d http://download.suse.com/patch/finder/?keywords=2386e6a1a3b32a7da85c7d674d4bc6fc http://download.suse.com/patch/finder/?keywords=3d3bd3e381acb377bb739c05c5a6297c http://download.suse.com/patch/finder/?keywords=54f3c63bee2dc088c0d6761885a45959 http://download.suse.com/patch/finder/?keywords=b4a3caafceac4ecd970b8cf2ee7138bb http://download.suse.com/patch/finder/?keywords=c09969470032946e130c305f40d89cf3 http://download.suse.com/patch/finder/?keywords=c62554b736bb29d4bea099174846749f http://download.suse.com/patch/finder/?keywords=e622300e3c415568cc6d36c257c6da37 http://download.suse.com/patch/finder/?keywords=e91b14a6ab1b56e7248783a199bbc01c From sle-updates at lists.suse.com Wed Apr 16 11:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Apr 2014 19:04:42 +0200 (CEST) Subject: SUSE-SU-2014:0535-1: important: Security update for flash-player Message-ID: <20140416170442.52576320E8@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0535-1 Rating: important References: #872692 Cross-References: CVE-2014-0506 CVE-2014-0507 CVE-2014-0508 CVE-2014-0509 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: Adobe flash-player has been updated to version 11.2.202.350 to resolve security issues and bugs. More information can be found at http://helpx.adobe.com/security/products/flash-player/apsb14 -09.html The following security issues have been fixed: * a use-after-free vulnerability that could have resulted in arbitrary code execution (CVE-2014-0506). * a buffer overflow vulnerability that could have resulted in arbitrary code execution (CVE-2014-0507). * a security bypass vulnerability that could have lead to information disclosure (CVE-2014-0508). * a cross-site-scripting vulnerability (CVE-2014-0509). Security Issue references: * CVE-2014-0506 * CVE-2014-0507 * CVE-2014-0508 * CVE-2014-0509 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-9120 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.350]: flash-player-11.2.202.350-0.3.1 flash-player-gnome-11.2.202.350-0.3.1 flash-player-kde4-11.2.202.350-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0506.html http://support.novell.com/security/cve/CVE-2014-0507.html http://support.novell.com/security/cve/CVE-2014-0508.html http://support.novell.com/security/cve/CVE-2014-0509.html https://bugzilla.novell.com/872692 http://download.suse.com/patch/finder/?keywords=f2e86f8ff4aea106f143b9f7f5880bba From sle-updates at lists.suse.com Wed Apr 16 12:04:30 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Apr 2014 20:04:30 +0200 (CEST) Subject: SUSE-SU-2014:0536-1: important: Security update for Linux kernel Message-ID: <20140416180430.3FD0B320D9@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0536-1 Rating: important References: #702014 #703156 #790920 #798050 #805226 #806219 #808827 #809889 #809891 #809892 #809893 #809894 #809898 #809899 #809900 #809901 #809903 #811354 #816668 #820338 #822722 #823267 #824295 #825052 #826102 #826551 #827362 #827749 #827750 #827855 #827983 #828119 #830344 #831058 #832603 #835839 #842239 #843430 #845028 #847672 #848321 #849765 #850241 #851095 #852558 #853501 #857597 #858869 #858870 #858872 Cross-References: CVE-2011-2492 CVE-2011-2494 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6541 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6547 CVE-2012-6549 CVE-2013-0343 CVE-2013-0914 CVE-2013-1827 CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2888 CVE-2013-2893 CVE-2013-2897 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 CVE-2013-4162 CVE-2013-4387 CVE-2013-4470 CVE-2013-4483 CVE-2013-4588 CVE-2013-6383 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves 42 vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs. The following security issues have been addressed: * CVE-2011-2492: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. (bnc#702014) * CVE-2011-2494: kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. (bnc#703156) * CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) * CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) * CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) * CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) * CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) * CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) * CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) * CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) * CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) * CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) * CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) * CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) * CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) * CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) * CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (bnc#831058) * CVE-2013-4387: net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. (bnc#843430) * CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) * CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) * CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed: * kernel: Remove newline from execve audit log (bnc#827855). * kernel: sclp console hangs (bnc#830344, LTC#95711). * kernel: fix flush_tlb_kernel_range (bnc#825052, LTC#94745). * kernel: lost IPIs on CPU hotplug (bnc#825052, LTC#94784). * sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). * net: Uninline kfree_skb and allow NULL argument (bnc#853501). * netback: don't disconnect frontend when seeing oversize packet. * netfront: reduce gso_max_size to account for max TCP header. * fs/dcache: Avoid race in d_splice_alias and vfs_rmdir (bnc#845028). * fs/proc: proc_task_lookup() fix memory pinning (bnc#827362 bnc#849765). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: don't use CIFSGetSrvInodeNumber in is_path_accessible (bnc#832603). * xfs: Fix kABI breakage caused by AIL list transformation (bnc#806219). * xfs: Replace custom AIL linked-list code with struct list_head (bnc#806219). * reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * jbd: Fix forever sleeping process in do_get_write_access() (bnc#827983). * HID: check for NULL field when setting values (bnc#835839). * HID: provide a helper for validating hid reports (bnc#835839). * bcm43xx: netlink deadlock fix (bnc#850241). * bnx2: Close device if tx_timeout reset fails (bnc#857597). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * lpfc: Update to 8.2.0.106 (bnc#798050). * Make lpfc task management timeout configurable (bnc#798050). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). * advansys: Remove 'last_reset' references (bnc#798050). * tmscsim: Move 'last_reset' into host structure (bnc#798050). * dc395: Move 'last_reset' into internal host structure (bnc#798050). * scsi: remove check for 'resetting' (bnc#798050). * scsi: Allow error handling timeout to be specified (bnc#798050). * scsi: Eliminate error handler overload of the SCSI serial number (bnc#798050). * scsi: Reduce sequential pointer derefs in scsi_error.c and reduce size as well (bnc#798050). * scsi: Reduce error recovery time by reducing use of TURs (bnc#798050). * scsi: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) * scsi: cleanup setting task state in scsi_error_handler() (bnc#798050). * scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). * scsi: Fixup compilation warning (bnc#798050). * scsi: fc class: fix scanning when devs are offline (bnc#798050). * scsi: Warn on invalid command completion (bnc#798050). * scsi: Retry failfast commands after EH (bnc#798050). * scsi: kABI fixes (bnc#798050). Security Issue references: * CVE-2011-2492 * CVE-2011-2494 * CVE-2012-6537 * CVE-2012-6539 * CVE-2012-6540 * CVE-2012-6541 * CVE-2012-6542 * CVE-2012-6544 * CVE-2012-6545 * CVE-2012-6546 * CVE-2012-6547 * CVE-2012-6549 * CVE-2013-0343 * CVE-2013-0914 * CVE-2013-1827 * CVE-2013-2141 * CVE-2013-2164 * CVE-2013-2206 * CVE-2013-2232 * CVE-2013-2234 * CVE-2013-2237 * CVE-2013-2888 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2013-4162 * CVE-2013-4387 * CVE-2013-4470 * CVE-2013-4483 * CVE-2013-4588 * CVE-2013-6383 * CVE-2014-1444 * CVE-2014-1445 * CVE-2014-1446 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): kernel-default-2.6.16.60-0.105.1 kernel-source-2.6.16.60-0.105.1 kernel-syms-2.6.16.60-0.105.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): kernel-debug-2.6.16.60-0.105.1 kernel-kdump-2.6.16.60-0.105.1 kernel-smp-2.6.16.60-0.105.1 kernel-xen-2.6.16.60-0.105.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): kernel-bigsmp-2.6.16.60-0.105.1 kernel-kdumppae-2.6.16.60-0.105.1 kernel-vmi-2.6.16.60-0.105.1 kernel-vmipae-2.6.16.60-0.105.1 kernel-xenpae-2.6.16.60-0.105.1 References: http://support.novell.com/security/cve/CVE-2011-2492.html http://support.novell.com/security/cve/CVE-2011-2494.html http://support.novell.com/security/cve/CVE-2012-6537.html http://support.novell.com/security/cve/CVE-2012-6539.html http://support.novell.com/security/cve/CVE-2012-6540.html http://support.novell.com/security/cve/CVE-2012-6541.html http://support.novell.com/security/cve/CVE-2012-6542.html http://support.novell.com/security/cve/CVE-2012-6544.html http://support.novell.com/security/cve/CVE-2012-6545.html http://support.novell.com/security/cve/CVE-2012-6546.html http://support.novell.com/security/cve/CVE-2012-6547.html http://support.novell.com/security/cve/CVE-2012-6549.html http://support.novell.com/security/cve/CVE-2013-0343.html http://support.novell.com/security/cve/CVE-2013-0914.html http://support.novell.com/security/cve/CVE-2013-1827.html http://support.novell.com/security/cve/CVE-2013-2141.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2206.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2888.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html http://support.novell.com/security/cve/CVE-2013-4162.html http://support.novell.com/security/cve/CVE-2013-4387.html http://support.novell.com/security/cve/CVE-2013-4470.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4588.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2014-1444.html http://support.novell.com/security/cve/CVE-2014-1445.html http://support.novell.com/security/cve/CVE-2014-1446.html https://bugzilla.novell.com/702014 https://bugzilla.novell.com/703156 https://bugzilla.novell.com/790920 https://bugzilla.novell.com/798050 https://bugzilla.novell.com/805226 https://bugzilla.novell.com/806219 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809889 https://bugzilla.novell.com/809891 https://bugzilla.novell.com/809892 https://bugzilla.novell.com/809893 https://bugzilla.novell.com/809894 https://bugzilla.novell.com/809898 https://bugzilla.novell.com/809899 https://bugzilla.novell.com/809900 https://bugzilla.novell.com/809901 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/811354 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/822722 https://bugzilla.novell.com/823267 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/825052 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/826551 https://bugzilla.novell.com/827362 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/827855 https://bugzilla.novell.com/827983 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/830344 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/832603 https://bugzilla.novell.com/835839 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843430 https://bugzilla.novell.com/845028 https://bugzilla.novell.com/847672 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/849765 https://bugzilla.novell.com/850241 https://bugzilla.novell.com/851095 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/853501 https://bugzilla.novell.com/857597 https://bugzilla.novell.com/858869 https://bugzilla.novell.com/858870 https://bugzilla.novell.com/858872 http://download.suse.com/patch/finder/?keywords=bd99d2fcd47fefd9c76757c1e9e1cccb http://download.suse.com/patch/finder/?keywords=d046a694b83b003f9bb6b21b6c0e8e6f http://download.suse.com/patch/finder/?keywords=e59a3c9997ba1bed5bbf01d34d34a3d7 From sle-updates at lists.suse.com Wed Apr 16 18:05:03 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 02:05:03 +0200 (CEST) Subject: SUSE-SU-2014:0537-1: important: Security update for Linux kernel Message-ID: <20140417000503.5316C320A9@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0537-1 Rating: important References: #599263 #769035 #769644 #793727 #798050 #805114 #805740 #820434 #823618 #827670 #833968 #844513 #845378 #845621 #846654 #846790 #846984 #847672 #848055 #849364 #849855 #851603 #852153 #852488 #852967 #853052 #853162 #853166 #853455 #854025 #854445 #854516 #855825 #855885 #856848 #857358 #857643 #857919 #858534 #858604 #858831 #859225 #859342 #861093 #862796 #862957 #863178 #863526 #864025 #864058 #864833 #864880 #865342 #865783 #866253 #866428 #870801 Cross-References: CVE-2013-4470 CVE-2013-6368 CVE-2013-6885 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2014-0069 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 50 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel has been updated to fix various bugs and security issues. ------------------------------------------------------------ ------------ WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following support document before installing this update: https://www.suse.com/support/kb/doc.php?id=7014344 You will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel. ------------------------------------------------------------ ------------ The following security bugs have been fixed: * CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967) * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643) * CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643) * CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643) * CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025) Also the following non-security bugs have been fixed: * sched/rt: Fix rqs cpupri leak while enqueue/dequeue child RT entities. * sched/rt: Use root_domain of rt_rq not current processor (bnc#857919). * kernel: oops due to linkage stack instructions (bnc#862796, LTC#103860). * kabi: protect symbols modified by bnc#864833 fix (bnc#864833). * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * mm: mempolicy: fix mbind_range() && vma_adjust() interaction (VM Functionality (bnc#866428)). * mm: merging memory blocks resets mempolicy (VM Functionality (bnc#866428)). * mm/page-writeback.c: do not count anon pages as dirtyable memory (High memory utilisation performance (bnc#859225)). * mm: vmscan: Do not force reclaim file pages until it exceeds anon (High memory utilisation performance (bnc#859225)). * mm: vmscan: fix endless loop in kswapd balancing (High memory utilisation performance (bnc#859225)). * mm: vmscan: Update rotated and scanned when force reclaimed (High memory utilisation performance (bnc#859225)). * mm: fix return type for functions nr_free_*_pages kabi fixup (bnc#864058). * mm: fix return type for functions nr_free_*_pages (bnc#864058). * mm: swap: Use swapfiles in priority order (Use swap files in priority order (bnc#862957)). * mm: exclude memory less nodes from zone_reclaim (bnc#863526). * mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). * arch/x86: Fix incorrect config symbol in #ifdef (bnc#844513). * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT (bnc#863178). * vmscan: change type of vm_total_pages to unsigned long (bnc#864058). * crypto: s390 - fix des and des3_ede ctr concurrency issue (bnc#862796, LTC#103744). * crypto: s390 - fix concurrency issue in aes-ctr mode (bnc#862796, LTC#103742). * X.509: Fix certificate gathering (bnc#805114). * dump: Fix dump memory detection (bnc#862796,LTC#103575). * lockd: send correct lock when granting a delayed lock (bnc#859342). * nohz: Check for nohz active instead of nohz enabled (bnc#846790). * nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off (bnc#846790). * futex: move user address verification up to common code (bnc#851603). * futexes: Clean up various details (bnc#851603). * futexes: Increase hash table size for better performance (bnc#851603). * futexes: Document multiprocessor ordering guarantees (bnc#851603). * futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). * efifb: prevent null-deref when iterating dmi_list (bnc#848055). * x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag (bnc#865783). * ipv6: send router reachability probe if route has an unreachable gateway (bnc#853162). * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801). * inet: Avoid potential NULL peer dereference (bnc#864833). * inet: Hide route peer accesses behind helpers (bnc#864833). * inet: Pass inetpeer root into inet_getpeer*() interfaces (bnc#864833). * tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968). * tcp: syncookies: reduce mss table to four values (bnc#833968). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * net: change type of virtio_chan->p9_max_pages (bnc#864058). * sctp: Implement quick failover draft from tsvwg (bnc#827670). * ipvs: fix AF assignment in ip_vs_conn_new() (bnc#856848). * net: Do not enable tx-nocache-copy by default (bnc#845378). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * dlm: remove get_comm (bnc#827670). * dlm: Avoid LVB truncation (bnc#827670). * dlm: disable nagle for SCTP (bnc#827670). * dlm: retry failed SCTP sends (bnc#827670). * dlm: try other IPs when sctp init assoc fails (bnc#827670). * dlm: clear correct bit during sctp init failure handling (bnc#827670). * dlm: set sctp assoc id during setup (bnc#827670). * dlm: clear correct init bit during sctp setup (bnc#827670). * dlm: fix deadlock between dlm_send and dlm_controld (bnc#827670). * dlm: fix return value from lockspace_busy() (bnc#827670). * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure (bnc#853455). * ncpfs: fix rmdir returns Device or resource busy (bnc#864880). * btrfs: bugfix collection * fs/fs-cache: Handle removal of unadded object to the fscache_object_list rb tree (bnc#855885). * fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058). * fs/nfs: Avoid occasional hang with NFS (bnc#852488). * fs/buffer.c: change type of max_buffer_heads to unsigned long (bnc#864058). * dm-multipath: abort all requests when failing a path (bnc#798050). * dm-multipath: Do not stall on invalid ioctls (bnc#865342). * scsi: kABI fixes (bnc#798050). * scsi: remove check for "resetting" (bnc#798050). * scsi: Add "eh_deadline" to limit SCSI EH runtime (bnc#798050). * scsi: Allow error handling timeout to be specified (bnc#798050). * scsi: Fixup compilation warning (bnc#798050). * scsi: Retry failfast commands after EH (bnc#798050). * scsi: Warn on invalid command completion (bnc#798050). * scsi: cleanup setting task state in scsi_error_handler() (bnc#798050). * scsi_dh_alua: fixup misplaced brace in alua_initialize() (bnc#858831). * scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025). * scsi_dh_alua: Simplify state machine (bnc#854025). * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342). * scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist (bnc#846654). * xhci: Fix resume issues on Renesas chips in Samsung laptops (bnc#866253). * bonding: disallow enslaving a bond to itself (bnc#599263). * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604). * USB: hub: handle -ETIMEDOUT during enumeration (bnc#855825). * powerpc: Add VDSO version of getcpu (fate#316816, bnc#854445). * privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). * audit: dynamically allocate audit_names when not enough space is in the names array (bnc#857358). * audit: make filetype matching consistent with other filters (bnc#857358). * mpt2sas: Fix unsafe using smp_processor_id() in preemptible (bnc#853166). * balloon: do not crash in HVM-with-PoD guests. * hwmon: (coretemp) Fix truncated name of alarm attributes. * rtc-cmos: Add an alarm disable quirk (bnc#805740). * md: Change handling of save_raid_disk and metadata update during recovery (bnc#849364). * s390: Avoid kabi change due to newly visible structures. * s390/pci: remove PCI/MSI interruption class (FATE#83037, LTC#94737). * advansys: Remove "last_reset" references (bnc#798050). * dc395: Move "last_reset" into internal host structure (bnc#798050). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). * tmscsim: Move "last_reset" into host structure (bnc#798050). * bnx2x: remove false warning regarding interrupt number (bnc#769035). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). * HID: multitouch: Add support for NextWindow 0340 touchscreen (bnc#849855). * HID: multitouch: Add support for Qaunta 3027 touchscreen (bnc#854516). * HID: multitouch: add support for Atmel 212c touchscreen (bnc#793727). * HID: multitouch: partial support of win8 devices (bnc#854516,bnc#793727,bnc#849855). * HID: hid-multitouch: add support for the IDEACOM 6650 chip (bnc#854516,bnc#793727,bnc#849855). Security Issue references: * CVE-2013-4470 * CVE-2013-6368 * CVE-2013-6885 * CVE-2013-7263 * CVE-2013-7264 * CVE-2013-7265 * CVE-2014-0069 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-9114 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.14-2.27.55 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.14-2.27.55 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.14-0.22.21 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.14-0.22.21 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.14-0.38.40 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.14-0.38.40 kernel-rt-3.0.101.rt130-0.14.1 kernel-rt-base-3.0.101.rt130-0.14.1 kernel-rt-devel-3.0.101.rt130-0.14.1 kernel-rt_trace-3.0.101.rt130-0.14.1 kernel-rt_trace-base-3.0.101.rt130-0.14.1 kernel-rt_trace-devel-3.0.101.rt130-0.14.1 kernel-source-rt-3.0.101.rt130-0.14.1 kernel-syms-rt-3.0.101.rt130-0.14.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.14-0.11.36 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.14-0.11.36 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.14-0.20.55 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.14-0.20.55 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.14-0.13.46 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.14-0.13.46 References: http://support.novell.com/security/cve/CVE-2013-4470.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6885.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2013-7264.html http://support.novell.com/security/cve/CVE-2013-7265.html http://support.novell.com/security/cve/CVE-2014-0069.html https://bugzilla.novell.com/599263 https://bugzilla.novell.com/769035 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/793727 https://bugzilla.novell.com/798050 https://bugzilla.novell.com/805114 https://bugzilla.novell.com/805740 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/827670 https://bugzilla.novell.com/833968 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/845378 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/846654 https://bugzilla.novell.com/846790 https://bugzilla.novell.com/846984 https://bugzilla.novell.com/847672 https://bugzilla.novell.com/848055 https://bugzilla.novell.com/849364 https://bugzilla.novell.com/849855 https://bugzilla.novell.com/851603 https://bugzilla.novell.com/852153 https://bugzilla.novell.com/852488 https://bugzilla.novell.com/852967 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/853162 https://bugzilla.novell.com/853166 https://bugzilla.novell.com/853455 https://bugzilla.novell.com/854025 https://bugzilla.novell.com/854445 https://bugzilla.novell.com/854516 https://bugzilla.novell.com/855825 https://bugzilla.novell.com/855885 https://bugzilla.novell.com/856848 https://bugzilla.novell.com/857358 https://bugzilla.novell.com/857643 https://bugzilla.novell.com/857919 https://bugzilla.novell.com/858534 https://bugzilla.novell.com/858604 https://bugzilla.novell.com/858831 https://bugzilla.novell.com/859225 https://bugzilla.novell.com/859342 https://bugzilla.novell.com/861093 https://bugzilla.novell.com/862796 https://bugzilla.novell.com/862957 https://bugzilla.novell.com/863178 https://bugzilla.novell.com/863526 https://bugzilla.novell.com/864025 https://bugzilla.novell.com/864058 https://bugzilla.novell.com/864833 https://bugzilla.novell.com/864880 https://bugzilla.novell.com/865342 https://bugzilla.novell.com/865783 https://bugzilla.novell.com/866253 https://bugzilla.novell.com/866428 https://bugzilla.novell.com/870801 http://download.suse.com/patch/finder/?keywords=8d7793c0cc8432bc1d41b3b09abc3f8a From sle-updates at lists.suse.com Wed Apr 16 22:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 06:04:10 +0200 (CEST) Subject: SUSE-SU-2014:0538-1: moderate: Security update for OpenSSL Message-ID: <20140417040410.8DE81320D9@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0538-1 Rating: moderate References: #869945 Cross-References: CVE-2014-0076 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. (CVE-2014-0076) Security Issue reference: * CVE-2014-0076 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.80.5 openssl-devel-0.9.8a-18.80.5 openssl-doc-0.9.8a-18.80.5 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.80.5 openssl-devel-32bit-0.9.8a-18.80.5 References: http://support.novell.com/security/cve/CVE-2014-0076.html https://bugzilla.novell.com/869945 http://download.suse.com/patch/finder/?keywords=13729e3b9da09233086c747080dc0f39 From sle-updates at lists.suse.com Wed Apr 16 22:04:26 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 06:04:26 +0200 (CEST) Subject: SUSE-SU-2014:0539-1: moderate: Security update for OpenSSL Message-ID: <20140417040426.7C2FC320D9@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0539-1 Rating: moderate References: #866916 #869945 Cross-References: CVE-2014-0076 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could be recovered. (CVE-2014-0076) The update also enables use of SHA-2 family certificate verification of X.509 certificates used in todays SSL certificate infrastructure. Security Issue reference: * CVE-2014-0076 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.45.75.1 openssl-devel-0.9.8a-18.45.75.1 openssl-doc-0.9.8a-18.45.75.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.45.75.1 openssl-devel-32bit-0.9.8a-18.45.75.1 References: http://support.novell.com/security/cve/CVE-2014-0076.html https://bugzilla.novell.com/866916 https://bugzilla.novell.com/869945 http://download.suse.com/patch/finder/?keywords=5e45bbc40560ab190992f4af60dbbccc From sle-updates at lists.suse.com Wed Apr 16 23:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 07:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0540-1: moderate: Security update for subversion Message-ID: <20140417050412.047D9320D9@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0540-1 Rating: moderate References: #862459 Cross-References: CVE-2014-0032 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Subversion was vulnerable to a segmentation fault in the mod_dav_svn Apache2 module that could have been triggered from remote. This has been fixed. (CVE-2014-0032) Security Issue reference: * CVE-2014-0032 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-9070 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-9080 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.27.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.27.2 subversion-devel-1.6.17-1.27.2 subversion-perl-1.6.17-1.27.2 subversion-python-1.6.17-1.27.2 subversion-server-1.6.17-1.27.2 subversion-tools-1.6.17-1.27.2 References: http://support.novell.com/security/cve/CVE-2014-0032.html https://bugzilla.novell.com/862459 http://download.suse.com/patch/finder/?keywords=1c38b525e188b7b593c67f0e966d5e7e http://download.suse.com/patch/finder/?keywords=ebd88a4aa31cfeb81ac9a20d38105d5f From sle-updates at lists.suse.com Wed Apr 16 23:04:31 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 07:04:31 +0200 (CEST) Subject: SUSE-SU-2014:0541-1: moderate: Security update for OpenSSL Message-ID: <20140417050431.61C8C320D9@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0541-1 Rating: moderate References: #869945 #870192 Cross-References: CVE-2014-0076 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. This update also ensures that the stack is marked non-executable on x86 32bit (bnc#870192). On other processor platforms it was already marked as non-executable before. Security Issue reference: * CVE-2014-0076 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel-9073 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel-9073 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel-9073 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel-9073 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.54.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.54.1 libopenssl0_9_8-hmac-0.9.8j-0.54.1 openssl-0.9.8j-0.54.1 openssl-doc-0.9.8j-0.54.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.54.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.54.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.54.1 libopenssl0_9_8-hmac-0.9.8j-0.54.1 openssl-0.9.8j-0.54.1 openssl-doc-0.9.8j-0.54.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.54.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.54.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.54.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.54.1 openssl-0.9.8j-0.54.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.54.1 References: http://support.novell.com/security/cve/CVE-2014-0076.html https://bugzilla.novell.com/869945 https://bugzilla.novell.com/870192 http://download.suse.com/patch/finder/?keywords=fe6662330402e24e0df04856b7ff345f From sle-updates at lists.suse.com Thu Apr 17 11:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 19:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0546-1: Recommended update for zsh Message-ID: <20140417170413.AFEDD320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for zsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0546-1 Rating: low References: #851303 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zsh fixes tilde expansion of user names that contain a dot. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-zsh-8989 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-zsh-8989 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-zsh-8989 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): zsh-4.3.6-67.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): zsh-4.3.6-67.9.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): zsh-4.3.6-67.9.1 References: https://bugzilla.novell.com/851303 http://download.suse.com/patch/finder/?keywords=7a59c69aff70473ec4f4d47c6e2a5ddf From sle-updates at lists.suse.com Thu Apr 17 11:04:52 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 19:04:52 +0200 (CEST) Subject: SUSE-SU-2014:0547-1: moderate: Security update for openstack-swift Message-ID: <20140417170452.C26C8320E8@maintenance.suse.de> SUSE Security Update: Security update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0547-1 Rating: moderate References: #858459 Cross-References: CVE-2014-0006 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A timing attack vulnerability has been fixed in openstack-swift, namely in the Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to objects that were only intended to be publicly shared with specific recipients. In order to use this attack, the attacker needs to know the targeted object name, and the object account needs to have a TempURL key set. Only Swift setups enabling the TempURL middleware are affected. Security Issue reference: * CVE-2014-0006 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-swift-8959 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): openstack-swift-1.10.0-0.13.2 openstack-swift-account-1.10.0-0.13.2 openstack-swift-container-1.10.0-0.13.2 openstack-swift-object-1.10.0-0.13.2 openstack-swift-proxy-1.10.0-0.13.2 python-swift-1.10.0-0.13.2 - SUSE Cloud 3 (noarch): openstack-swift-doc-1.10.0+git.1382343573.79e2a50-0.13.3 References: http://support.novell.com/security/cve/CVE-2014-0006.html https://bugzilla.novell.com/858459 http://download.suse.com/patch/finder/?keywords=27cad6c820c192b79af21659c83167df From sle-updates at lists.suse.com Thu Apr 17 13:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 21:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0548-1: important: Security update for jakarta-commons-fileupload Message-ID: <20140417190412.6135A320E8@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0548-1 Rating: important References: #862781 Cross-References: CVE-2014-0050 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a security issue with jakarta-commons-fileupload: * bnc#862781: denial of service due to too-small buffer size used (CVE-2014-0050) Security Issue reference: * CVE-2014-0050 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-jakarta-commons-fileupload-9087 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-jakarta-commons-fileupload-9087 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): jakarta-commons-fileupload-1.1.1-1.37.1 jakarta-commons-fileupload-javadoc-1.1.1-1.37.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): jakarta-commons-fileupload-1.1.1-1.37.1 jakarta-commons-fileupload-javadoc-1.1.1-1.37.1 References: http://support.novell.com/security/cve/CVE-2014-0050.html https://bugzilla.novell.com/862781 http://download.suse.com/patch/finder/?keywords=ba380f7e3fc44242f7f8d403bdc016a6 From sle-updates at lists.suse.com Thu Apr 17 13:04:29 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Apr 2014 21:04:29 +0200 (CEST) Subject: SUSE-SU-2014:0430-3: Security update for rubygem-activesupport Message-ID: <20140417190429.607E2320F0@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0430-3 Rating: low References: #864873 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Various ruby gems were released with the previous update where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files (bnc#864873). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rails-fixgem-201402c-8932 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-activesupport-3_2-3.2.12-0.9.1 References: https://bugzilla.novell.com/864873 http://download.suse.com/patch/finder/?keywords=7ce8725dd7e9dac26f64d1e123b478de From sle-updates at lists.suse.com Tue Apr 22 13:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Apr 2014 21:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0562-1: Recommended update for libapr1 Message-ID: <20140422190412.A8B53320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libapr1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0562-1 Rating: low References: #863222 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of libapr1 allows usage of POSIX semaphores, which were previously not configured correctly. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libapr1-8985 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libapr1-8985 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libapr1-8985 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libapr1-8986 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libapr1-devel-1.3.3-11.18.19.8 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): libapr1-1.3.3-11.18.19.8 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): libapr1-devel-32bit-1.3.3-11.18.19.8 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libapr1-1.3.3-11.18.19.8 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libapr1-1.3.3-11.18.19.8 - SUSE Linux Enterprise Server 11 SP3 (ppc64): libapr1-32bit-1.3.3-11.18.19.8 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): libapr1-1.3.3-11.18.19.8 References: https://bugzilla.novell.com/863222 http://download.suse.com/patch/finder/?keywords=396b29f29ec015e197e409eb9ea191db http://download.suse.com/patch/finder/?keywords=caa00db8dcfa975af01366c6177ff4b6 From sle-updates at lists.suse.com Wed Apr 23 05:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Apr 2014 13:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0563-1: important: Recommended update for mono-core Message-ID: <20140423110413.0B5B1320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for mono-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0563-1 Rating: important References: #871362 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds handling of SHA256 hashes to parts of the X509 Certificate classes in the C# implementation of Mono. Recently released new root certificates using SHA256 hashing triggered a uncaught exception within mono that lead to termination of the zmd.exe process, or other users of the X509Store C# class. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): mono-core-1.2.2-12.36.1 mono-data-1.2.2-12.36.1 mono-data-firebird-1.2.2-12.36.1 mono-data-oracle-1.2.2-12.36.1 mono-data-postgresql-1.2.2-12.36.1 mono-data-sqlite-1.2.2-12.36.1 mono-data-sybase-1.2.2-12.36.1 mono-locale-extras-1.2.2-12.36.1 mono-nunit-1.2.2-12.36.1 mono-web-1.2.2-12.36.1 mono-winforms-1.2.2-12.36.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): mono-core-32bit-1.2.2-12.36.1 References: https://bugzilla.novell.com/871362 http://download.suse.com/patch/finder/?keywords=18479021584ae5c401fbbac9af6bd829 From sle-updates at lists.suse.com Wed Apr 23 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Apr 2014 19:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0564-1: Recommended update for crowbar-barclamp-crowbar Message-ID: <20140423170412.5AD26320EB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0564-1 Rating: low References: #860117 #864339 #864737 #864739 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This consolidated update for crowbar-barclamp-crowbar provides the following fixes and enhancements: * Fix i18n parameter key in SupportController error * Add regression test for i18n key fix * Use correct font size for list of nodes for roles * Update suse-branding.patch from git branch. (bnc#864339) * Make sure proposal validations do not break install. (bnc#860117) * Do not run validations from within the apply_role. (bnc#860117) * Skip after_save validation on creating proposals. (bnc#860117) * Downgraded bluepill for iso build and added dummy task * Added some missing commands to devguid documentation * Fixed gem loading and fixed version numbers for bluepill * Added explicit sprockets gem loading without bundler * Add sorted gem list to environment and gemfile * Fix crash happening from time to time. (bnc#864737) * Fix error string when editing one node * Make the flash an alert, not a notice when saving failed * Make sure crowbar_wall is initialized. (bnc#864737) * Fix implicit 'insecure' if generate_certs is set. (bnc#864739) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-crowbar-8947 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-crowbar-1.7+git.1392822678.fa5237a-0.7.2 References: https://bugzilla.novell.com/860117 https://bugzilla.novell.com/864339 https://bugzilla.novell.com/864737 https://bugzilla.novell.com/864739 http://download.suse.com/patch/finder/?keywords=0d4a61f77ed83e4702ed07ff4ff4fc4d From sle-updates at lists.suse.com Thu Apr 24 12:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Apr 2014 20:04:12 +0200 (CEST) Subject: SUSE-OU-2014:0565-1: Optional OpenSSL 1.0 Libraries Message-ID: <20140424180412.390DE320F0@maintenance.suse.de> SUSE Optional Update: Optional OpenSSL 1.0 Libraries ______________________________________________________________________________ Announcement ID: SUSE-OU-2014:0565-1 Rating: low References: #860332 #861014 #864912 #869945 #872299 #873351 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that has 6 optional fixes can now be installed. Description: This update provides OpenSSL version 1.0.1g, delivered as an additional library version that can coexist with the original OpenSSL 0.9.8j from SUSE Linux Enterprise 11. OpenSSL 1.0 brings modern features such as: * TLS 1.2 support * AES-GCM cipher support Installing these packages will only make the library available on the system. All current programs will still be using OpenSSL 0.9.8j. You can however use this library to build and link your own programs. We will also release parallel software versions that will benefit from OpenSSL 1.0, currently planned is the Postfix Mail Server package. For development, install the "libopenssl1-devel" package instead of "libopenssl-devel". The library version shipped in this update already includes the upstream fix for the "HeartBleed" issue (CVE-2014-0160). Additionally, the update fixes a use-after-free issue in SSL buffer handling (CVE-2010-5298). Indications: Install if you want to use or build software against OpenSSL 1.0. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel-9134 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.12.1 libopenssl1_0_0-1.0.1g-0.12.1 openssl1-1.0.1g-0.12.1 openssl1-doc-1.0.1g-0.12.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.12.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.12.1 References: https://bugzilla.novell.com/860332 https://bugzilla.novell.com/861014 https://bugzilla.novell.com/864912 https://bugzilla.novell.com/869945 https://bugzilla.novell.com/872299 https://bugzilla.novell.com/873351 http://download.suse.com/patch/finder/?keywords=10ac3e160ff3ce8822aa89f079839bce From sle-updates at lists.suse.com Thu Apr 24 15:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Apr 2014 23:04:10 +0200 (CEST) Subject: SUSE-OU-2014:0566-1: Optional update for postfix-openssl1 Message-ID: <20140424210410.E2F95320F0@maintenance.suse.de> SUSE Optional Update: Optional update for postfix-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2014:0566-1 Rating: low References: #864912 #874744 #874746 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that has three optional fixes can now be installed. Description: This update provides an optional Postfix Mail Server package built against OpenSSL 1.0 that allows the use of TLS 1.2 for both sending and receiving e-mails. The set of RPMs is named "postfix-openssl1" (and sub-packages). The package is in the same source level as the regular "postfix" from SUSE Linux Enterprise and consequently uses and supports the same configuration parameters. Postfix-openssl1 requires the usage of OpenSSL1.0-enabled versions of openldap2 and cyrus-sasl libraries. If other libraries are used by your Postfix installation that indirectly require OpenSSL 0.9.x, this setup might not always work. It is strongly recommended to do integration tests before deploying the packages in a production environment. To switch from Postfix with OpenSSL 0.9.x to OpenSSL 1.0: * Backup the Postfix configuration files. * Run: "zypper in postfix-openssl1" o Zypper will report conflicts with postfix (and potentially with -mysql, -postgresql and -doc sub-packages). o As conflict resolution chose to migrate to postfix-openssl1 flavoured packages and uninstall the old postfix. * Restore the configuration files (they have also been saved as .rpmsave files). * Start postfix and verify that all features work. Indications: Update for an optional TLS 1.2 enabled Postfix. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-postfix-openssl1-9158 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): postfix-openssl1-2.9.4-0.19.1 postfix-openssl1-devel-2.9.4-0.19.1 postfix-openssl1-doc-2.9.4-0.19.1 postfix-openssl1-mysql-2.9.4-0.19.1 postfix-openssl1-postgresql-2.9.4-0.19.1 References: https://bugzilla.novell.com/864912 https://bugzilla.novell.com/874744 https://bugzilla.novell.com/874746 http://download.suse.com/patch/finder/?keywords=fdae3d486e2bc75924b4571b08a72780 From sle-updates at lists.suse.com Thu Apr 24 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 01:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0567-1: moderate: Security update for openstack-glance Message-ID: <20140424230411.568A8320F1@maintenance.suse.de> SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0567-1 Rating: moderate References: #872331 #873234 Cross-References: CVE-2014-0162 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This openstack-glance update fixes the following security and non-security issues: * bnc#873234: Fixed remote code execution in Glance Sheepdog backend (CVE-2014-0162). * bnc#872331: Fixed error during retrieval of glance image-list. Security Issue reference: * CVE-2014-0162 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-glance-201404-9155 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev1.g13069a4]: openstack-glance-2013.2.3.dev1.g13069a4-0.7.1 python-glance-2013.2.3.dev1.g13069a4-0.7.1 - SUSE Cloud 3 (noarch) [New Version: 2013.2.3.dev1.g13069a4]: openstack-glance-doc-2013.2.3.dev1.g13069a4-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-0162.html https://bugzilla.novell.com/872331 https://bugzilla.novell.com/873234 http://download.suse.com/patch/finder/?keywords=6dcda9ae154e3b3d935ab88f0d483553 From sle-updates at lists.suse.com Thu Apr 24 17:04:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 01:04:39 +0200 (CEST) Subject: SUSE-RU-2014:0568-1: Recommended update for compat-wireless KMP Message-ID: <20140424230439.B7CD7320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for compat-wireless KMP ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0568-1 Rating: low References: #796821 #796838 #822716 #829473 #832311 #832342 #832343 #834356 #839486 #839489 #840074 #842610 #865308 Affected Products: SUSE Linux Enterprise Point of Service 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for the compat-wireless kernel modules provides many fixes and enhancements: * Add support for Atheros MANGO rev2 devices. * Improve support for Intel WiFi, Atheros WiFi and Realtek WiFi chips. * Fix support for Intel Wilkins Peak 1/2 and Realtek RTL8188EE WiFi chips. * Fix an issue on Intel Wilkins Peak 1/2 after resuming from S3/S4. * Add support for btusb, fixing Intel Wilkins Peak BT issues. * Fix the missing HID driver registration in hidp driver. * Add support for new PCI SSID entries for Intel Wireless chips. * Fix firmware loading on Intel BT at S3/S4. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Service 11 SP3: zypper in -t patch sleposp3-compat-wireless-8945 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-wireless-8945 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Service 11 SP3 (i586 x86_64): compat-wireless-kmp-default-3.9.99.2_3.0.101_0.15-0.15.20 - SUSE Linux Enterprise Point of Service 11 SP3 (i586): compat-wireless-kmp-pae-3.9.99.2_3.0.101_0.15-0.15.20 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-wireless-kmp-default-3.9.99.2_3.0.101_0.15-0.15.20 compat-wireless-kmp-xen-3.9.99.2_3.0.101_0.15-0.15.20 - SUSE Linux Enterprise Desktop 11 SP3 (i586): compat-wireless-kmp-pae-3.9.99.2_3.0.101_0.15-0.15.20 References: https://bugzilla.novell.com/796821 https://bugzilla.novell.com/796838 https://bugzilla.novell.com/822716 https://bugzilla.novell.com/829473 https://bugzilla.novell.com/832311 https://bugzilla.novell.com/832342 https://bugzilla.novell.com/832343 https://bugzilla.novell.com/834356 https://bugzilla.novell.com/839486 https://bugzilla.novell.com/839489 https://bugzilla.novell.com/840074 https://bugzilla.novell.com/842610 https://bugzilla.novell.com/865308 http://download.suse.com/patch/finder/?keywords=659f7b2334f9cff194561bc60a6e9511 From sle-updates at lists.suse.com Thu Apr 24 17:07:54 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 01:07:54 +0200 (CEST) Subject: SUSE-SU-2014:0569-1: moderate: Security update for squid3 Message-ID: <20140424230754.DF062320AC@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0569-1 Rating: moderate References: #677335 #867533 Cross-References: CVE-2014-0128 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A remote DoS attack in the Squid web proxy has been fixed. Due to incorrect state management, Squid was vulnerable to a denial of service attack when processing certain HTTPS requests (CVE-2014-0128). For more information see http://www.squid-cache.org/Advisories/SQUID-2014_1.txt . Additionally, a bug in the logrotate configuration file has been fixed. The 'su' statement was moved into the 'logfile' section (bnc#677335). Security Issue reference: * CVE-2014-0128 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-squid3-9138 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-squid3-9138 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): squid3-3.1.12-8.16.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.12-8.16.18.1 References: http://support.novell.com/security/cve/CVE-2014-0128.html https://bugzilla.novell.com/677335 https://bugzilla.novell.com/867533 http://download.suse.com/patch/finder/?keywords=14a8781e229fe9480bf4955e3c10906e From sle-updates at lists.suse.com Thu Apr 24 17:08:37 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 01:08:37 +0200 (CEST) Subject: SUSE-RU-2014:0563-2: important: Recommended update for mono-core Message-ID: <20140424230837.6ECD0320AE@maintenance.suse.de> SUSE Recommended Update: Recommended update for mono-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0563-2 Rating: important References: #871362 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds handling of SHA256 hashes to parts of the X509 Certificate classes in the C# implementation of Mono. Recently released new root certificates using SHA256 hashing triggered a uncaught exception within mono that lead to termination of the zmd.exe process, or other users of the X509Store C# class. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): mono-core-1.2.2-12.36.1 mono-data-1.2.2-12.36.1 mono-data-firebird-1.2.2-12.36.1 mono-data-oracle-1.2.2-12.36.1 mono-data-postgresql-1.2.2-12.36.1 mono-data-sqlite-1.2.2-12.36.1 mono-data-sybase-1.2.2-12.36.1 mono-locale-extras-1.2.2-12.36.1 mono-nunit-1.2.2-12.36.1 mono-web-1.2.2-12.36.1 mono-winforms-1.2.2-12.36.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): mono-core-32bit-1.2.2-12.36.1 References: https://bugzilla.novell.com/871362 http://download.suse.com/patch/finder/?keywords=d408082d932818896cfec54b3b302f1f From sle-updates at lists.suse.com Thu Apr 24 19:04:56 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 03:04:56 +0200 (CEST) Subject: SUSE-SU-2014:0570-1: moderate: Security update for nagios Message-ID: <20140425010456.B259B320AE@maintenance.suse.de> SUSE Security Update: Security update for nagios ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0570-1 Rating: moderate References: #864843 Cross-References: CVE-2014-1878 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The monitoring service Nagios has been updated to fix potential buffer overflows in its CGI scripts. (CVE-2014-1878) Security Issue reference: * CVE-2014-1878 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-nagios-9071 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nagios-9071 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nagios-9071 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.36.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): nagios-3.0.6-1.25.36.1 nagios-www-3.0.6-1.25.36.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): nagios-3.0.6-1.25.36.1 nagios-www-3.0.6-1.25.36.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.36.1 nagios-www-3.0.6-1.25.36.1 References: http://support.novell.com/security/cve/CVE-2014-1878.html https://bugzilla.novell.com/864843 http://download.suse.com/patch/finder/?keywords=9d685f6b5898a4b0fba4b93cc56407cf From sle-updates at lists.suse.com Thu Apr 24 19:05:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 03:05:14 +0200 (CEST) Subject: SUSE-OU-2014:0571-1: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap Message-ID: <20140425010514.70E66320AE@maintenance.suse.de> SUSE Optional Update: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap ______________________________________________________________________________ Announcement ID: SUSE-OU-2014:0571-1 Rating: low References: #843697 #861014 #862623 #864912 #868627 #868629 #870444 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Security Module 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update includes variants of existing libraries built against OpenSSL 1.0. As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary compatible, but have the same function names, care must be taken that they are not loaded by the same program. As some system libraries also link against libssl.so or libcrypto.so, these need to be available in variants linked against OpenSSL 1.0. These libraries are installed below the /opt/suse/ directory hierarchy. The version and the APIs of these "shadow" libraries are exactly the same as the versions in the system, and so are interchangeable. For building your OpenSSL 1.0 enabled program, link using the linkflags -L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit systems, use lib instead of lib64). This update provides variants for the OpenLDAP2 client, libcurl4 and cyrus-sasl libraries. Additionally, two bugs have been fixed in openldap2 regarding IPv6 support: * tls_checkpeer does not work with IPv6 address as Subject Alternative Name. (bnc#862623) * getaddrinfo does not return if ldap is used for host lookups on IPv6 environments. (bnc#843697) Indications: Update for optional OpenSSL 1.0.1 built libraries. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-libldap-2_3-0-9139 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.28.5 openldap2-devel-2.4.26-0.28.5 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.28.5 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): openldap2-2.4.26-0.28.5 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): compat-libldap-2_3-0-2.3.37-2.28.5 libldap-2_4-2-2.4.26-0.28.5 openldap2-2.4.26-0.28.5 openldap2-back-meta-2.4.26-0.28.5 openldap2-client-2.4.26-0.28.5 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libldap-2_4-2-32bit-2.4.26-0.28.5 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.28.5 libldap-2_4-2-2.4.26-0.28.5 openldap2-2.4.26-0.28.5 openldap2-back-meta-2.4.26-0.28.5 openldap2-client-2.4.26-0.28.5 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.28.5 - SUSE Linux Enterprise Server 11 SP3 (ia64): libldap-2_4-2-x86-2.4.26-0.28.5 - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): cyrus-sasl-openssl1-2.1.22-0.27.6 cyrus-sasl-openssl1-crammd5-2.1.22-0.27.6 cyrus-sasl-openssl1-digestmd5-2.1.22-0.27.6 cyrus-sasl-openssl1-gssapi-2.1.22-0.27.6 cyrus-sasl-openssl1-ntlm-2.1.22-0.27.6 cyrus-sasl-openssl1-otp-2.1.22-0.27.6 cyrus-sasl-openssl1-plain-2.1.22-0.27.6 libcurl4-openssl1-7.19.7-0.38.1 libldap-openssl1-2_4-2-2.4.26-0.28.8 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): cyrus-sasl-openssl1-32bit-2.1.22-0.27.6 libcurl4-openssl1-32bit-7.19.7-0.38.1 libldap-openssl1-2_4-2-32bit-2.4.26-0.28.8 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): cyrus-sasl-openssl1-x86-2.1.22-0.27.6 libcurl4-openssl1-x86-7.19.7-0.38.1 libldap-openssl1-2_4-2-x86-2.4.26-0.28.8 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldap-2_4-2-2.4.26-0.28.5 openldap2-client-2.4.26-0.28.5 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldap-2_4-2-32bit-2.4.26-0.28.5 References: http://support.novell.com/security/cve/CVE-2014-0138.html http://support.novell.com/security/cve/CVE-2014-0139.html https://bugzilla.novell.com/843697 https://bugzilla.novell.com/861014 https://bugzilla.novell.com/862623 https://bugzilla.novell.com/864912 https://bugzilla.novell.com/868627 https://bugzilla.novell.com/868629 https://bugzilla.novell.com/870444 http://download.suse.com/patch/finder/?keywords=ad9327ac719822769a21fdd795af3e1b From sle-updates at lists.suse.com Fri Apr 25 15:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Apr 2014 23:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0573-1: Recommended update for rpcbind Message-ID: <20140425210413.5D951320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0573-1 Rating: low References: #821054 #823079 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rpcbind fixes the following issues: * Make is_loopback check more permissive. (bnc#821054) * Set SO_REUSEADDR on NC_TPI_COTS listening sockets. (bnc#823079) * In the %post section, check if portmap binary exists before using checkproc to verify whether it's running. (bnc#823079) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-rpcbind-9144 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-rpcbind-9144 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-rpcbind-9144 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): rpcbind-0.1.6+git20080930-6.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): rpcbind-0.1.6+git20080930-6.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): rpcbind-0.1.6+git20080930-6.20.1 References: https://bugzilla.novell.com/821054 https://bugzilla.novell.com/823079 http://download.suse.com/patch/finder/?keywords=102878c2c963e3be036fd18d41db7b5e From sle-updates at lists.suse.com Fri Apr 25 19:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Apr 2014 03:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0574-1: Recommended update for crmsh Message-ID: <20140426010412.7DD09320AE@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0574-1 Rating: low References: #866434 #868533 #868697 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for crmsh provides the following fixes: * utils: Respect --force in utils.ask. (bnc#868697) * command: Propagate error from auto-commit. (bnc#868533) * xmlutil: Don't strip comments when reading CIB. (bnc#866434) * cibconf: Add comments in the right order. (bnc#866434) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-crmsh-9164 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.6]: crmsh-1.2.6-0.33.1 References: https://bugzilla.novell.com/866434 https://bugzilla.novell.com/868533 https://bugzilla.novell.com/868697 http://download.suse.com/patch/finder/?keywords=72a4e901f8e999496e76ff838bc0f6f9 From sle-updates at lists.suse.com Mon Apr 28 13:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Apr 2014 21:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0575-1: important: Recommended update for mono-core Message-ID: <20140428190412.5A1D7320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for mono-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0575-1 Rating: important References: #606002 #810747 #871362 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update adds handling of SHA256 hashes to parts of the X509 Certificate classes in the C# implementation of Mono (bnc#871362) and improves handling of non-existing certificate revocation lists (bnc#810747, bnc#606002). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bytefx-data-mysql-9118 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bytefx-data-mysql-9118 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bytefx-data-mysql-9118 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bytefx-data-mysql-9118 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc ppc64 s390x x86_64): bytefx-data-mysql-2.6.7-0.11.2 mono-data-firebird-2.6.7-0.11.2 mono-data-oracle-2.6.7-0.11.2 mono-data-sybase-2.6.7-0.11.2 mono-devel-2.6.7-0.11.2 mono-extras-2.6.7-0.11.2 mono-jscript-2.6.7-0.11.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): mono-wcf-2.6.7-0.11.2 mono-winfxcore-2.6.7-0.11.2 monodoc-core-2.6.7-0.11.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc ppc64): mono-core-2.6.7-0.11.2 mono-data-2.6.7-0.11.2 mono-data-postgresql-2.6.7-0.11.2 mono-data-sqlite-2.6.7-0.11.2 mono-locale-extras-2.6.7-0.11.2 mono-nunit-2.6.7-0.11.2 mono-web-2.6.7-0.11.2 mono-winforms-2.6.7-0.11.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mono-core-2.6.7-0.11.2 mono-data-2.6.7-0.11.2 mono-data-postgresql-2.6.7-0.11.2 mono-data-sqlite-2.6.7-0.11.2 mono-locale-extras-2.6.7-0.11.2 mono-nunit-2.6.7-0.11.2 mono-web-2.6.7-0.11.2 mono-winforms-2.6.7-0.11.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc ppc64 s390x x86_64): mono-core-2.6.7-0.11.2 mono-data-2.6.7-0.11.2 mono-data-postgresql-2.6.7-0.11.2 mono-data-sqlite-2.6.7-0.11.2 mono-locale-extras-2.6.7-0.11.2 mono-nunit-2.6.7-0.11.2 mono-web-2.6.7-0.11.2 mono-winforms-2.6.7-0.11.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): bytefx-data-mysql-2.6.7-0.11.2 ibm-data-db2-2.6.7-0.11.2 mono-core-2.6.7-0.11.2 mono-data-2.6.7-0.11.2 mono-data-firebird-2.6.7-0.11.2 mono-data-oracle-2.6.7-0.11.2 mono-data-postgresql-2.6.7-0.11.2 mono-data-sqlite-2.6.7-0.11.2 mono-data-sybase-2.6.7-0.11.2 mono-devel-2.6.7-0.11.2 mono-extras-2.6.7-0.11.2 mono-jscript-2.6.7-0.11.2 mono-locale-extras-2.6.7-0.11.2 mono-nunit-2.6.7-0.11.2 mono-wcf-2.6.7-0.11.2 mono-web-2.6.7-0.11.2 mono-winforms-2.6.7-0.11.2 monodoc-core-2.6.7-0.11.2 References: https://bugzilla.novell.com/606002 https://bugzilla.novell.com/810747 https://bugzilla.novell.com/871362 http://download.suse.com/patch/finder/?keywords=3a20ae1ebdd10f041113196383eeea68 From sle-updates at lists.suse.com Mon Apr 28 15:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Apr 2014 23:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0576-1: moderate: Security update for Python Message-ID: <20140428210412.64ED5320F3@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0576-1 Rating: moderate References: #863741 Cross-References: CVE-2014-1912 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Python was updated to fix a security issue in the socket.recvfrom_into function, where data could be written over the end of the buffer. (CVE-2014-1912) Security Issue reference: * CVE-2014-1912 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-201403-9075 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-201403-9075 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-201403-9075 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-201403-9075 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: python-devel-2.6.9-0.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.6.9]: python-demo-2.6.9-0.27.1 python-gdbm-2.6.9-0.27.1 python-idle-2.6.9-0.27.1 python-tk-2.6.9-0.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 2.6.9]: python-32bit-2.6.9-0.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): python-doc-2.6-8.27.1 python-doc-pdf-2.6-8.27.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.27.1 python-2.6.9-0.27.1 python-base-2.6.9-0.27.1 python-curses-2.6.9-0.27.1 python-demo-2.6.9-0.27.1 python-gdbm-2.6.9-0.27.1 python-idle-2.6.9-0.27.1 python-tk-2.6.9-0.27.1 python-xml-2.6.9-0.27.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.27.1 python-32bit-2.6.9-0.27.1 python-base-32bit-2.6.9-0.27.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): python-doc-2.6-8.27.1 python-doc-pdf-2.6-8.27.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.27.1 python-2.6.9-0.27.1 python-base-2.6.9-0.27.1 python-curses-2.6.9-0.27.1 python-demo-2.6.9-0.27.1 python-gdbm-2.6.9-0.27.1 python-idle-2.6.9-0.27.1 python-tk-2.6.9-0.27.1 python-xml-2.6.9-0.27.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.27.1 python-32bit-2.6.9-0.27.1 python-base-32bit-2.6.9-0.27.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): python-doc-2.6-8.27.1 python-doc-pdf-2.6-8.27.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 2.6.9]: libpython2_6-1_0-x86-2.6.9-0.27.1 python-base-x86-2.6.9-0.27.1 python-x86-2.6.9-0.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.6.9]: libpython2_6-1_0-2.6.9-0.27.1 python-2.6.9-0.27.1 python-base-2.6.9-0.27.1 python-curses-2.6.9-0.27.1 python-devel-2.6.9-0.27.1 python-tk-2.6.9-0.27.1 python-xml-2.6.9-0.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 2.6.9]: libpython2_6-1_0-32bit-2.6.9-0.27.1 python-base-32bit-2.6.9-0.27.1 References: http://support.novell.com/security/cve/CVE-2014-1912.html https://bugzilla.novell.com/863741 http://download.suse.com/patch/finder/?keywords=9cd62094c55f215ad832b10d83493697 From sle-updates at lists.suse.com Mon Apr 28 23:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Apr 2014 07:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0577-1: Recommended update for chef-solr, merb-core and ohai rubygems Message-ID: <20140429050412.3C84E320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for chef-solr, merb-core and ohai rubygems ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0577-1 Rating: low References: #861306 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This collective update for rubygem-ohai, rubygem-chef-solr and rubygem-merb-core provides the following fix: * Fixed umask setting that causes world-readable log and pid files. (bnc#861306) Additionally, rubygem-ohai was updated to version 6.14.0, bringing many fixes and enhancements: * ARP entries starting with fe:ff:ff is not a reliable way of detecting EC2 * EC2 Plugin does not reliably detect VPC servers * Fix 'ohai ipaddress' to show IPv6 addresses as inet6 * openSUSE and SLE report platform "suse linux" instead of "suse" * Fix nil node['ec2'] for daemonized chef-client with Ohai 0.6.12 * More flexible php language detection * TUN Adapter breaks Ohai Network * Ohai does not detect server to be a Rackspace cloud server when using RackConnect * Add new dependency on rubygem-ipaddress. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rubygems-cloud3-201403-9002 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 6.14.0]: rubygem-chef-solr-10.24.4-0.11.1 rubygem-chef-solr-doc-10.24.4-0.11.1 rubygem-merb-core-1.1.3-0.11.1 rubygem-ohai-6.14.0-0.21.2 References: https://bugzilla.novell.com/861306 http://download.suse.com/patch/finder/?keywords=0f25804705ac100b657f13df81b3004b From sle-updates at lists.suse.com Mon Apr 28 23:04:28 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Apr 2014 07:04:28 +0200 (CEST) Subject: SUSE-RU-2014:0578-1: Recommended update for python-m2crypto Message-ID: <20140429050428.BE940320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-m2crypto ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0578-1 Rating: low References: #868901 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Cloud 3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update to python-m2crypto 0.21.1 provides many fixes and enhancements, including: * Allow SSL peer certificate to have subjectAltName without DNSName and use commonName for hostname check. * Allow more blocking OpenSSL functions to run without GIL. * Fixed httpslib to send only the path+query+fragment part of the URL when using CONNECT proxy. * Added support for RSASSA-PSS signing and verifying. * Added support for disabling padding when using RSA encryption. * ASN1_INTEGERs can now be larger than fits in an int, for example to support X509 certificates with large serial numbers. * Deprecated M2Crypto.PGP subpackage. * Add support for OpenSSL 1.0. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-m2crypto-9056 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-m2crypto-9056 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-m2crypto-9056 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-m2crypto-9056 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-python-m2crypto-9055 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-m2crypto-9056 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.21.1]: python-m2crypto-0.21.1-2.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-m2crypto-0.21.1-2.4.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-m2crypto-0.21.1-2.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-m2crypto-0.21.1-2.4.1 - SUSE Cloud 3 (x86_64) [New Version: 0.21.1]: python-m2crypto-0.21.1-2.4.1 - SUSE Cloud 2.0 (x86_64) [New Version: 0.21.1]: python-m2crypto-0.21.1-2.4.1 References: https://bugzilla.novell.com/868901 http://download.suse.com/patch/finder/?keywords=a1e106a6db0d67f3bfcb57fcd58dac14 http://download.suse.com/patch/finder/?keywords=c29fb42f9f426cce6e458d57a516ad43 From sle-updates at lists.suse.com Tue Apr 29 13:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Apr 2014 21:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0579-1: Recommended update for autoyast2 Message-ID: <20140429190412.5AC50320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0579-1 Rating: low References: #829265 #830253 #836366 #852617 #864421 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This collective update for AutoYaST 2 provides the following fixes: * Fix usage of "totaldisk" and "xserver" rules in rules.xml. (bnc#836366) * Fix cloning of software section with invisible patterns. (bnc#864421) * Fix an issue where autoyast created primary partition when logical ones were requested. (bnc#852617) * Fix an issue handling LVM VGs on existing partitions. (bnc#830253) * Fix scripts with chrooted=true via NFS. (bnc#829265) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-autoyast2-9011 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-autoyast2-9011 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-autoyast2-9011 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.17.73]: autoyast2-2.17.73-0.7.1 autoyast2-installation-2.17.73-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.17.73]: autoyast2-2.17.73-0.7.1 autoyast2-installation-2.17.73-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2.17.73]: autoyast2-2.17.73-0.7.1 autoyast2-installation-2.17.73-0.7.1 References: https://bugzilla.novell.com/829265 https://bugzilla.novell.com/830253 https://bugzilla.novell.com/836366 https://bugzilla.novell.com/852617 https://bugzilla.novell.com/864421 http://download.suse.com/patch/finder/?keywords=dba66ea811ad48e322fbcfce5466639f From sle-updates at lists.suse.com Tue Apr 29 13:05:28 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Apr 2014 21:05:28 +0200 (CEST) Subject: SUSE-SU-2014:0580-1: moderate: Security update for python-pywbem Message-ID: <20140429190528.59A38320F3@maintenance.suse.de> SUSE Security Update: Security update for python-pywbem ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0580-1 Rating: moderate References: #856108 #856323 Cross-References: CVE-2013-6418 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes a TOCTOU vulnerability during certificate validation. CVE-2013-6418 has been assigned to this issue. This update also introduces a new dependency on python-m2crypto. Security Issue reference: * CVE-2013-6418 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-pywbem-9079 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-pywbem-9079 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-pywbem-9079 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-pywbem-0.7-6.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-pywbem-0.7-6.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-pywbem-0.7-6.20.1 References: http://support.novell.com/security/cve/CVE-2013-6418.html https://bugzilla.novell.com/856108 https://bugzilla.novell.com/856323 http://download.suse.com/patch/finder/?keywords=ced8c87f8ac3282c8b0a51a1bd8468ba From sle-updates at lists.suse.com Tue Apr 29 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Apr 2014 23:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0581-1: moderate: Security update for a2ps Message-ID: <20140429210411.74CA132138@maintenance.suse.de> SUSE Security Update: Security update for a2ps ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0581-1 Rating: moderate References: #871097 Cross-References: CVE-2014-0466 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The text to postscript converter a2ps received a security update. The fixps script did not call ghostscript with the -DSAFER option, allowing command execution by attacker supplied postscript files. Security Issue reference: * CVE-2014-0466 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-a2ps-9064 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-a2ps-9064 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-a2ps-9064 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-a2ps-9064 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): a2ps-devel-4.13-1326.37.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): a2ps-4.13-1326.37.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): a2ps-4.13-1326.37.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): a2ps-4.13-1326.37.1 References: http://support.novell.com/security/cve/CVE-2014-0466.html https://bugzilla.novell.com/871097 http://download.suse.com/patch/finder/?keywords=f7fe9623cfef5a474bfb5f9da5e9dfe4 From sle-updates at lists.suse.com Tue Apr 29 17:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Apr 2014 01:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0582-1: Recommended update for linux-kernel-headers Message-ID: <20140429230412.A1532320AE@maintenance.suse.de> SUSE Recommended Update: Recommended update for linux-kernel-headers ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0582-1 Rating: low References: #834498 #849180 #851909 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for linux-kernel-headers includes the following fixes: * The header has been fixed not to used the C++ reserved keyword "new". * Headers , and have been included. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-linux-kernel-headers-9078 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-linux-kernel-headers-9078 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-linux-kernel-headers-9078 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): linux-kernel-headers-2.6.32-1.15.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): linux-kernel-headers-2.6.32-1.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): linux-kernel-headers-2.6.32-1.15.1 References: https://bugzilla.novell.com/834498 https://bugzilla.novell.com/849180 https://bugzilla.novell.com/851909 http://download.suse.com/patch/finder/?keywords=242b698136b6d06814676181c7b281e4 From sle-updates at lists.suse.com Tue Apr 29 23:04:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Apr 2014 07:04:39 +0200 (CEST) Subject: SUSE-RU-2014:0583-1: moderate: Recommended update for s390-tools Message-ID: <20140430050439.87982320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0583-1 Rating: moderate References: #864417 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the zfcp_san_disc script to correctly parse the output from the latest lsscsi(8) utility. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-osasnmpd-9025 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (s390x): osasnmpd-1.15.0-0.142.1 s390-tools-1.15.0-0.142.1 References: https://bugzilla.novell.com/864417 http://download.suse.com/patch/finder/?keywords=110e2c37b9a3a798b75f6e2737203e72 From sle-updates at lists.suse.com Wed Apr 30 15:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Apr 2014 23:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0588-1: Recommended update for trousers Message-ID: <20140430210412.65F373213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for trousers ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0588-1 Rating: low References: #868933 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Trousers would terminate with a segmentation fault when trying to wrap a key longer than 2048 bits. As this is not possible due to TPM size limitation, the key length is now restricted to 2048 bits or less. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libtspi1-9035 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libtspi1-9035 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libtspi1-9035 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libtspi1-9035 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): trousers-devel-0.3.10-0.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libtspi1-0.3.10-0.11.1 trousers-0.3.10-0.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libtspi1-32bit-0.3.10-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libtspi1-0.3.10-0.11.1 trousers-0.3.10-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libtspi1-32bit-0.3.10-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libtspi1-x86-0.3.10-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libtspi1-0.3.10-0.11.1 trousers-0.3.10-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libtspi1-32bit-0.3.10-0.11.1 References: https://bugzilla.novell.com/868933 http://download.suse.com/patch/finder/?keywords=a6e03fad9e2fce9bb15303e7dda4ad29 From sle-updates at lists.suse.com Wed Apr 30 17:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 May 2014 01:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0577-2: Recommended update for rubygem-chef-solr and rubygem-merb-core Message-ID: <20140430230412.332F1320AE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-solr and rubygem-merb-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0577-2 Rating: low References: #861306 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This collective update for rubygem-chef-solr and rubygem-merb-core provides the following fix: * Fixed umask setting that causes world-readable log and pid files. (bnc#861306) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rubygems-cloud2-201403-9003 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): rubygem-chef-solr-10.24.4-0.11.1 rubygem-chef-solr-doc-10.24.4-0.11.1 rubygem-merb-core-1.1.3-0.11.1 References: https://bugzilla.novell.com/861306 http://download.suse.com/patch/finder/?keywords=c58d02d1aa8c86460883a492d7987cca