From sle-updates at lists.suse.com Mon Feb 3 10:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2014 18:04:12 +0100 (CET) Subject: SUSE-RU-2014:0187-1: important: Recommended update for sm-ncc-sync-data Message-ID: <20140203170412.D125A32175@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-ncc-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0187-1 Rating: important References: #860782 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the following additions: * SLES11-SP2 LTSS (Long Term Service Pack Support) Channels for SLES and SLES for SAP (bnc#860782) Indications: Support for SLES 11 SP2 LTSS Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-ncc-sync-data-8842 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.16]: sm-ncc-sync-data-1.7.16-0.5.1 References: https://bugzilla.novell.com/860782 http://download.novell.com/patch/finder/?keywords=d4d380ccc0fc20dfdafa3589c65270a8 From sle-updates at lists.suse.com Mon Feb 3 13:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2014 21:04:10 +0100 (CET) Subject: SUSE-SU-2014:0188-1: moderate: Security update for hplip Message-ID: <20140203200410.A99D032175@maintenance.suse.de> SUSE Security Update: Security update for hplip ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0188-1 Rating: moderate References: #808355 #835827 #836937 #852368 Cross-References: CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: hplip was updated to fix three security issues: * CVE-2013-0200: Some local file overwrite problems via predictable /tmp filenames were fixed. * CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. * CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log) Security Issue references: * CVE-2013-4325 * CVE-2013-0200 * CVE-2013-6402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-hplip-8777 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-hplip-8777 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-hplip-8777 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): hplip-3.11.10-0.6.11.1 hplip-hpijs-3.11.10-0.6.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): hplip-3.11.10-0.6.11.1 hplip-hpijs-3.11.10-0.6.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): hplip-3.11.10-0.6.11.1 hplip-hpijs-3.11.10-0.6.11.1 References: http://support.novell.com/security/cve/CVE-2013-0200.html http://support.novell.com/security/cve/CVE-2013-4325.html http://support.novell.com/security/cve/CVE-2013-6402.html https://bugzilla.novell.com/808355 https://bugzilla.novell.com/835827 https://bugzilla.novell.com/836937 https://bugzilla.novell.com/852368 http://download.novell.com/patch/finder/?keywords=f01f53a6117e8797f0c7ebc4df42b9bb From sle-updates at lists.suse.com Tue Feb 4 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2014 01:04:11 +0100 (CET) Subject: SUSE-SU-2014:0189-1: moderate: Security update for Linux kernel Message-ID: <20140205000411.09CDB32178@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0189-1 Rating: moderate References: #708296 #733022 #769035 #769644 #770541 #787843 #789359 #793727 #798050 #805114 #805740 #806988 #807434 #810323 #813245 #818064 #818545 #819979 #820102 #820338 #820434 #821619 #821980 #823618 #825006 #825696 #825896 #826602 #826756 #826978 #827527 #827767 #828236 #831103 #833097 #834473 #834708 #834808 #835074 #835186 #836718 #837206 #837739 #838623 #839407 #839973 #840116 #840226 #841445 #841654 #842239 #843185 #843419 #843429 #843445 #843642 #843645 #843654 #845352 #845378 #845621 #845729 #846036 #846298 #846654 #846984 #846989 #847261 #847660 #847842 #848055 #848317 #848321 #848335 #848336 #848544 #848652 #848864 #849021 #849029 #849034 #849256 #849362 #849364 #849404 #849675 #849809 #849855 #849950 #850072 #850103 #850324 #850493 #850640 #851066 #851101 #851290 #851314 #851603 #851879 #852153 #852373 #852558 #852559 #852624 #852652 #852761 #853050 #853051 #853052 #853053 #853428 #853465 #854516 #854546 #854634 #854722 #856307 #856481 #858534 #858831 Cross-References: CVE-2013-2146 CVE-2013-2930 CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 104 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added: * supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed: * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) * CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) * CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed: * kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). * kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). * kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ * Honor state disabling in the cpuidle ladder governor (bnc#845378). * cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). * net: Do not enable tx-nocache-copy by default (bnc#845378). * mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). * rtc-cmos: Add an alarm disable quirk (bnc#805740). * tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). * tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). * sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). * sched/balancing: Periodically decay max cost of idle balance (bnc#849256). * sched: Consider max cost of idle balance per sched domain (bnc#849256). * sched: Reduce overestimating rq->avg_idle (bnc#849256). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * futex: move user address verification up to common code (bnc#851603). * futexes: Clean up various details (bnc#851603). * futexes: Increase hash table size for better performance (bnc#851603). * futexes: Document multiprocessor ordering guarantees (bnc#851603). * futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). * futexes: Fix futex_hashsize initialization (bnc#851603). * mutex: Make more scalable by doing fewer atomic operations (bnc#849256). * powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). * powerpc: Add System RAM to /proc/iomem (bnc#827527). * powerpc/mm: Mark Memory Resources as busy (bnc#827527). * powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). * powerpc: Make function that parses RTAS error logs global (bnc#852761). * powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). * powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). * powerpc/rtas_flash: Fix bad memory access (bnc#847842). * x86: Update UV3 hub revision ID (bnc#846298 fate#314987). * x86: Remove some noise from boot log when starting cpus (bnc#770541). * x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). * ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). * netback: bump tx queue length (bnc#849404). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4: fix deal with autofs4_write races (bnc#851314). * autofs4: use simple_empty() for empty directory check (bnc#851314). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: Account log unmount transaction correctly (bnc#849950). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories do not show up as files (bnc#826602). * dm-multipath: abort all requests when failing a path (bnc#798050). * scsi: Add "eh_deadline" to limit SCSI EH runtime (bnc#798050). * scsi: Allow error handling timeout to be specified (bnc#798050). * scsi: Fixup compilation warning (bnc#798050). * scsi: Retry failfast commands after EH (bnc#798050). * scsi: Warn on invalid command completion (bnc#798050). * advansys: Remove "last_reset" references (bnc#798050). * cleanup setting task state in scsi_error_handler() (bnc#798050). * dc395: Move "last_reset" into internal host structure (bnc#798050). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). * scsi: kABI fixes (bnc#798050). * scsi: remove check for "resetting" (bnc#798050). * tmscsim: Move "last_reset" into host structure (bnc#798050). * SCSI & usb-storage: add try_rc_10_first flag (bnc#853428). * iscsi_target: race condition on shutdown (bnc#850072). * libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (bnc#837206). * lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout (bnc#856481). * advansys: Remove "last_reset" references (bnc#856481). * dc395: Move "last_reset" into internal host structure (bnc#856481). * Add "eh_deadline" to limit SCSI EH runtime (bnc#856481). * remove check for "resetting" (bnc#856481). * tmscsim: Move "last_reset" into host structure (bnc#856481). * scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist (bnc#846654). * md: Change handling of save_raid_disk and metadata update during recovery (bnc#849364). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#856481). * crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * X.509: Fix certificate gathering (bnc#805114). * pcifront: Deal with toolstack missing "XenbusStateClosing" state. * xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). * xen: fixed USB passthrough issue (bnc#852624). * igb: Fix get_fw_version function for all parts (bnc#848317). * igb: Refactor of init_nvm_params (bnc#848317). * r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352). * qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). * bnx2x: remove false warning regarding interrupt number (bnc#769035). * usb: Fix xHCI host issues on remote wakeup (bnc#846989). * xhci: Limit the spurious wakeup fix only to HP machines (bnc#833097). * Intel xhci: refactor EHCI/xHCI port switching (bnc#840116). * xhci-hub.c: preserved kABI (bnc#840116). * xhci: Refactor port status into a new function (bnc#840116). * HID: multitouch: Add support for NextWindow 0340 touchscreen (bnc#849855). * HID: multitouch: Add support for Qaunta 3027 touchscreen (bnc#854516). * HID: multitouch: add support for Atmel 212c touchscreen (bnc#793727). * HID: multitouch: partial support of win8 devices (bnc#854516,bnc#793727,bnc#849855). * HID: hid-multitouch: add support for the IDEACOM 6650 chip (bnc#854516,bnc#793727,bnc#849855). * ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864). * ALSA: hda - load EQ params into IDT codec on HP bNB13 systems (bnc#850493). * lpfc: correct some issues with txcomplq processing (bnc#818064). * lpfc: correct an issue with rrq processing (bnc#818064). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter "ql2xasynclogin" (bnc#825896). * Pragmatic workaround for realtime class abuse induced latency issues. * Provide realtime priority kthread and workqueue boot options (bnc#836718). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * PCI: pciehp: Retrieve link speed after link is trained (bnc#820102). * PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * PCI: pciehp: replace unconditional sleep with config space access check (bnc#820102). * PCI: pciehp: make check_link_active more helpful (bnc#820102). * PCI: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * PCI: pciehp: Add Disable/enable link functions (bnc#820102). * PCI: pciehp: Disable/enable link during slot power off/on (bnc#820102). * PCI: fix truncation of resource size to 32 bits (bnc#843419). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * mei: ME hardware reset needs to be synchronized (bnc#821619). * kabi: Restore struct irq_desc::timer_rand_state. * fs3270: unloading module does not remove device (bnc#851879, LTC#100284). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * isci: Fix a race condition in the SSP task management path (bnc#826978). * ptp: dynamic allocation of PHC char devices (bnc#851290). * efifb: prevent null-deref when iterating dmi_list (bnc#848055). * dm-mpath: Fixup race condition in activate_path() (bnc#708296). * dm-mpath: do not detach stale hardware handler (bnc#708296). * dm-multipath: Improve logging (bnc#708296). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for "optimized" paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with "Error 15" (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on "mode parameter changed" sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: fixup misplaced brace in alua_initialize() (bnc#858831). * drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). * drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). * drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). * drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). * drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). * drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). * drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). * drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). * drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). * drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). * drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). * drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). * drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). * drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). * drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). * drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). * drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). * drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). * drm/i915: fix gen4 digital port hotplug definitions (bnc#850103). * drm/mgag200: Bug fix: Modified pll algorithm for EH project (bnc#841654). * drm: do not add inferred modes for monitors that do not support them (bnc #849809). * s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). * s390/cio: skip broken paths (bnc#837739,LTC#97047). * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). * s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Security Issue references: * CVE-2013-2146 * CVE-2013-2930 * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6368 * CVE-2013-6376 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8827 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8824 slessp3-kernel-8825 slessp3-kernel-8826 slessp3-kernel-8827 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-8823 slehasp3-kernel-8824 slehasp3-kernel-8825 slehasp3-kernel-8826 slehasp3-kernel-8827 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-8823 sledsp3-kernel-8827 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.15.1 kernel-default-base-3.0.101-0.15.1 kernel-default-devel-3.0.101-0.15.1 kernel-source-3.0.101-0.15.1 kernel-syms-3.0.101-0.15.1 kernel-trace-3.0.101-0.15.1 kernel-trace-base-3.0.101-0.15.1 kernel-trace-devel-3.0.101-0.15.1 kernel-xen-devel-3.0.101-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.15.1 kernel-pae-base-3.0.101-0.15.1 kernel-pae-devel-3.0.101-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.15.1 kernel-default-base-3.0.101-0.15.1 kernel-default-devel-3.0.101-0.15.1 kernel-source-3.0.101-0.15.1 kernel-syms-3.0.101-0.15.1 kernel-trace-3.0.101-0.15.1 kernel-trace-base-3.0.101-0.15.1 kernel-trace-devel-3.0.101-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.15.1 kernel-ec2-base-3.0.101-0.15.1 kernel-ec2-devel-3.0.101-0.15.1 kernel-xen-3.0.101-0.15.1 kernel-xen-base-3.0.101-0.15.1 kernel-xen-devel-3.0.101-0.15.1 xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.15.1 kernel-ppc64-base-3.0.101-0.15.1 kernel-ppc64-devel-3.0.101-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.15.1 kernel-pae-base-3.0.101-0.15.1 kernel-pae-devel-3.0.101-0.15.1 xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.15-2.27.40 cluster-network-kmp-trace-1.4_3.0.101_0.15-2.27.40 gfs2-kmp-default-2_3.0.101_0.15-0.16.46 gfs2-kmp-trace-2_3.0.101_0.15-0.16.46 ocfs2-kmp-default-1.6_3.0.101_0.15-0.20.40 ocfs2-kmp-trace-1.6_3.0.101_0.15-0.20.40 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.15-2.27.40 gfs2-kmp-xen-2_3.0.101_0.15-0.16.46 ocfs2-kmp-xen-1.6_3.0.101_0.15-0.20.40 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.15-2.27.40 gfs2-kmp-ppc64-2_3.0.101_0.15-0.16.46 ocfs2-kmp-ppc64-1.6_3.0.101_0.15-0.20.40 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.15-2.27.40 gfs2-kmp-pae-2_3.0.101_0.15-0.16.46 ocfs2-kmp-pae-1.6_3.0.101_0.15-0.20.40 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.15.1 kernel-default-base-3.0.101-0.15.1 kernel-default-devel-3.0.101-0.15.1 kernel-default-extra-3.0.101-0.15.1 kernel-source-3.0.101-0.15.1 kernel-syms-3.0.101-0.15.1 kernel-trace-devel-3.0.101-0.15.1 kernel-xen-3.0.101-0.15.1 kernel-xen-base-3.0.101-0.15.1 kernel-xen-devel-3.0.101-0.15.1 kernel-xen-extra-3.0.101-0.15.1 xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.15.1 kernel-pae-base-3.0.101-0.15.1 kernel-pae-devel-3.0.101-0.15.1 kernel-pae-extra-3.0.101-0.15.1 xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.15.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.15.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.15.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.15.1 References: http://support.novell.com/security/cve/CVE-2013-2146.html http://support.novell.com/security/cve/CVE-2013-2930.html http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6376.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/733022 https://bugzilla.novell.com/769035 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/770541 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/793727 https://bugzilla.novell.com/798050 https://bugzilla.novell.com/805114 https://bugzilla.novell.com/805740 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/807434 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818064 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821619 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/825006 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/826978 https://bugzilla.novell.com/827527 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831103 https://bugzilla.novell.com/833097 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837206 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/839973 https://bugzilla.novell.com/840116 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/841654 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843185 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/843654 https://bugzilla.novell.com/845352 https://bugzilla.novell.com/845378 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846298 https://bugzilla.novell.com/846654 https://bugzilla.novell.com/846984 https://bugzilla.novell.com/846989 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/847660 https://bugzilla.novell.com/847842 https://bugzilla.novell.com/848055 https://bugzilla.novell.com/848317 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848335 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/848652 https://bugzilla.novell.com/848864 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849256 https://bugzilla.novell.com/849362 https://bugzilla.novell.com/849364 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849855 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850072 https://bugzilla.novell.com/850103 https://bugzilla.novell.com/850324 https://bugzilla.novell.com/850493 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851290 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/851603 https://bugzilla.novell.com/851879 https://bugzilla.novell.com/852153 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/852624 https://bugzilla.novell.com/852652 https://bugzilla.novell.com/852761 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/853053 https://bugzilla.novell.com/853428 https://bugzilla.novell.com/853465 https://bugzilla.novell.com/854516 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/856307 https://bugzilla.novell.com/856481 https://bugzilla.novell.com/858534 https://bugzilla.novell.com/858831 http://download.novell.com/patch/finder/?keywords=155ef3b4e3ba6228ccaef2cbc31bebd9 http://download.novell.com/patch/finder/?keywords=5bc4480468b77bc708f1a53315eda1a5 http://download.novell.com/patch/finder/?keywords=5bf653f731ed3521053f5341cf36caed http://download.novell.com/patch/finder/?keywords=80a0fe93ee599f6907148b6d57bc4386 http://download.novell.com/patch/finder/?keywords=84ede2844b021edeba8226469dc99257 http://download.novell.com/patch/finder/?keywords=8fce986182f7f5e181facfac1db4aae3 http://download.novell.com/patch/finder/?keywords=a863e6ada238d9cd2f9e9150d31fefff http://download.novell.com/patch/finder/?keywords=b711e9a5616f248e3074a4b6c9570dc5 http://download.novell.com/patch/finder/?keywords=d80e8135e5fe036068f832766fc4cfb9 http://download.novell.com/patch/finder/?keywords=ff3893b2e58671834b0dfa8fb9b43401 From sle-updates at lists.suse.com Thu Feb 6 13:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2014 21:04:11 +0100 (CET) Subject: SUSE-SU-2014:0188-2: moderate: Security update for hplip Message-ID: <20140206200411.B000A32183@maintenance.suse.de> SUSE Security Update: Security update for hplip ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0188-2 Rating: moderate References: #808355 #835827 #836937 #852368 Cross-References: CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: hplip was updated to fix three security issues: * CVE-2013-0200: Some local file overwrite problems via predictable /tmp filenames were fixed. * CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. * CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log). Security Issue references: * CVE-2013-4325 * CVE-2013-0200 * CVE-2013-6402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-hplip-8775 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-hplip-8775 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-hplip-8775 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): hplip-3.11.10-0.6.11.1 hplip-hpijs-3.11.10-0.6.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): hplip-3.11.10-0.6.11.1 hplip-hpijs-3.11.10-0.6.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): hplip-3.11.10-0.6.11.1 hplip-hpijs-3.11.10-0.6.11.1 References: http://support.novell.com/security/cve/CVE-2013-0200.html http://support.novell.com/security/cve/CVE-2013-4325.html http://support.novell.com/security/cve/CVE-2013-6402.html https://bugzilla.novell.com/808355 https://bugzilla.novell.com/835827 https://bugzilla.novell.com/836937 https://bugzilla.novell.com/852368 http://download.novell.com/patch/finder/?keywords=a2dac37e61f2ee4ba76c35e24283e75e From sle-updates at lists.suse.com Thu Feb 6 13:05:08 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2014 21:05:08 +0100 (CET) Subject: SUSE-SU-2014:0175-2: moderate: Security update for curl Message-ID: <20140206200508.8FEA032180@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0175-2 Rating: moderate References: #858673 Cross-References: CVE-2014-0015 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-curl-8797 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-curl-8797 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-curl-8797 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-curl-8797 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): curl-7.19.7-1.32.1 libcurl4-7.19.7-1.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libcurl4-32bit-7.19.7-1.32.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.32.1 libcurl4-7.19.7-1.32.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.32.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libcurl4-x86-7.19.7-1.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): curl-7.19.7-1.32.1 libcurl4-7.19.7-1.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libcurl4-32bit-7.19.7-1.32.1 References: http://support.novell.com/security/cve/CVE-2014-0015.html https://bugzilla.novell.com/858673 http://download.novell.com/patch/finder/?keywords=a7cbcbb8c33b09796dcb44facb16d605 From sle-updates at lists.suse.com Thu Feb 6 14:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2014 22:04:10 +0100 (CET) Subject: SUSE-RU-2014:0206-1: Recommended update for createrepo, yum-common Message-ID: <20140206210410.CEE3532180@maintenance.suse.de> SUSE Recommended Update: Recommended update for createrepo, yum-common ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0206-1 Rating: low References: #852961 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides packages createrepo and yum-common rebuilt with higher release numbers to fix online migration issues on SUSE Cloud. There are no code changes in this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-createrepo-yum-201401-8859 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-createrepo-yum-201401-8859 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-createrepo-yum-201401-8859 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): createrepo-0.9.9-0.28.28.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): yum-common-3.2.29-0.15.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): createrepo-0.9.9-0.28.28.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): yum-common-3.2.29-0.15.13.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): createrepo-0.9.9-0.28.28.1 References: https://bugzilla.novell.com/852961 http://download.novell.com/patch/finder/?keywords=c16aa32335ffd0a7732d965e533082f3 From sle-updates at lists.suse.com Fri Feb 7 09:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2014 17:04:11 +0100 (CET) Subject: SUSE-RU-2014:0211-1: Recommended update for WALinuxAgent Message-ID: <20140207160411.9F2BE32186@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0211-1 Rating: low References: #858634 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: WALinuxAgent was updated to version 2.0.2, which brings many fixes and enhancements: * Remove obsolete patch waAgent_sysvfixes.diff (integrated upstream) * Fix UpdateAndPublishHostName() to use correct interface name * Specialize file mode of /etc/shadow when clearing the root password * Fix publishHostname() to use self.hostname_file_path * Remove reference to VM shutdown on "stopped" state * Revert to logging non-verbose by default * Revert to no swap setup by default. For a comprehensive list of fixes, refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-WALinuxAgent-8772 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (noarch): WALinuxAgent-2.0.2-0.5.1 References: https://bugzilla.novell.com/858634 http://download.novell.com/patch/finder/?keywords=3ba0083c33c45a0d45882693c92ea7b2 From sle-updates at lists.suse.com Mon Feb 10 08:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Feb 2014 16:04:12 +0100 (CET) Subject: SUSE-SU-2014:0214-1: moderate: Security update for gimp Message-ID: <20140210150412.64AC43218E@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0214-1 Rating: moderate References: #791372 #853423 #853425 Cross-References: CVE-2012-5576 CVE-2013-1913 CVE-2013-1978 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following security issues with gimp: * bnc#853423: XWD plugin g_new() integer overflow (CVE-2013-1913) * bnc#853425: XWD plugin color map heap-based buffer overflow (CVE-2013-1978) * bnc#791372: memory corruption via XWD files (CVE-2012-5576) Security Issue references: * CVE-2013-1913 * CVE-2012-5576 * CVE-2013-1978 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gimp-8856 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gimp-8856 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.45.1 gimp-devel-2.6.2-3.34.45.1 gimp-lang-2.6.2-3.34.45.1 gimp-plugins-python-2.6.2-3.34.45.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gimp-2.6.2-3.34.45.1 gimp-lang-2.6.2-3.34.45.1 gimp-plugins-python-2.6.2-3.34.45.1 References: http://support.novell.com/security/cve/CVE-2012-5576.html http://support.novell.com/security/cve/CVE-2013-1913.html http://support.novell.com/security/cve/CVE-2013-1978.html https://bugzilla.novell.com/791372 https://bugzilla.novell.com/853423 https://bugzilla.novell.com/853425 http://download.novell.com/patch/finder/?keywords=0ad1765a09ee9612a60c4db564f15ae0 From sle-updates at lists.suse.com Mon Feb 10 16:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 00:04:11 +0100 (CET) Subject: SUSE-SU-2014:0215-1: moderate: Security update for openjdk Message-ID: <20140210230411.A4F2632188@maintenance.suse.de> SUSE Security Update: Security update for openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0215-1 Rating: moderate References: #858818 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This openjdk update fixes several security issues. For a complete list of fixed vulnerabilities and their description please refer to: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J anuary/025800.html Security Issue references: * CVE-2013-5878 * CVE-2013-5884 * CVE-2013-5893 * CVE-2013-5896 * CVE-2013-5907 * CVE-2013-5910 * CVE-2014-0368 * CVE-2014-0373 * CVE-2014-0376 * CVE-2014-0411 * CVE-2014-0416 * CVE-2014-0422 * CVE-2014-0423 * CVE-2014-0428 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-8874 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-0.23.1 java-1_7_0-openjdk-demo-1.7.0.6-0.23.1 java-1_7_0-openjdk-devel-1.7.0.6-0.23.1 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5893.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/858818 http://download.novell.com/patch/finder/?keywords=85809a369b01edda00b6df0fabb730e7 From sle-updates at lists.suse.com Mon Feb 10 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 01:04:11 +0100 (CET) Subject: SUSE-RU-2014:0216-1: Recommended update for s390-tools Message-ID: <20140211000411.7C10232172@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0216-1 Rating: low References: #829513 #844288 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for s390-tools provides the following fixes: * IBM s390-tools-1.15.0 Maintenance Patches (#2) (bnc#844288): o zipl: Use "possible_cpus" kernel parameter o dbginfo.sh: Add missing man page o dbginfo.sh: Enhancements for script execution and man page o dbginfo.sh: Avoid double data collection o zipl: Fix segmentation fault in automenu array * qeth_configure: Ensure any user-input hexadecimal numbers are in lower case. (bnc#829513) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-osasnmpd-8752 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (s390x): osasnmpd-1.15.0-0.140.1 s390-tools-1.15.0-0.140.1 References: https://bugzilla.novell.com/829513 https://bugzilla.novell.com/844288 http://download.novell.com/patch/finder/?keywords=cd6a98afaaed4c6580677520700a3866 From sle-updates at lists.suse.com Mon Feb 10 23:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 07:04:11 +0100 (CET) Subject: SUSE-RU-2014:0217-1: Recommended update for libdrm Message-ID: <20140211060411.7DD7832188@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdrm ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0217-1 Rating: low References: #831103 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libdrm adds support for VEBOX on Haswell Media Server. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libdrm-8725 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libdrm-8725 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libdrm-8725 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libdrm-8725 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libdrm-devel-2.4.41-0.12.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libdrm-devel-32bit-2.4.41-0.12.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libdrm-2.4.41-0.12.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libdrm-32bit-2.4.41-0.12.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libdrm-2.4.41-0.12.3 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libdrm-32bit-2.4.41-0.12.3 - SUSE Linux Enterprise Server 11 SP3 (ia64): libdrm-x86-2.4.41-0.12.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libdrm-2.4.41-0.12.3 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libdrm-32bit-2.4.41-0.12.3 References: https://bugzilla.novell.com/831103 http://download.novell.com/patch/finder/?keywords=b96eaf9f2e13ea44b3e66ab52f221f76 From sle-updates at lists.suse.com Tue Feb 11 10:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 18:04:11 +0100 (CET) Subject: SUSE-SU-2014:0219-1: moderate: Security update for xorg-x11 Message-ID: <20140211170411.A702832189@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0219-1 Rating: moderate References: #854915 Cross-References: CVE-2013-6462 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a stack buffer overflow in xorg-x11 in the bdfReadCharacters() function. CVE-2013-6462 has been assigned to this issue. Security Issue reference: * CVE-2013-6462 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-devel-8724 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-devel-8723 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-devel-8724 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-devel-8724 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-devel-8723 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-devel-8723 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-devel-8724 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-devel-8723 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libs-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libs-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libs-x86-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libs-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libs-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libs-x86-7.4-8.26.40.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libs-7.4-8.26.40.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libs-32bit-7.4-8.26.40.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-devel-7.4-8.26.40.1 xorg-x11-libs-7.4-8.26.40.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libs-32bit-7.4-8.26.40.1 References: http://support.novell.com/security/cve/CVE-2013-6462.html https://bugzilla.novell.com/854915 http://download.novell.com/patch/finder/?keywords=1ff35d4bbf8880a39d867599a6b0b8fb http://download.novell.com/patch/finder/?keywords=57bfa9f3b036a1a91c294e0ed79be8e4 From sle-updates at lists.suse.com Tue Feb 11 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 19:04:12 +0100 (CET) Subject: SUSE-RU-2014:0220-1: Recommended update for openCryptoki Message-ID: <20140211180412.ABC4E32189@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0220-1 Rating: low References: #847645 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides openCryptoki 2.4.3.1 which brings fixes and enhancements: * The IBM Cryptographic Architecture (ICA) token now supports RSA with SHA-2 hashes with the new mechanisms CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, and CKM_SHA512_RSA_PKCS. (FATE#316176, bnc#847645) * Allow import of RSA public and private keys into CCA token. * Allow imported RSA private keys in CCA to also decrypt. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-openCryptoki-8721 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openCryptoki-8721 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openCryptoki-8721 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 2.4.3.1]: openCryptoki-devel-2.4.3.1-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.4.3.1]: openCryptoki-2.4.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.4.3.1]: openCryptoki-2.4.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.4.3.1]: openCryptoki-64bit-2.4.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 2.4.3.1]: openCryptoki-32bit-2.4.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390 s390x x86_64) [New Version: 2.4.3.1]: openCryptoki-2.4.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.4.3.1]: openCryptoki-64bit-2.4.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 s390) [New Version: 2.4.3.1]: openCryptoki-32bit-2.4.3.1-0.7.1 References: https://bugzilla.novell.com/847645 http://download.novell.com/patch/finder/?keywords=b008f0ef39e5bfe41ee9bc9ec5a90e7f From sle-updates at lists.suse.com Tue Feb 11 11:04:29 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 19:04:29 +0100 (CET) Subject: SUSE-SU-2014:0221-1: important: Security update for flash-player Message-ID: <20140211180429.45DBA3218E@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0221-1 Rating: important References: #862288 Cross-References: CVE-2014-0497 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update resolves an integer underflow vulnerability that could have been exploited to execute arbitrary code on the affected system (CVE-2014-0497). More information: http://helpx.adobe.com/security/products/flash-player/apsb14 -04.html Security Issue references: * CVE-2014-0497 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8880 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8876 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.336]: flash-player-11.2.202.336-0.3.1 flash-player-gnome-11.2.202.336-0.3.1 flash-player-kde4-11.2.202.336-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.336]: flash-player-11.2.202.336-0.3.1 flash-player-gnome-11.2.202.336-0.3.1 flash-player-kde4-11.2.202.336-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0497.html https://bugzilla.novell.com/862288 http://download.novell.com/patch/finder/?keywords=357d427aea791a8cdf86792999adf9b4 http://download.novell.com/patch/finder/?keywords=be33063611a1e6ddf32b7fb62f4e935a From sle-updates at lists.suse.com Tue Feb 11 11:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 19:04:47 +0100 (CET) Subject: SUSE-SU-2014:0222-1: moderate: Security update for Spacewalk stack Message-ID: <20140211180447.835683218E@maintenance.suse.de> SUSE Security Update: Security update for Spacewalk stack ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0222-1 Rating: moderate References: #834415 #846356 #850925 #850927 #850928 #850929 #850930 #853913 #854090 #858197 #858652 Cross-References: CVE-2010-2236 CVE-2012-6149 CVE-2013-1869 CVE-2013-1871 CVE-2013-4415 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. It includes 8 new package versions. Description: This Spacewalk stack update fixes the following security issues and bugs: spacewalk-backend: * Check for empty result before printing software entitlement. (bnc#853913) * Added extra log folder to spacewalk-debug. (bnc#854090) * Better detection for SUSE KVM and Cloud systems. spacewalk-branding: * CVE-2013-4415: PAGE_SIZE_LABEL_SELECTED cross-site scripting. (bnc#850925) spacewalk-certs-tools: * Older versions of ssh-copy-id do not support the -o switch. * ssh-keygen fails with an error when known_hosts doesn't exist. * Call the new script from the old one and print deprecation warning. * New ssh-push client initialization script. spacewalk-java: * CVE-2013-4415: PAGE_SIZE_LABEL_SELECTED cross-site scripting. (bnc#850925) * CVE-2010-2236: Clean backticks from monitoring-probes where appropriate. (bnc#850930) * CVE-2012-6149: Fix XSS in notes.jsp. (bnc#850929) * CVE-2013-1869: Only follow internal return_urls to fix header injection flaw. (bnc#850928) * CVE-2013-1871: Fix XSS in edit-address JSPs. (bnc#850927) * Add the paste event handler in 'onload'. (bnc#846356) spacewalk-search: * Allow NULL as createdBy and lastModifiedBy to fix custom info value index. (bnc#834415) spacewalk-utils: * clone-by-date: Fix with dependency check enabled. (bnc#858652) spacewalk-web: * CVE-2013-4415: PAGE_SIZE_LABEL_SELECTED cross-site scripting. (bnc#850925) * Put the given year in the valid range. (bnc#846356) * Paste event handler parsing CVE identifiers with Javascript. (bnc#846356) susemanager: * Create bootstrap repositories from SLES4SAP repos. (bnc#858197) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start Security Issues: * CVE-2010-2236 * CVE-2012-6149 * CVE-2013-1869 * CVE-2013-1871 * CVE-2013-4415 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-suse-manager-201401-8817 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.7.1.11,1.7.27 and 1.7.38.31]: spacewalk-backend-1.7.38.31-0.5.1 spacewalk-backend-app-1.7.38.31-0.5.1 spacewalk-backend-applet-1.7.38.31-0.5.1 spacewalk-backend-config-files-1.7.38.31-0.5.1 spacewalk-backend-config-files-common-1.7.38.31-0.5.1 spacewalk-backend-config-files-tool-1.7.38.31-0.5.1 spacewalk-backend-iss-1.7.38.31-0.5.1 spacewalk-backend-iss-export-1.7.38.31-0.5.1 spacewalk-backend-libs-1.7.38.31-0.5.1 spacewalk-backend-package-push-server-1.7.38.31-0.5.1 spacewalk-backend-server-1.7.38.31-0.5.1 spacewalk-backend-sql-1.7.38.31-0.5.1 spacewalk-backend-sql-oracle-1.7.38.31-0.5.1 spacewalk-backend-sql-postgresql-1.7.38.31-0.5.1 spacewalk-backend-tools-1.7.38.31-0.5.1 spacewalk-backend-xml-export-libs-1.7.38.31-0.5.1 spacewalk-backend-xmlrpc-1.7.38.31-0.5.1 spacewalk-backend-xp-1.7.38.31-0.5.1 spacewalk-branding-1.7.1.11-0.5.1 susemanager-1.7.27-0.5.2 susemanager-tools-1.7.27-0.5.2 - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.15.12,1.7.28.20,1.7.3.11,1.7.3.12 and 1.7.54.30]: spacewalk-base-1.7.28.20-0.5.1 spacewalk-base-minimal-1.7.28.20-0.5.1 spacewalk-certs-tools-1.7.3.11-0.5.1 spacewalk-grail-1.7.28.20-0.5.1 spacewalk-html-1.7.28.20-0.5.1 spacewalk-java-1.7.54.30-0.5.1 spacewalk-java-config-1.7.54.30-0.5.1 spacewalk-java-lib-1.7.54.30-0.5.1 spacewalk-java-oracle-1.7.54.30-0.5.1 spacewalk-java-postgresql-1.7.54.30-0.5.1 spacewalk-pxt-1.7.28.20-0.5.1 spacewalk-search-1.7.3.12-0.5.1 spacewalk-sniglets-1.7.28.20-0.5.1 spacewalk-taskomatic-1.7.54.30-0.5.1 spacewalk-utils-1.7.15.12-0.5.3 References: http://support.novell.com/security/cve/CVE-2010-2236.html http://support.novell.com/security/cve/CVE-2012-6149.html http://support.novell.com/security/cve/CVE-2013-1869.html http://support.novell.com/security/cve/CVE-2013-1871.html http://support.novell.com/security/cve/CVE-2013-4415.html https://bugzilla.novell.com/834415 https://bugzilla.novell.com/846356 https://bugzilla.novell.com/850925 https://bugzilla.novell.com/850927 https://bugzilla.novell.com/850928 https://bugzilla.novell.com/850929 https://bugzilla.novell.com/850930 https://bugzilla.novell.com/853913 https://bugzilla.novell.com/854090 https://bugzilla.novell.com/858197 https://bugzilla.novell.com/858652 http://download.novell.com/patch/finder/?keywords=c86d2c06c2403e2323a238c376ec6f16 From sle-updates at lists.suse.com Tue Feb 11 11:07:24 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Feb 2014 19:07:24 +0100 (CET) Subject: SUSE-SU-2014:0223-1: moderate: Security update for Spacewalk stack Message-ID: <20140211180724.53A1532189@maintenance.suse.de> SUSE Security Update: Security update for Spacewalk stack ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0223-1 Rating: moderate References: #846356 #850925 #853913 #854090 #855610 Cross-References: CVE-2013-4415 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. It includes four new package versions. Description: This SUSE Manager Proxy update fixes the following security issue and bugs: spacewalk-backend: * Check for empty result before printing software entitlement. (bnc#853913) * Added extra log folder to spacewalk-debug. (bnc#854090) * Better detection for SUSE KVM and Cloud systems. spacewalk-certs-tools: * Older versions of ssh-copy-id do not support the -o switch. * ssh-keygen fails with an error when known_hosts doesn't exist. * Call the new script from the old one and print deprecation warning. * New ssh-push client initialization script. spacewalk-proxy: * Fixed client registration via proxy. (bnc#855610) spacewalk-web: * CVE-2013-4415: PAGE_SIZE_LABEL_SELECTED cross-site scripting. (bnc#850925) * Put the given year in the valid range. (bnc#846356) * Paste event handler parsing CVE identifiers with Javascript. (bnc#846356) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Security Issues: * CVE-2013-4415 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-suse-manager-proxy-201401-8818 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.7.38.31]: spacewalk-backend-1.7.38.31-0.5.1 spacewalk-backend-libs-1.7.38.31-0.5.1 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.12.14,1.7.28.20 and 1.7.3.11]: spacewalk-base-minimal-1.7.28.20-0.5.1 spacewalk-certs-tools-1.7.3.11-0.5.1 spacewalk-proxy-broker-1.7.12.14-0.5.1 spacewalk-proxy-common-1.7.12.14-0.5.1 spacewalk-proxy-management-1.7.12.14-0.5.1 spacewalk-proxy-package-manager-1.7.12.14-0.5.1 spacewalk-proxy-redirect-1.7.12.14-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-4415.html https://bugzilla.novell.com/846356 https://bugzilla.novell.com/850925 https://bugzilla.novell.com/853913 https://bugzilla.novell.com/854090 https://bugzilla.novell.com/855610 http://download.novell.com/patch/finder/?keywords=1dc3b35801903770f664389364a3d72e From sle-updates at lists.suse.com Wed Feb 12 09:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Feb 2014 17:04:10 +0100 (CET) Subject: SUSE-SU-2014:0229-1: important: kernel update for SLE11 SP2 Message-ID: <20140212160410.B778032007@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0229-1 Rating: important References: #858831 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to fix a regression introduced by the last update. Regression fix: - scsi_dh_alua: Incorrect reference counting in the SCSI ALUA initialization code lead to system crashes on boot (bnc#858831). As the update introducing the regression was marked security, this is also marked security even though this bug is not security relevant. Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-8865 slessp2-kernel-8868 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-8865 slessp2-kernel-8866 slessp2-kernel-8867 slessp2-kernel-8868 slessp2-kernel-8875 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-8865 sleshasp2-kernel-8866 sleshasp2-kernel-8867 sleshasp2-kernel-8868 sleshasp2-kernel-8875 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-8865 sledsp2-kernel-8868 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.17.1 kernel-default-base-3.0.101-0.7.17.1 kernel-default-devel-3.0.101-0.7.17.1 kernel-source-3.0.101-0.7.17.1 kernel-syms-3.0.101-0.7.17.1 kernel-trace-3.0.101-0.7.17.1 kernel-trace-base-3.0.101-0.7.17.1 kernel-trace-devel-3.0.101-0.7.17.1 kernel-xen-devel-3.0.101-0.7.17.1 xen-kmp-trace-4.1.6_04_3.0.101_0.7.17-0.5.16 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.17.1 kernel-pae-base-3.0.101-0.7.17.1 kernel-pae-devel-3.0.101-0.7.17.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.17.1 kernel-default-base-3.0.101-0.7.17.1 kernel-default-devel-3.0.101-0.7.17.1 kernel-source-3.0.101-0.7.17.1 kernel-syms-3.0.101-0.7.17.1 kernel-trace-3.0.101-0.7.17.1 kernel-trace-base-3.0.101-0.7.17.1 kernel-trace-devel-3.0.101-0.7.17.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.17.1 kernel-ec2-base-3.0.101-0.7.17.1 kernel-ec2-devel-3.0.101-0.7.17.1 kernel-xen-3.0.101-0.7.17.1 kernel-xen-base-3.0.101-0.7.17.1 kernel-xen-devel-3.0.101-0.7.17.1 xen-kmp-default-4.1.6_04_3.0.101_0.7.17-0.5.16 xen-kmp-trace-4.1.6_04_3.0.101_0.7.17-0.5.16 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.17.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.7.17.1 kernel-ppc64-base-3.0.101-0.7.17.1 kernel-ppc64-devel-3.0.101-0.7.17.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.17.1 kernel-pae-base-3.0.101-0.7.17.1 kernel-pae-devel-3.0.101-0.7.17.1 xen-kmp-pae-4.1.6_04_3.0.101_0.7.17-0.5.16 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.7.17-2.18.81 cluster-network-kmp-trace-1.4_3.0.101_0.7.17-2.18.81 gfs2-kmp-default-2_3.0.101_0.7.17-0.7.109 gfs2-kmp-trace-2_3.0.101_0.7.17-0.7.109 ocfs2-kmp-default-1.6_3.0.101_0.7.17-0.11.80 ocfs2-kmp-trace-1.6_3.0.101_0.7.17-0.11.80 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.7.17-2.18.81 gfs2-kmp-xen-2_3.0.101_0.7.17-0.7.109 ocfs2-kmp-xen-1.6_3.0.101_0.7.17-0.11.80 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.7.17-2.18.81 gfs2-kmp-ppc64-2_3.0.101_0.7.17-0.7.109 ocfs2-kmp-ppc64-1.6_3.0.101_0.7.17-0.11.80 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.7.17-2.18.81 gfs2-kmp-pae-2_3.0.101_0.7.17-0.7.109 ocfs2-kmp-pae-1.6_3.0.101_0.7.17-0.11.80 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.17.1 kernel-default-base-3.0.101-0.7.17.1 kernel-default-devel-3.0.101-0.7.17.1 kernel-default-extra-3.0.101-0.7.17.1 kernel-source-3.0.101-0.7.17.1 kernel-syms-3.0.101-0.7.17.1 kernel-trace-3.0.101-0.7.17.1 kernel-trace-base-3.0.101-0.7.17.1 kernel-trace-devel-3.0.101-0.7.17.1 kernel-trace-extra-3.0.101-0.7.17.1 kernel-xen-3.0.101-0.7.17.1 kernel-xen-base-3.0.101-0.7.17.1 kernel-xen-devel-3.0.101-0.7.17.1 kernel-xen-extra-3.0.101-0.7.17.1 xen-kmp-default-4.1.6_04_3.0.101_0.7.17-0.5.16 xen-kmp-trace-4.1.6_04_3.0.101_0.7.17-0.5.16 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.17.1 kernel-pae-base-3.0.101-0.7.17.1 kernel-pae-devel-3.0.101-0.7.17.1 kernel-pae-extra-3.0.101-0.7.17.1 xen-kmp-pae-4.1.6_04_3.0.101_0.7.17-0.5.16 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.17-0.14.90 ext4-writeable-kmp-trace-0_3.0.101_0.7.17-0.14.90 kernel-default-extra-3.0.101-0.7.17.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.7.17-0.14.90 kernel-xen-extra-3.0.101-0.7.17.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.101_0.7.17-0.14.90 kernel-ppc64-extra-3.0.101-0.7.17.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.7.17-0.14.90 kernel-pae-extra-3.0.101-0.7.17.1 References: https://bugzilla.novell.com/858831 http://download.novell.com/patch/finder/?keywords=08528bdc933748991934ac0a1ce94e25 http://download.novell.com/patch/finder/?keywords=10ee063285998a56047341e026dd0951 http://download.novell.com/patch/finder/?keywords=12b1da540849dcd803c06971282c0173 http://download.novell.com/patch/finder/?keywords=26690338c8e252806b712abfcc1eef01 http://download.novell.com/patch/finder/?keywords=32718e53d0f0b9aa299d1dbf68ba3792 http://download.novell.com/patch/finder/?keywords=61a5dc8f3780484fe953a849b4c64f03 http://download.novell.com/patch/finder/?keywords=78531ae4ca3e7e521680f7a48d788159 http://download.novell.com/patch/finder/?keywords=9915a8d37fbceb33d8aacbe08afb18a6 http://download.novell.com/patch/finder/?keywords=abd5de58f981a6204e3d871981888f09 http://download.novell.com/patch/finder/?keywords=d940c974ac1f5b9bad96fada907a460e From sle-updates at lists.suse.com Wed Feb 12 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Feb 2014 23:04:11 +0100 (CET) Subject: SUSE-RU-2014:0230-1: moderate: Recommended update for cpupower Message-ID: <20140212220411.2537532075@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpupower ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0230-1 Rating: moderate References: #809041 #836382 #845378 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cpupower introduces the new "idle-set" sub-command, which allows the user to enable or disable the sleep states of a CPU. For more details, refer to the cpupower-idle-set(1) man page. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cpupower-8696 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cpupower-8696 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cpupower-8696 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cpupower-2.6.39-2.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): cpupower-2.6.39-2.21.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cpupower-2.6.39-2.21.1 References: https://bugzilla.novell.com/809041 https://bugzilla.novell.com/836382 https://bugzilla.novell.com/845378 http://download.novell.com/patch/finder/?keywords=38fa250c466f277478a1a9a50e29ed25 From sle-updates at lists.suse.com Thu Feb 13 11:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Feb 2014 19:04:11 +0100 (CET) Subject: SUSE-RU-2014:0233-1: moderate: Recommended update for rubygem-chef Message-ID: <20140213180411.0B926320B9@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0233-1 Rating: moderate References: #860565 #860865 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef fixes the following issues: * bnc#860865: Race conditions when chef-client is started when there is already an instance running. * bnc#860565: chef-client terminated by logrotate script when chef-client run is ongoing. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rubygem-chef-8888 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): rubygem-chef-10.24.4-0.23.1 rubygem-chef-doc-10.24.4-0.23.1 References: https://bugzilla.novell.com/860565 https://bugzilla.novell.com/860865 http://download.novell.com/patch/finder/?keywords=0abe4d662ab6a55f82ca657350bd9263 From sle-updates at lists.suse.com Fri Feb 14 09:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Feb 2014 17:04:12 +0100 (CET) Subject: SUSE-RU-2014:0236-1: Recommended update for paprefs Message-ID: <20140214160412.A3E02320D9@maintenance.suse.de> SUSE Recommended Update: Recommended update for paprefs ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0236-1 Rating: low References: #858260 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the missing options of paprefs and pavucontrol programs due to incompatible module directories for PulseAudio on SLE 11-SP1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-paprefs-pavucontrol-201401-8821 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): paprefs-0.9.9-1.6.1 pavucontrol-0.9.10-1.5.1 References: https://bugzilla.novell.com/858260 http://download.novell.com/patch/finder/?keywords=1a4bc32ce59427e37cd62a85f52038a8 From sle-updates at lists.suse.com Fri Feb 14 15:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Feb 2014 23:04:10 +0100 (CET) Subject: SUSE-SU-2014:0237-1: moderate: Security update for pwlib Message-ID: <20140214220410.BDB67320EB@maintenance.suse.de> SUSE Security Update: Security update for pwlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0237-1 Rating: moderate References: #809917 Cross-References: CVE-2013-1864 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a XML DoS vulnerability in pwlib. CVE-2013-1864 has been assigned to this issue. Security Issue reference: * CVE-2013-1864 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-pwlib-8838 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-pwlib-8838 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): pwlib-1.10.10-120.35.1 pwlib-devel-1.10.10-120.35.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): pwlib-1.10.10-120.35.1 pwlib-plugins-avc-1.10.10-120.35.1 pwlib-plugins-dc-1.10.10-120.35.1 pwlib-plugins-v4l2-1.10.10-120.35.1 References: http://support.novell.com/security/cve/CVE-2013-1864.html https://bugzilla.novell.com/809917 http://download.novell.com/patch/finder/?keywords=ad05a8a736d6edc55c4a595467278d5b From sle-updates at lists.suse.com Fri Feb 14 18:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Feb 2014 02:04:10 +0100 (CET) Subject: SUSE-RU-2014:0238-1: Recommended update for fontconfig Message-ID: <20140215010410.6989E3209C@maintenance.suse.de> SUSE Recommended Update: Recommended update for fontconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0238-1 Rating: low References: #860596 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fontconfig fixes a segmentation fault when handling empty strings in BDF font properties (SETWIDTH_NAME or SPACING). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-fontconfig-8858 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-fontconfig-8858 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-fontconfig-8858 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-fontconfig-8858 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): fontconfig-devel-2.6.0-10.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): fontconfig-devel-32bit-2.6.0-10.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): fontconfig-2.6.0-10.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): fontconfig-32bit-2.6.0-10.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): fontconfig-2.6.0-10.17.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): fontconfig-32bit-2.6.0-10.17.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): fontconfig-x86-2.6.0-10.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): fontconfig-2.6.0-10.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): fontconfig-32bit-2.6.0-10.17.1 References: https://bugzilla.novell.com/860596 http://download.novell.com/patch/finder/?keywords=c6736a6a406b10dc5fbf5443d0dc77b7 From sle-updates at lists.suse.com Mon Feb 17 22:04:08 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2014 06:04:08 +0100 (CET) Subject: SUSE-RU-2014:0242-1: Recommended update for lio-utils Message-ID: <20140218050408.B876A320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for lio-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0242-1 Rating: low References: #818296 #840099 #850076 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lio-utils provides the following fixes: * Fix error in post-installation script. (bnc#818296) * Fix typo in tcm_node. (bnc#840099) * Add services file for SuSEfirewall. (bnc#850076) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-lio-mibs-8646 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-lio-mibs-8646 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): lio-mibs-4.0-0.16.1 lio-utils-4.0-0.16.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): lio-mibs-4.0-0.16.1 lio-utils-4.0-0.16.1 References: https://bugzilla.novell.com/818296 https://bugzilla.novell.com/840099 https://bugzilla.novell.com/850076 http://download.novell.com/patch/finder/?keywords=5c475c829dc5dd1b9592c3a060b3bb2b From sle-updates at lists.suse.com Tue Feb 18 05:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2014 13:04:12 +0100 (CET) Subject: SUSE-SU-2014:0246-1: important: Security update for IBM Java Message-ID: <20140218120412.954C5320F0@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0246-1 Rating: important References: #861782 #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Java 11 SP3 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update contains the Oracle January 14 2014 CPU for java-1_7_0-ibm. Find more information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU Security Issue references: * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0415 * CVE-2014-0410 * CVE-2013-5889 * CVE-2014-0417 * CVE-2014-0387 * CVE-2014-0424 * CVE-2013-5878 * CVE-2014-0373 * CVE-2014-0375 * CVE-2014-0403 * CVE-2014-0423 * CVE-2014-0376 * CVE-2013-5910 * CVE-2013-5884 * CVE-2013-5896 * CVE-2014-0376 * CVE-2013-5899 * CVE-2014-0416 * CVE-2013-5887 * CVE-2014-0368 * CVE-2013-5888 * CVE-2013-5898 * CVE-2014-0411 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-8878 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_7_0-ibm-8878 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_7_0-ibm-8878 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_7_0-ibm-8878 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-devel-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/861782 https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=4805c1478d9eeaa7d50d2c43a593f582 From sle-updates at lists.suse.com Tue Feb 18 05:25:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2014 13:25:18 +0100 (CET) Subject: SUSE-SU-2014:0248-1: important: Security update for MozillaFirefox Message-ID: <20140218122518.EA03A320F0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0248-1 Rating: important References: #859055 #861847 Cross-References: CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. It includes two new package versions. Description: This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download "open file" dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 * CVE-2014-1479 * CVE-2014-1480 * CVE-2014-1481 * CVE-2014-1482 * CVE-2014-1483 * CVE-2014-1484 * CVE-2014-1485 * CVE-2014-1486 * CVE-2014-1487 * CVE-2014-1488 * CVE-2014-1489 * CVE-2014-1490 * CVE-2014-1491 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201402-8879 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201402-8879 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201402-8879 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201402-8879 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.4]: MozillaFirefox-devel-24.3.0esr-0.8.1 mozilla-nss-devel-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.3.0esr and 3.15.4]: MozillaFirefox-24.3.0esr-0.8.1 MozillaFirefox-translations-24.3.0esr-0.8.1 libfreebl3-3.15.4-0.7.1 libsoftokn3-3.15.4-0.7.1 mozilla-nss-3.15.4-0.7.1 mozilla-nss-tools-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.4]: libfreebl3-32bit-3.15.4-0.7.1 libsoftokn3-32bit-3.15.4-0.7.1 mozilla-nss-32bit-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.3.0esr and 3.15.4]: MozillaFirefox-24.3.0esr-0.8.1 MozillaFirefox-branding-SLED-24-0.7.14 MozillaFirefox-translations-24.3.0esr-0.8.1 libfreebl3-3.15.4-0.7.1 libsoftokn3-3.15.4-0.7.1 mozilla-nss-3.15.4-0.7.1 mozilla-nss-tools-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.4]: libfreebl3-32bit-3.15.4-0.7.1 libsoftokn3-32bit-3.15.4-0.7.1 mozilla-nss-32bit-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.4]: libfreebl3-x86-3.15.4-0.7.1 libsoftokn3-x86-3.15.4-0.7.1 mozilla-nss-x86-3.15.4-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.3.0esr and 3.15.4]: MozillaFirefox-24.3.0esr-0.8.1 MozillaFirefox-branding-SLED-24-0.7.14 MozillaFirefox-translations-24.3.0esr-0.8.1 libfreebl3-3.15.4-0.7.1 libsoftokn3-3.15.4-0.7.1 mozilla-nss-3.15.4-0.7.1 mozilla-nss-tools-3.15.4-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.4]: libfreebl3-32bit-3.15.4-0.7.1 libsoftokn3-32bit-3.15.4-0.7.1 mozilla-nss-32bit-3.15.4-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-1477.html http://support.novell.com/security/cve/CVE-2014-1479.html http://support.novell.com/security/cve/CVE-2014-1480.html http://support.novell.com/security/cve/CVE-2014-1481.html http://support.novell.com/security/cve/CVE-2014-1482.html http://support.novell.com/security/cve/CVE-2014-1483.html http://support.novell.com/security/cve/CVE-2014-1484.html http://support.novell.com/security/cve/CVE-2014-1485.html http://support.novell.com/security/cve/CVE-2014-1486.html http://support.novell.com/security/cve/CVE-2014-1487.html http://support.novell.com/security/cve/CVE-2014-1488.html http://support.novell.com/security/cve/CVE-2014-1489.html http://support.novell.com/security/cve/CVE-2014-1490.html http://support.novell.com/security/cve/CVE-2014-1491.html https://bugzilla.novell.com/859055 https://bugzilla.novell.com/861847 http://download.novell.com/patch/finder/?keywords=b12f5cfd95ec4eca119a488f5fb07f02 From sle-updates at lists.suse.com Tue Feb 18 12:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2014 20:04:11 +0100 (CET) Subject: SUSE-SU-2014:0254-1: moderate: Security update for SUSE Studio Onsite 1.3 Message-ID: <20140218190411.35E12320F0@maintenance.suse.de> SUSE Security Update: Security update for SUSE Studio Onsite 1.3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0254-1 Rating: moderate References: #799639 #825240 #832483 #832807 #833086 #833349 #841953 #843548 #850443 #852095 #852166 Cross-References: CVE-2013-3712 Affected Products: SUSE Studio Onsite 1.3 SUSE Studio Extension for System z 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. It includes one version update. Description: This update provides SUSE Studio 1.3.6, including many enhancements and bug fixes. The changes in detail are: * #852166: Secret tokens are static as shipped. (CVE-2013-3712) * #833086: UEFI enabled images are not bootable outside of testdrive. * #833349: API: No ability to enable UEFI boot. * #852095: Add sidebar message to SLE 10 images mentioning LTSS. * #799639: containment_do.sh: cmd_compress() produces truncated tar files. * #832807: System Z formats not updated after SP2->SP3 upgrade. * #843548: System Z support introduced bug in repository and template import. * #850443: SLE 11 templates contain WebYaST repositories by default. * #825240: EC2 uploads stuck forever. * #841953: Building VHD image for Microsoft reports wrong image type in webhook. * #832483: 2010 copyrights in Studio Runner views. Security Issue references: * CVE-2013-3712 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-136-201312-8754 - SUSE Studio Extension for System z 1.3: zypper in -t patch slestso13-susestudio-136-201312-8754 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.6]: susestudio-1.3.6-0.17.2 susestudio-bundled-packages-1.3.6-0.17.2 susestudio-common-1.3.6-0.17.2 susestudio-runner-1.3.6-0.17.2 susestudio-sid-1.3.6-0.17.2 susestudio-ui-server-1.3.6-0.17.2 - SUSE Studio Extension for System z 1.3 (s390x) [New Version: 1.3.6]: susestudio-common-1.3.6-0.17.2 susestudio-runner-1.3.6-0.17.2 susestudio-ui-server-1.3.6-0.17.2 References: http://support.novell.com/security/cve/CVE-2013-3712.html https://bugzilla.novell.com/799639 https://bugzilla.novell.com/825240 https://bugzilla.novell.com/832483 https://bugzilla.novell.com/832807 https://bugzilla.novell.com/833086 https://bugzilla.novell.com/833349 https://bugzilla.novell.com/841953 https://bugzilla.novell.com/843548 https://bugzilla.novell.com/850443 https://bugzilla.novell.com/852095 https://bugzilla.novell.com/852166 http://download.novell.com/patch/finder/?keywords=83886a3c3a522ebea6193c18f3b3896d From sle-updates at lists.suse.com Wed Feb 19 10:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2014 18:04:10 +0100 (CET) Subject: SUSE-RU-2014:0260-1: Recommended update for release-notes-SLES-for-VMware and release-notes-sles Message-ID: <20140219170410.7A783320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-SLES-for-VMware and release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0260-1 Rating: low References: #847004 #847009 #852292 #860610 #863742 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This update for the Release Notes contains the following: * Updated entry: o ext4: Runtime Switch for Write Support (bnc#860610 via fate#314864). * New entries: o SHA-256 Hash algorithm in IBM Crypto Accelerator (bnc#847004 via fate#316176); o LIO Based FC Targets (fate#316922); o Samba: recursiveness for smbcacls (bnc#847009 via fate#316474). * Removed 3 dead links (bnc#863742). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-release-notes-sles-201402-8906 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-release-notes-sles-201402-8906 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 11.3.30]: release-notes-SLES-for-VMware-11.3.30-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.3.30]: release-notes-sles-11.3.30-0.7.1 References: https://bugzilla.novell.com/847004 https://bugzilla.novell.com/847009 https://bugzilla.novell.com/852292 https://bugzilla.novell.com/860610 https://bugzilla.novell.com/863742 http://download.novell.com/patch/finder/?keywords=2bb8ec551eb429efe7b1bc40ed8ffeda From sle-updates at lists.suse.com Wed Feb 19 13:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2014 21:04:10 +0100 (CET) Subject: SUSE-SU-2014:0248-2: important: Security update for Mozilla Firefox Message-ID: <20140219200410.E3DC8320F0@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0248-2 Rating: important References: #859055 #861847 Cross-References: CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. It includes four new package versions. Description: Mozilla Firefox was updated to the 24.3.0ESR security release. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download "open file" dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Also Mozilla NSS was updated to 3.15.4 release. * required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes Security Issue references: * CVE-2014-1477 * CVE-2014-1479 * CVE-2014-1480 * CVE-2014-1481 * CVE-2014-1482 * CVE-2014-1483 * CVE-2014-1484 * CVE-2014-1485 * CVE-2014-1486 * CVE-2014-1487 * CVE-2014-1488 * CVE-2014-1489 * CVE-2014-1490 * CVE-2014-1491 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201402-8899 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201402-8898 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 24.3.0esr,3.15.4 and 4.10.2]: MozillaFirefox-24.3.0esr-0.4.2.2 MozillaFirefox-branding-SLED-24-0.4.10.4 MozillaFirefox-translations-24.3.0esr-0.4.2.2 firefox-libgcc_s1-4.7.2_20130108-0.16.1 firefox-libstdc++6-4.7.2_20130108-0.16.1 libfreebl3-3.15.4-0.4.2.1 mozilla-nspr-4.10.2-0.3.2 mozilla-nss-3.15.4-0.4.2.1 mozilla-nss-tools-3.15.4-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.15.4 and 4.10.2]: libfreebl3-32bit-3.15.4-0.4.2.1 mozilla-nspr-32bit-4.10.2-0.3.2 mozilla-nss-32bit-3.15.4-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 24,24.3.0esr,3.15.4 and 4.10.2]: MozillaFirefox-24.3.0esr-0.4.2.2 MozillaFirefox-branding-SLED-24-0.4.10.4 MozillaFirefox-translations-24.3.0esr-0.4.2.2 firefox-libgcc_s1-4.7.2_20130108-0.16.1 firefox-libstdc++6-4.7.2_20130108-0.16.1 libfreebl3-3.15.4-0.4.2.1 mozilla-nspr-4.10.2-0.3.2 mozilla-nss-3.15.4-0.4.2.1 mozilla-nss-tools-3.15.4-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.15.4 and 4.10.2]: libfreebl3-32bit-3.15.4-0.4.2.1 mozilla-nspr-32bit-4.10.2-0.3.2 mozilla-nss-32bit-3.15.4-0.4.2.1 References: http://support.novell.com/security/cve/CVE-2014-1477.html http://support.novell.com/security/cve/CVE-2014-1479.html http://support.novell.com/security/cve/CVE-2014-1480.html http://support.novell.com/security/cve/CVE-2014-1481.html http://support.novell.com/security/cve/CVE-2014-1482.html http://support.novell.com/security/cve/CVE-2014-1483.html http://support.novell.com/security/cve/CVE-2014-1484.html http://support.novell.com/security/cve/CVE-2014-1485.html http://support.novell.com/security/cve/CVE-2014-1486.html http://support.novell.com/security/cve/CVE-2014-1487.html http://support.novell.com/security/cve/CVE-2014-1488.html http://support.novell.com/security/cve/CVE-2014-1489.html http://support.novell.com/security/cve/CVE-2014-1490.html http://support.novell.com/security/cve/CVE-2014-1491.html https://bugzilla.novell.com/859055 https://bugzilla.novell.com/861847 http://download.novell.com/patch/finder/?keywords=30bede649a43f15d0ae5fd4070619ffe http://download.novell.com/patch/finder/?keywords=aba5ed8a4574a80ca797b2dbd204522e From sle-updates at lists.suse.com Thu Feb 20 08:05:20 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2014 16:05:20 +0100 (CET) Subject: SUSE-RU-2014:0264-1: moderate: Recommended update for sm-ncc-sync-data Message-ID: <20140220150520.F0426320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-ncc-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0264-1 Rating: moderate References: #860831 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update adds support for SUSE Cloud 3 in SUSE Manager (bnc#860831) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-ncc-sync-data-8889 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.17]: sm-ncc-sync-data-1.7.17-0.5.1 References: https://bugzilla.novell.com/860831 http://download.novell.com/patch/finder/?keywords=100c9ad4d5fe18959b3aed5b291eaff9 From sle-updates at lists.suse.com Thu Feb 20 12:04:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2014 20:04:09 +0100 (CET) Subject: SUSE-SU-2014:0265-1: moderate: Security update for libQt Message-ID: <20140220190409.4B09E320F0@maintenance.suse.de> SUSE Security Update: Security update for libQt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0265-1 Rating: moderate References: #856832 #859158 Cross-References: CVE-2013-4549 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The Qt library was updated to fix a XML entity expansion attack (XXE). (CVE-2013-4549) Security Issue reference: * CVE-2013-4549 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libQtWebKit-devel-8907 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libQtWebKit-devel-8907 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libQtWebKit-devel-8907 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libQtWebKit-devel-8907 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libQtWebKit-devel-4.6.3-5.29.2 libqt4-devel-4.6.3-5.29.2 libqt4-devel-doc-4.6.3-5.29.2 libqt4-sql-postgresql-4.6.3-5.29.2 libqt4-sql-unixODBC-4.6.3-5.29.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libQtWebKit4-32bit-4.6.3-5.29.2 libqt4-sql-mysql-32bit-4.6.3-5.29.2 libqt4-sql-postgresql-32bit-4.6.3-5.29.2 libqt4-sql-sqlite-32bit-4.6.3-5.29.2 libqt4-sql-unixODBC-32bit-4.6.3-5.29.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): libqt4-devel-doc-data-4.6.3-5.29.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libQtWebKit4-x86-4.6.3-5.29.2 libqt4-sql-mysql-x86-4.6.3-5.29.2 libqt4-sql-postgresql-x86-4.6.3-5.29.2 libqt4-sql-sqlite-x86-4.6.3-5.29.2 libqt4-sql-unixODBC-x86-4.6.3-5.29.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libQtWebKit4-4.6.3-5.29.2 libqt4-4.6.3-5.29.2 libqt4-qt3support-4.6.3-5.29.2 libqt4-sql-4.6.3-5.29.2 libqt4-sql-mysql-4.6.3-5.29.2 libqt4-sql-sqlite-4.6.3-5.29.2 libqt4-x11-4.6.3-5.29.2 qt4-x11-tools-4.6.3-5.29.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libQtWebKit4-32bit-4.6.3-5.29.2 libqt4-32bit-4.6.3-5.29.2 libqt4-qt3support-32bit-4.6.3-5.29.2 libqt4-sql-32bit-4.6.3-5.29.2 libqt4-x11-32bit-4.6.3-5.29.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libQtWebKit4-4.6.3-5.29.2 libqt4-4.6.3-5.29.2 libqt4-qt3support-4.6.3-5.29.2 libqt4-sql-4.6.3-5.29.2 libqt4-sql-mysql-4.6.3-5.29.2 libqt4-sql-sqlite-4.6.3-5.29.2 libqt4-x11-4.6.3-5.29.2 qt4-x11-tools-4.6.3-5.29.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libQtWebKit4-32bit-4.6.3-5.29.2 libqt4-32bit-4.6.3-5.29.2 libqt4-qt3support-32bit-4.6.3-5.29.2 libqt4-sql-32bit-4.6.3-5.29.2 libqt4-x11-32bit-4.6.3-5.29.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): libQtWebKit4-x86-4.6.3-5.29.2 libqt4-qt3support-x86-4.6.3-5.29.2 libqt4-sql-x86-4.6.3-5.29.2 libqt4-x11-x86-4.6.3-5.29.2 libqt4-x86-4.6.3-5.29.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libQtWebKit4-4.6.3-5.29.2 libqt4-4.6.3-5.29.2 libqt4-qt3support-4.6.3-5.29.2 libqt4-sql-4.6.3-5.29.2 libqt4-sql-mysql-4.6.3-5.29.2 libqt4-sql-postgresql-4.6.3-5.29.2 libqt4-sql-sqlite-4.6.3-5.29.2 libqt4-sql-unixODBC-4.6.3-5.29.2 libqt4-x11-4.6.3-5.29.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libQtWebKit4-32bit-4.6.3-5.29.2 libqt4-32bit-4.6.3-5.29.2 libqt4-qt3support-32bit-4.6.3-5.29.2 libqt4-sql-32bit-4.6.3-5.29.2 libqt4-sql-mysql-32bit-4.6.3-5.29.2 libqt4-sql-postgresql-32bit-4.6.3-5.29.2 libqt4-sql-sqlite-32bit-4.6.3-5.29.2 libqt4-sql-unixODBC-32bit-4.6.3-5.29.2 libqt4-x11-32bit-4.6.3-5.29.2 References: http://support.novell.com/security/cve/CVE-2013-4549.html https://bugzilla.novell.com/856832 https://bugzilla.novell.com/859158 http://download.novell.com/patch/finder/?keywords=0c8f5a8b3c289efa99af4344c539f168 From sle-updates at lists.suse.com Thu Feb 20 12:04:35 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2014 20:04:35 +0100 (CET) Subject: SUSE-SU-2014:0266-1: important: Security update for IBM Java 6 Message-ID: <20140220190435.70593320F2@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0266-1 Rating: important References: #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS SUSE CORE 9 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: IBM Java 6 was updated to version SR15-FP1 which received security and bugfixes. This release fixes the following problems: * CVE-2014-0428, CVE-2014-0422, CVE-2013-5907, CVE-2014-0415, * CVE-2014-0410, CVE-2013-5889, CVE-2014-0417, CVE-2014-0387, * CVE-2014-0424, CVE-2013-5878, CVE-2014-0373, CVE-2014-0375, * CVE-2014-0403, CVE-2014-0423, CVE-2014-0376, CVE-2013-5910, * CVE-2013-5884, CVE-2013-5896, CVE-2014-0376, CVE-2013-5899, * CVE-2014-0416, CVE-2013-5887, CVE-2014-0368, CVE-2013-5888, * CVE-2013-5898, CVE-2014-0411 More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU Security Issue references: * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0417 * CVE-2014-0373 * CVE-2014-0423 * CVE-2014-0376 * CVE-2014-0376 * CVE-2014-0416 * CVE-2014-0368 * CVE-2014-0411 * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0415 * CVE-2014-0410 * CVE-2013-5889 * CVE-2014-0417 * CVE-2014-0387 * CVE-2014-0424 * CVE-2013-5878 * CVE-2014-0373 * CVE-2014-0375 * CVE-2014-0403 * CVE-2014-0423 * CVE-2014-0376 * CVE-2013-5910 * CVE-2013-5884 * CVE-2013-5896 * CVE-2014-0376 * CVE-2013-5899 * CVE-2014-0416 * CVE-2013-5887 * CVE-2014-0368 * CVE-2013-5888 * CVE-2013-5898 * CVE-2014-0411 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-fonts-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-devel-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-32bit-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-plugin-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.5.1 - SUSE CORE 9 (i586 s390 s390x x86_64): IBMJava5-JRE-1.5.0_sr16.5-0.4 IBMJava5-SDK-1.5.0_sr16.5-0.4 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=5ac9507194ca11bcd295300c16017f4c http://download.novell.com/patch/finder/?keywords=abb9b287dc1d7479726b01b15ea2eeb3 http://download.novell.com/patch/finder/?keywords=b4764fb7eed43ec4dce07d7be78e74c3 From sle-updates at lists.suse.com Fri Feb 21 07:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Feb 2014 15:04:10 +0100 (CET) Subject: SUSE-SU-2014:0266-2: important: Security update for IBM Java 6 Message-ID: <20140221140410.6FDD0320F0@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0266-2 Rating: important References: #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: IBM Java 6 was updated to version SR15-FP1 which received security and bug fixes. More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU Security Issue references: * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0417 * CVE-2014-0373 * CVE-2014-0423 * CVE-2014-0376 * CVE-2014-0376 * CVE-2014-0416 * CVE-2014-0368 * CVE-2014-0411 * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0415 * CVE-2014-0410 * CVE-2013-5889 * CVE-2014-0417 * CVE-2014-0387 * CVE-2014-0424 * CVE-2013-5878 * CVE-2014-0373 * CVE-2014-0375 * CVE-2014-0403 * CVE-2014-0423 * CVE-2014-0376 * CVE-2013-5910 * CVE-2013-5884 * CVE-2013-5896 * CVE-2014-0376 * CVE-2013-5899 * CVE-2014-0416 * CVE-2013-5887 * CVE-2014-0368 * CVE-2013-5888 * CVE-2013-5898 * CVE-2014-0411 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-8900 slessp2-java-1_7_0-ibm-8902 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=3c6eafe266af92731f1280707a727751 http://download.novell.com/patch/finder/?keywords=5bbeed19c42dc4630ad4ad88a7d9bad4 From sle-updates at lists.suse.com Mon Feb 24 07:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2014 15:04:10 +0100 (CET) Subject: SUSE-SU-2014:0287-1: moderate: Security update for Linux kernel Message-ID: <20140224140410.7A284320F2@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0287-1 Rating: moderate References: #714906 #715250 #735347 #744955 #745640 #748896 #752544 #754898 #760596 #761774 #762099 #762366 #763463 #763654 #767610 #767612 #768668 #769644 #769896 #770695 #771706 #771992 #772849 #773320 #773383 #773577 #773640 #773831 #774523 #775182 #776024 #776144 #776885 #777473 #780004 #780008 #780572 #782178 #785016 #786013 #787573 #787576 #789648 #789831 #795354 #797175 #798050 #800280 #801178 #802642 #803320 #804154 #804653 #805226 #805227 #805945 #806138 #806976 #806977 #806980 #807320 #808358 #808827 #809889 #809891 #809892 #809893 #809894 #809898 #809899 #809900 #809901 #809902 #809903 #810045 #810473 #811354 #812364 #813276 #813735 #814363 #814716 #815352 #815745 #816668 #817377 #818337 #818371 #820338 #822575 #822579 #823260 #823267 #823618 #824159 #824295 #825227 #826707 #827416 #827749 #827750 #828012 #828119 #833820 #835094 #835481 #835839 #840226 #840858 #845028 #847652 #847672 #848321 #849021 #851095 #851103 #852558 #852559 #853050 #853051 #853052 #856917 #858869 #858870 #858872 Cross-References: CVE-2011-1083 CVE-2011-3593 CVE-2012-1601 CVE-2012-2137 CVE-2012-2372 CVE-2012-2745 CVE-2012-3375 CVE-2012-3412 CVE-2012-3430 CVE-2012-3511 CVE-2012-4444 CVE-2012-4530 CVE-2012-4565 CVE-2012-6537 CVE-2012-6538 CVE-2012-6539 CVE-2012-6540 CVE-2012-6541 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6547 CVE-2012-6548 CVE-2012-6549 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-0268 CVE-2013-0310 CVE-2013-0343 CVE-2013-0349 CVE-2013-0871 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1827 CVE-2013-1928 CVE-2013-1943 CVE-2013-2015 CVE-2013-2141 CVE-2013-2147 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2634 CVE-2013-2851 CVE-2013-2852 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-2893 CVE-2013-2897 CVE-2013-2929 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 CVE-2013-4345 CVE-2013-4470 CVE-2013-4483 CVE-2013-4511 CVE-2013-4587 CVE-2013-4588 CVE-2013-4591 CVE-2013-6367 CVE-2013-6368 CVE-2013-6378 CVE-2013-6383 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 84 vulnerabilities and has 41 fixes is now available. It includes one version update. Description: This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed: * CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) * CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) * CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) * CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) * CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) * CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) * CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) * CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) * CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) * CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) * CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) * CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) * CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) * CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) * CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) * CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) * CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) * CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) * CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) * CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) * CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) * CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) * CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) * CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) * CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) * CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. (bnc#801178)(XSA-43) * CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) * CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) * CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) * CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) * CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) * CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) * CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) * CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) * CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) * CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) * CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) * CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) * CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) * CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) * CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) * CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) * CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) * CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) * CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) * CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) * CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) * CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) * CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) * CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) * CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) * CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) * CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) * CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed: * x86: Clear HPET configuration registers on startup (bnc#748896). * sched: fix divide by zero in task_utime() (bnc#761774). * sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). * mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. * mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). * cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). * cpumask: Simplify sched_rt.c (bnc#812364). * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). * tty: fix up atime/mtime mess, take three (bnc#797175). * tty: fix atime/mtime regression (bnc#815745). * ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). * kbuild: Fix gcc -x syntax (bnc#773831). * ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). * proc: fix pagemap_read() error case (bnc#787573). * net: Upgrade device features irrespective of mask (bnc#715250). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). * netfilter: prevent race condition breaking net reference counting (bnc#835094). * netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). * netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). * tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). * bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). * scsi: Add "eh_deadline" to limit SCSI EH runtime (bnc#798050). * scsi: Allow error handling timeout to be specified (bnc#798050). * scsi: Fixup compilation warning (bnc#798050). * scsi: Retry failfast commands after EH (bnc#798050). * scsi: Warn on invalid command completion (bnc#798050). * scsi: Always retry internal target error (bnc#745640, bnc#825227). * scsi: kABI fixes (bnc#798050). * scsi: remove check for "resetting" (bnc#798050). * scsi: Eliminate error handler overload of the SCSI serial number (bnc#798050). * scsi: Reduce error recovery time by reducing use of TURs (bnc#798050). * scsi: Reduce sequential pointer derefs in scsi_error.c and reduce size as well (bnc#798050). * scsi: cleanup setting task state in scsi_error_handler() (bnc#798050). * scsi: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) (bnc#798050). * scsi: fix id computation in scsi_eh_target_reset() (bnc#798050). * advansys: Remove "last_reset" references (bnc#798050). * dc395: Move "last_reset" into internal host structure (bnc#798050). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). * fc class: fix scanning when devs are offline (bnc#798050). * tmscsim: Move "last_reset" into host structure (bnc#798050). * st: Store page order before driver buffer allocation (bnc#769644). * st: Increase success probability in driver buffer allocation (bnc#769644). * st: work around broken __bio_add_page logic (bnc#769644). * avoid race by ignoring flush_time in cache_check (bnc#814363). * writeback: remove the internal 5% low bound on dirty_ratio * writeback: skip balance_dirty_pages() for in-memory fs (Do not dirty throttle ram-based filesystems (bnc#840858)). * writeback: Do not sync data dirtied after sync start (bnc#833820). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). * xfs: allow writeback from kswapd (bnc#826707). * xfs: skip writeback from reclaim context (bnc#826707). * xfs: Serialize file-extending direct IO (bnc#818371). * xfs: Avoid pathological backwards allocation (bnc#805945). * xfs: fix inode lookup race (bnc#763463). * cifs: clarify the meaning of tcpStatus == CifsGood (bnc#776024). * cifs: do not allow cifs_reconnect to exit with NULL socket pointer (bnc#776024). * ocfs2: Add a missing journal credit in ocfs2_link_credits() -v2 (bnc#773320). * usb: Fix deadlock in hid_reset when Dell iDRAC is reset (bnc#814716). * usb: xhci: Fix command completion after a drop endpoint (bnc#807320). * netiucv: Hold rtnl between name allocation and device registration (bnc#824159). * rwsem: Test for no active locks in __rwsem_do_wake undo code (bnc#813276). * nfs: NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337). * nfs: Allow sec=none mounts in certain cases (bnc#795354). * nfs: Make nfsiod a multi-thread queue (bnc#815352). * nfs: increase number of permitted callback connections (bnc#771706). * nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008). * nfs: do not allow TASK_KILLABLE sleeps to block the freezer (bnc#775182). * nfs: Avoid race in d_splice_alias and vfs_rmdir (bnc#845028). * svcrpc: take lock on turning entry NEGATIVE in cache_check (bnc#803320). * svcrpc: ensure cache_check caller sees updated entry (bnc#803320). * sunrpc/cache: remove races with queuing an upcall (bnc#803320). * sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320). * sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320). * sunrpc/cache: do not schedule update on cache item that has been replaced (bnc#803320). * sunrpc/cache: fix test in try_to_negate (bnc#803320). * xenbus: fix overflow check in xenbus_dev_write(). * x86: do not corrupt %eip when returning from a signal handler. * scsiback/usbback: move cond_resched() invocations to proper place. * netback: fix netbk_count_requests(). * dm: add dm_deleting_md function (bnc#785016). * dm: bind new table before destroying old (bnc#785016). * dm: keep old table until after resume succeeded (bnc#785016). * dm: rename dm_get_table to dm_get_live_table (bnc#785016). * drm/edid: Fix up partially corrupted headers (bnc#780004). * drm/edid: Retry EDID fetch up to four times (bnc#780004). * i2c-algo-bit: Fix spurious SCL timeouts under heavy load (bnc#780004). * hpilo: remove pci_disable_device (bnc#752544). * mptsas: handle "Initializing Command Required" ASCQ (bnc#782178). * mpt2sas: Fix race on shutdown (bnc#856917). * ipmi: decrease the IPMI message transaction time in interrupt mode (bnc#763654). * ipmi: simplify locking (bnc#763654). * ipmi: use a tasklet for handling received messages (bnc#763654). * bnx2x: bug fix when loading after SAN boot (bnc#714906). * bnx2x: previous driver unload revised (bnc#714906). * ixgbe: Address fact that RSC was not setting GSO size for incoming frames (bnc#776144). * ixgbe: pull PSRTYPE configuration into a separate function (bnc#780572 bnc#773640 bnc#776144). * e1000e: clear REQ and GNT in EECD (82571 && 82572) (bnc#762099). * hpsa: do not attempt to read from a write-only register (bnc#777473). * aio: Fixup kABI for the aio-implement-request-batching patch (bnc#772849). * aio: bump i_count instead of using igrab (bnc#772849). * aio: implement request batching (bnc#772849). * Driver core: Do not remove kobjects in device_shutdown (bnc#771992). * resources: fix call to alignf() in allocate_resource() (bnc#744955). * resources: when allocate_resource() fails, leave resource untouched (bnc#744955). Security Issue references: * CVE-2011-1083 * CVE-2011-3593 * CVE-2012-1601 * CVE-2012-2137 * CVE-2012-2372 * CVE-2012-2745 * CVE-2012-3375 * CVE-2012-3412 * CVE-2012-3430 * CVE-2012-3511 * CVE-2012-4444 * CVE-2012-4530 * CVE-2012-4565 * CVE-2012-6537 * CVE-2012-6538 * CVE-2012-6539 * CVE-2012-6540 * CVE-2012-6541 * CVE-2012-6542 * CVE-2012-6544 * CVE-2012-6545 * CVE-2012-6546 * CVE-2012-6547 * CVE-2012-6548 * CVE-2012-6549 * CVE-2013-0160 * CVE-2013-0216 * CVE-2013-0231 * CVE-2013-0268 * CVE-2013-0310 * CVE-2013-0343 * CVE-2013-0349 * CVE-2013-0871 * CVE-2013-0914 * CVE-2013-1767 * CVE-2013-1773 * CVE-2013-1774 * CVE-2013-1792 * CVE-2013-1796 * CVE-2013-1797 * CVE-2013-1798 * CVE-2013-1827 * CVE-2013-1928 * CVE-2013-1943 * CVE-2013-2015 * CVE-2013-2141 * CVE-2013-2147 * CVE-2013-2164 * CVE-2013-2232 * CVE-2013-2234 * CVE-2013-2237 * CVE-2013-2634 * CVE-2013-2851 * CVE-2013-2852 * CVE-2013-2888 * CVE-2013-2889 * CVE-2013-2892 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2929 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3225 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2013-4345 * CVE-2013-4470 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4587 * CVE-2013-4588 * CVE-2013-4591 * CVE-2013-6367 * CVE-2013-6368 * CVE-2013-6378 * CVE-2013-6383 * CVE-2014-1444 * CVE-2014-1445 * CVE-2014-1446 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-kernel-8847 slessp1-kernel-8848 slessp1-kernel-8849 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.32.59]: btrfs-kmp-default-0_2.6.32.59_0.9-0.3.151 ext4dev-kmp-default-0_2.6.32.59_0.9-7.9.118 ext4dev-kmp-trace-0_2.6.32.59_0.9-7.9.118 kernel-default-2.6.32.59-0.9.1 kernel-default-base-2.6.32.59-0.9.1 kernel-default-devel-2.6.32.59-0.9.1 kernel-source-2.6.32.59-0.9.1 kernel-syms-2.6.32.59-0.9.1 kernel-trace-2.6.32.59-0.9.1 kernel-trace-base-2.6.32.59-0.9.1 kernel-trace-devel-2.6.32.59-0.9.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64) [New Version: 2.6.32.59]: btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151 ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118 hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37 hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37 kernel-ec2-2.6.32.59-0.9.1 kernel-ec2-base-2.6.32.59-0.9.1 kernel-ec2-devel-2.6.32.59-0.9.1 kernel-xen-2.6.32.59-0.9.1 kernel-xen-base-2.6.32.59-0.9.1 kernel-xen-devel-2.6.32.59-0.9.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x) [New Version: 2.6.32.59]: kernel-default-man-2.6.32.59-0.9.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586) [New Version: 2.6.32.59]: btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151 ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118 hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37 kernel-pae-2.6.32.59-0.9.1 kernel-pae-base-2.6.32.59-0.9.1 kernel-pae-devel-2.6.32.59-0.9.1 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): kernel-default-extra-2.6.32.59-0.9.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.59-0.9.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.59-0.9.1 References: http://support.novell.com/security/cve/CVE-2011-1083.html http://support.novell.com/security/cve/CVE-2011-3593.html http://support.novell.com/security/cve/CVE-2012-1601.html http://support.novell.com/security/cve/CVE-2012-2137.html http://support.novell.com/security/cve/CVE-2012-2372.html http://support.novell.com/security/cve/CVE-2012-2745.html http://support.novell.com/security/cve/CVE-2012-3375.html http://support.novell.com/security/cve/CVE-2012-3412.html http://support.novell.com/security/cve/CVE-2012-3430.html http://support.novell.com/security/cve/CVE-2012-3511.html http://support.novell.com/security/cve/CVE-2012-4444.html http://support.novell.com/security/cve/CVE-2012-4530.html http://support.novell.com/security/cve/CVE-2012-4565.html http://support.novell.com/security/cve/CVE-2012-6537.html http://support.novell.com/security/cve/CVE-2012-6538.html http://support.novell.com/security/cve/CVE-2012-6539.html http://support.novell.com/security/cve/CVE-2012-6540.html http://support.novell.com/security/cve/CVE-2012-6541.html http://support.novell.com/security/cve/CVE-2012-6542.html http://support.novell.com/security/cve/CVE-2012-6544.html http://support.novell.com/security/cve/CVE-2012-6545.html http://support.novell.com/security/cve/CVE-2012-6546.html http://support.novell.com/security/cve/CVE-2012-6547.html http://support.novell.com/security/cve/CVE-2012-6548.html http://support.novell.com/security/cve/CVE-2012-6549.html http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-0216.html http://support.novell.com/security/cve/CVE-2013-0231.html http://support.novell.com/security/cve/CVE-2013-0268.html http://support.novell.com/security/cve/CVE-2013-0310.html http://support.novell.com/security/cve/CVE-2013-0343.html http://support.novell.com/security/cve/CVE-2013-0349.html http://support.novell.com/security/cve/CVE-2013-0871.html http://support.novell.com/security/cve/CVE-2013-0914.html http://support.novell.com/security/cve/CVE-2013-1767.html http://support.novell.com/security/cve/CVE-2013-1773.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1792.html http://support.novell.com/security/cve/CVE-2013-1796.html http://support.novell.com/security/cve/CVE-2013-1797.html http://support.novell.com/security/cve/CVE-2013-1798.html http://support.novell.com/security/cve/CVE-2013-1827.html http://support.novell.com/security/cve/CVE-2013-1928.html http://support.novell.com/security/cve/CVE-2013-1943.html http://support.novell.com/security/cve/CVE-2013-2015.html http://support.novell.com/security/cve/CVE-2013-2141.html http://support.novell.com/security/cve/CVE-2013-2147.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2634.html http://support.novell.com/security/cve/CVE-2013-2851.html http://support.novell.com/security/cve/CVE-2013-2852.html http://support.novell.com/security/cve/CVE-2013-2888.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2892.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2929.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4470.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4588.html http://support.novell.com/security/cve/CVE-2013-4591.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2014-1444.html http://support.novell.com/security/cve/CVE-2014-1445.html http://support.novell.com/security/cve/CVE-2014-1446.html https://bugzilla.novell.com/714906 https://bugzilla.novell.com/715250 https://bugzilla.novell.com/735347 https://bugzilla.novell.com/744955 https://bugzilla.novell.com/745640 https://bugzilla.novell.com/748896 https://bugzilla.novell.com/752544 https://bugzilla.novell.com/754898 https://bugzilla.novell.com/760596 https://bugzilla.novell.com/761774 https://bugzilla.novell.com/762099 https://bugzilla.novell.com/762366 https://bugzilla.novell.com/763463 https://bugzilla.novell.com/763654 https://bugzilla.novell.com/767610 https://bugzilla.novell.com/767612 https://bugzilla.novell.com/768668 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/769896 https://bugzilla.novell.com/770695 https://bugzilla.novell.com/771706 https://bugzilla.novell.com/771992 https://bugzilla.novell.com/772849 https://bugzilla.novell.com/773320 https://bugzilla.novell.com/773383 https://bugzilla.novell.com/773577 https://bugzilla.novell.com/773640 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/774523 https://bugzilla.novell.com/775182 https://bugzilla.novell.com/776024 https://bugzilla.novell.com/776144 https://bugzilla.novell.com/776885 https://bugzilla.novell.com/777473 https://bugzilla.novell.com/780004 https://bugzilla.novell.com/780008 https://bugzilla.novell.com/780572 https://bugzilla.novell.com/782178 https://bugzilla.novell.com/785016 https://bugzilla.novell.com/786013 https://bugzilla.novell.com/787573 https://bugzilla.novell.com/787576 https://bugzilla.novell.com/789648 https://bugzilla.novell.com/789831 https://bugzilla.novell.com/795354 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/798050 https://bugzilla.novell.com/800280 https://bugzilla.novell.com/801178 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/803320 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804653 https://bugzilla.novell.com/805226 https://bugzilla.novell.com/805227 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806138 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/806977 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/807320 https://bugzilla.novell.com/808358 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809889 https://bugzilla.novell.com/809891 https://bugzilla.novell.com/809892 https://bugzilla.novell.com/809893 https://bugzilla.novell.com/809894 https://bugzilla.novell.com/809898 https://bugzilla.novell.com/809899 https://bugzilla.novell.com/809900 https://bugzilla.novell.com/809901 https://bugzilla.novell.com/809902 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/810045 https://bugzilla.novell.com/810473 https://bugzilla.novell.com/811354 https://bugzilla.novell.com/812364 https://bugzilla.novell.com/813276 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/814363 https://bugzilla.novell.com/814716 https://bugzilla.novell.com/815352 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818337 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/822575 https://bugzilla.novell.com/822579 https://bugzilla.novell.com/823260 https://bugzilla.novell.com/823267 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/824159 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/825227 https://bugzilla.novell.com/826707 https://bugzilla.novell.com/827416 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/828012 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/833820 https://bugzilla.novell.com/835094 https://bugzilla.novell.com/835481 https://bugzilla.novell.com/835839 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/840858 https://bugzilla.novell.com/845028 https://bugzilla.novell.com/847652 https://bugzilla.novell.com/847672 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/851095 https://bugzilla.novell.com/851103 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/856917 https://bugzilla.novell.com/858869 https://bugzilla.novell.com/858870 https://bugzilla.novell.com/858872 http://download.novell.com/patch/finder/?keywords=36a4c03a7a6e23326bdc75867718c3f5 http://download.novell.com/patch/finder/?keywords=78a90ce26186ad3c08d3168f7c56498f http://download.novell.com/patch/finder/?keywords=92db776383896ad395b93d570e1b0440 http://download.novell.com/patch/finder/?keywords=c00b87e84b1ec845f992a53432644809 http://download.novell.com/patch/finder/?keywords=cebd648c35a6ff05d60a592debc063f7 http://download.novell.com/patch/finder/?keywords=f67e971841459d6799882fcccab88393 From sle-updates at lists.suse.com Mon Feb 24 14:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2014 22:04:14 +0100 (CET) Subject: SUSE-SU-2014:0266-3: important: Security update for IBM Java 6 Message-ID: <20140224210414.C2DA9320F0@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0266-3 Rating: important References: #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Java 11 SP3 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: IBM Java 6 was updated to version SR15-FP1 which received security and bug fixes. More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU Security Issue references: * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0417 * CVE-2014-0373 * CVE-2014-0423 * CVE-2014-0376 * CVE-2014-0376 * CVE-2014-0416 * CVE-2014-0368 * CVE-2014-0411 * CVE-2014-0428 * CVE-2014-0422 * CVE-2013-5907 * CVE-2014-0415 * CVE-2014-0410 * CVE-2013-5889 * CVE-2014-0417 * CVE-2014-0387 * CVE-2014-0424 * CVE-2013-5878 * CVE-2014-0373 * CVE-2014-0375 * CVE-2014-0403 * CVE-2014-0423 * CVE-2014-0376 * CVE-2013-5910 * CVE-2013-5884 * CVE-2013-5896 * CVE-2014-0376 * CVE-2013-5899 * CVE-2014-0416 * CVE-2013-5887 * CVE-2014-0368 * CVE-2013-5888 * CVE-2013-5898 * CVE-2014-0411 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-8896 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm-8896 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm-8896 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_6_0-ibm-8901 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_6_0-ibm-8896 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-fonts-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-devel-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-32bit-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-plugin-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-devel-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Java 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=31bff4adf7f4091ce92bf4450ff8b1f3 http://download.novell.com/patch/finder/?keywords=49593e2ab0f92f334869c11ea4658f10 http://download.novell.com/patch/finder/?keywords=80342541418cc3f0cde43530feba3e08 http://download.novell.com/patch/finder/?keywords=bc9c0f6c8b696630ae6e85a990a72405 From sle-updates at lists.suse.com Mon Feb 24 22:04:08 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2014 06:04:08 +0100 (CET) Subject: SUSE-RU-2014:0288-1: Recommended update for sled-release Message-ID: <20140225050408.3C813320F1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sled-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0288-1 Rating: low References: #837135 Affected Products: SLED 11 HP BNB Preload SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update prepares the system for a System Upgrade to SUSE Linux Enterprise Desktop 11 SP3. Please follow the technical instruction document for the information on how to upgrade your system to SUSE Linux Enterprise Desktop 11 SP3: https://www.suse.com/support/kb/doc.php?id=7012368 Please have a look for more Information and Resources about SUSE Linux Enterprise Desktop 11 SP3 here: http://www.suse.com/promo/sle11sp3.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SLED 11 HP BNB Preload SP2: zypper in -t patch slehpbnbp2-SLED-SP3-Migration-8294 To bring your system up-to-date, use "zypper patch". Package List: - SLED 11 HP BNB Preload SP2 (i586 x86_64): sled-release-11.2-3.31 References: https://bugzilla.novell.com/837135 http://download.novell.com/patch/finder/?keywords=1b2eaf50e70b159badf0072438a0fec5 From sle-updates at lists.suse.com Tue Feb 25 10:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2014 18:04:11 +0100 (CET) Subject: SUSE-RU-2014:0289-1: moderate: Recommended update for hal Message-ID: <20140225170411.5FB16320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for hal ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0289-1 Rating: moderate References: #808462 #847425 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hal provides the following fixes and enhancements: * Do not install a signal handler on the forked hal daemon before being able to properly handle it. * Allow disabling storage device probing by setting HALD_IGNORE_STORAGE to "yes" in /etc/sysconfig/hal. * Do not kill the child when it takes too long to probe devices, as it will only shutdown hald after the probe is complete. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-hal-8861 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-hal-8861 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-hal-8861 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-hal-8861 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): hal-devel-0.5.12-23.74.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): hal-0.5.12-23.74.1 hal-doc-0.5.12-23.74.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): hal-32bit-0.5.12-23.74.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): hal-0.5.12-23.74.1 hal-doc-0.5.12-23.74.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): hal-32bit-0.5.12-23.74.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): hal-x86-0.5.12-23.74.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): hal-0.5.12-23.74.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): hal-32bit-0.5.12-23.74.1 References: https://bugzilla.novell.com/808462 https://bugzilla.novell.com/847425 http://download.novell.com/patch/finder/?keywords=644faed7a13eef913185306ee54b41df From sle-updates at lists.suse.com Tue Feb 25 12:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2014 20:04:11 +0100 (CET) Subject: SUSE-SU-2014:0290-1: critical: Security update for flash-player Message-ID: <20140225190411.30C51320F3@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0290-1 Rating: critical References: #865021 Cross-References: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This update of Adobe Flash Player fixes the following issues: * A stack overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0498) * A memory leak vulnerability that could have been used to defeat memory address layout randomization. (CVE-2014-0499) * A double free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0502) Security Issue references: * CVE-2014-0498 * CVE-2014-0499 * CVE-2014-0502 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8922 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.341]: flash-player-11.2.202.341-0.3.1 flash-player-gnome-11.2.202.341-0.3.1 flash-player-kde4-11.2.202.341-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0498.html http://support.novell.com/security/cve/CVE-2014-0499.html http://support.novell.com/security/cve/CVE-2014-0502.html https://bugzilla.novell.com/865021 http://download.novell.com/patch/finder/?keywords=6003a7ba1dd825daf2236b54355b2495 From sle-updates at lists.suse.com Tue Feb 25 13:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2014 21:04:11 +0100 (CET) Subject: SUSE-RU-2014:0291-1: Recommended update for mdadm Message-ID: <20140225200411.D7A0C320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0291-1 Rating: low References: #773010 #797116 #808647 #816382 #817841 #819331 #819930 #821861 #821934 #827013 #828436 #834041 #838528 #839559 #840526 #841796 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update for mdadm provides many fixes and enhancements: * Don't wait so long when creating arrays. (bnc#816382) * Allow array to be stopped using the kernel name. (bnc#821861) * If mpath is in use, disable mdadm auto-assembly except on dm devices. (bnc#838528) * Fix size handling for RAID0 arrays during reshape. (bnc#821934) * Fix problem with calculation of space available for reshape. (bnc#821934) * Clarify connection between action=re-add and bitmaps in mdadm.conf.5. (bnc#773010) * Print correct size for large external metadata arrays. (bnc#797116) * Retry failed removes in mdadm. (bnc#808647) * Don't assemble the same array with two different names. (bnc#828436) * Attempt to remove from an array any device which disappear. (bnc#819331) * Fix problems with RAID10 re-sync and recovery not completing properly. (bnc#834041) * Allow mdadm to create arrays with more than 1000 devices. (bnc#819930) * Remove partitions from device when included in an 'external' array. (bnc#817841) The update also includes md_monitor 5.0 which fixes the following issues: * Fix incorrect disk detach on arrays with lots of DASDs. (bnc#827013) * Fix locking sequence in reset_mirror(). (bnc#840526) * Do not call ioctl on timeout to avoid blocking. (bnc#839559) * Fix typo in discover_md_components. (bnc#841796) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mdadm-8890 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mdadm-8890 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mdadm-8890 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mdadm-3.2.6-0.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mdadm-3.2.6-0.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mdadm-3.2.6-0.23.1 References: https://bugzilla.novell.com/773010 https://bugzilla.novell.com/797116 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/816382 https://bugzilla.novell.com/817841 https://bugzilla.novell.com/819331 https://bugzilla.novell.com/819930 https://bugzilla.novell.com/821861 https://bugzilla.novell.com/821934 https://bugzilla.novell.com/827013 https://bugzilla.novell.com/828436 https://bugzilla.novell.com/834041 https://bugzilla.novell.com/838528 https://bugzilla.novell.com/839559 https://bugzilla.novell.com/840526 https://bugzilla.novell.com/841796 http://download.novell.com/patch/finder/?keywords=b94141d1c37fe1845a4e14da5f2fc220 From sle-updates at lists.suse.com Tue Feb 25 18:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2014 02:04:11 +0100 (CET) Subject: SUSE-RU-2014:0292-1: Recommended update for SLE POS 11-SP3 Message-ID: <20140226010411.6E7E3320EB@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLE POS 11-SP3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0292-1 Rating: low References: #644656 #801744 #823346 #833970 #835026 #835052 #835424 #835428 #838250 #841034 #841044 #841068 #848075 #849586 #850320 #851580 #851583 #853918 #858689 #858690 #863489 Affected Products: SUSE Linux Enterprise Point of Service 11 SP3 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This collective update for SUSE Linux Enterprise Point of Service 11 SP3 provides the following fixes and enhancements: POS_Image3: * Fixed fallback when the tftp/ftp server is down. (bnc#851580) POS_Server3: * Fix handling of unencrypted password in adminserver.conf on Combo Server. (bnc#853918) * Fix BS initialization on Combo Server if AS is not resolved in extra DNS. (bnc#848075) * Fix registerImages false error report for gzipped non-tar image files. (bnc#851583) * Fixes for the 'pos' command: o Correct times in ws-remove --dry-run output. (bnc#849586) o Fix ws-list output for more MACs. (bnc#841068) o Remove running terminals only with --force option in ws-remove. (bnc#850320) o Fix pos --help text. (bnc#838250, bnc#823346, bnc#841034, bnc#841044) * Fix 'slepos_migrate' script for new installations. (bnc#858690) * Add friendly values for 'slepos_migrate --deploy_type' options described in doc. (bnc#858689) * posASWatch --nodaemon should not run on multiple instances at the same time. (bnc#863489) * Fix regression introduced by the fix for bnc#644656. (bnc#835424) * Fix registerImages scp cmdline parsing. (bnc#835428) * Refresh DNS cache in posInitBranchserver. (bnc#644656) * Fix POS_Server-BranchTools3 requirements. (bnc#801744) * Fix XML import in posAdmin if it has no encapsulating element. (bnc#833970) * Rollback now present in list only if image file exists. (bnc#835052) * Add specific PXE menu also for specific PXEs. (bnc#835026) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Service 11 SP3: zypper in -t patch sleposp3-slepos-201403-8912 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Service 11 SP3 (i586 x86_64): POS_Migration-3.5.4-0.16.1 POS_Server-Admin3-3.5.4-0.16.1 POS_Server-AdminGUI-3.5.4-0.16.1 POS_Server-AdminTools3-3.5.4-0.16.1 POS_Server-BranchTools3-3.5.4-0.16.1 POS_Server-Modules3-3.5.4-0.16.1 POS_Server3-3.5.4-0.16.1 admind-1.9-1.16.1 admind-client-1.9-1.16.1 posbios-1.0-1.16.1 - SUSE Linux Enterprise Point of Service 11 SP3 (noarch): POS_Image-Minimal3-3.4.0-0.16.1 POS_Image-Netboot-hooks-3.4.0-0.16.1 POS_Image-Tools-3.4.0-0.16.1 POS_Image3-3.5.4-0.16.1 References: https://bugzilla.novell.com/644656 https://bugzilla.novell.com/801744 https://bugzilla.novell.com/823346 https://bugzilla.novell.com/833970 https://bugzilla.novell.com/835026 https://bugzilla.novell.com/835052 https://bugzilla.novell.com/835424 https://bugzilla.novell.com/835428 https://bugzilla.novell.com/838250 https://bugzilla.novell.com/841034 https://bugzilla.novell.com/841044 https://bugzilla.novell.com/841068 https://bugzilla.novell.com/848075 https://bugzilla.novell.com/849586 https://bugzilla.novell.com/850320 https://bugzilla.novell.com/851580 https://bugzilla.novell.com/851583 https://bugzilla.novell.com/853918 https://bugzilla.novell.com/858689 https://bugzilla.novell.com/858690 https://bugzilla.novell.com/863489 http://download.novell.com/patch/finder/?keywords=b9c2eb56835fd201ba57a131612b777e From sle-updates at lists.suse.com Wed Feb 26 08:04:26 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2014 16:04:26 +0100 (CET) Subject: SUSE-RU-2014:0297-1: moderate: Recommended update for High Availabiltiy Extension 11 SP3 Message-ID: <20140226150426.EA95C320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for High Availabiltiy Extension 11 SP3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0297-1 Rating: moderate References: #855099 #856018 #857779 #858745 #858857 #859923 #862046 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. It includes two new package versions. Description: This collective update for the High Availability Extension 11 SP3 provides many fixes and enhancements. libdlm: * Fix _unlink_checkpoint error message. (bnc#856018) libqb: * ipc: Remove ipc connection reference given to dispatch functions. (bnc#857779) * ipc: Fix memory leak in server connection accept when client partially connects. (bnc#857779) * ipc: Increase the listen backlog of IPC server. (bnc#857779) pacemaker: * cluster: Fix segmentation fault when removing a node. (bnc#858745) * services: Reset the scheduling policy and priority for lrmd's children without replying on SCHED_RESET_ON_FORK. (bnc#858857) * services: Correctly reset the nice value for lrmd's children. (bnc#858857) * services: Fix segmentation fault associated with cancelling in-flight recurring operations. (bnc#859923) * fencing: Update stonith device list only if stonith is enabled. (bnc#857779) * stonith: Drop the severity of log for recoverable condition. (bnc#857779) * ipc: Fix memory leak for failed ipc client connections. (bnc#857779) * crm_ticket: Support multiple modifications for a ticket in an atomic operation. (bnc#855099) pacemaker-mgmt: * snmp_subagent: Correctly obtain file descriptor for IPC connection to cib in pacemaker >= 1.1.8. (bnc#862046) The list above is not comprehensive. For details, please refer to the individual package change logs and Bugzilla. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-slehae-201401-8883 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-slehae-201401-8883 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.16.0]: libqb-devel-0.16.0-0.9.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.16.0 and 1.1.10]: libdlm-3.00.01-0.28.5 libdlm-devel-3.00.01-0.28.5 libdlm3-3.00.01-0.28.5 libpacemaker-devel-1.1.10-0.15.25 libpacemaker3-1.1.10-0.15.25 libqb-devel-0.16.0-0.9.1 libqb0-0.16.0-0.9.1 pacemaker-1.1.10-0.15.25 pacemaker-mgmt-2.1.2-0.13.1 pacemaker-mgmt-client-2.1.2-0.13.1 pacemaker-mgmt-devel-2.1.2-0.13.1 References: https://bugzilla.novell.com/855099 https://bugzilla.novell.com/856018 https://bugzilla.novell.com/857779 https://bugzilla.novell.com/858745 https://bugzilla.novell.com/858857 https://bugzilla.novell.com/859923 https://bugzilla.novell.com/862046 http://download.novell.com/patch/finder/?keywords=9f5518edd2783ab151072fea0c1f83d6 From sle-updates at lists.suse.com Wed Feb 26 09:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2014 17:04:11 +0100 (CET) Subject: SUSE-RU-2014:0298-1: Recommended update for kvm Message-ID: <20140226160411.99DC0320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for kvm ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0298-1 Rating: low References: #812836 #812983 #841080 #842088 #858858 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This update for KVM provides support for the Ceph components of SUSE Cloud by implementing compatibility with a dynamically loaded rbd plug-in. Currently, this plug-in is not delivered with SUSE Linux Enterprise Server. (FATE#316580, bnc#858858) Additionally, the following issues have been fixed: * Provide dummy color map for VNC viewers which may request a color map. (bnc#842088) * Allow cross migration from SP2's qemu-kvm 0.15 to qemu 1.4. (bnc#812836, bnc#841080) * Fix potential rtl8139/pcnet network stalls. * Update to new s390-ccw.img firmware from v1.6.0. (bnc#812983) * Add fix for virtio-ccw reset. (bnc#812983) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kvm-8841 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kvm-8841 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.9.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.9.1 References: https://bugzilla.novell.com/812836 https://bugzilla.novell.com/812983 https://bugzilla.novell.com/841080 https://bugzilla.novell.com/842088 https://bugzilla.novell.com/858858 http://download.novell.com/patch/finder/?keywords=891296485bb654e0a5d695af47dac493 From sle-updates at lists.suse.com Wed Feb 26 10:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2014 18:04:11 +0100 (CET) Subject: SUSE-RU-2014:0299-1: moderate: Recommended update for mkinitrd Message-ID: <20140226170411.D2E7832138@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0299-1 Rating: moderate References: #480808 #830968 #848293 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mkinitrd provides the following fixes: * Fix waiting for multipath when using md on top of multipath. (bnc#848293) * Add support for two network interfaces in the iBFT. (bnc#830968) * Really include mmc_block driver. (bnc#480808) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mkinitrd-8808 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mkinitrd-8808 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mkinitrd-8808 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mkinitrd-2.4.2-0.88.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.88.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mkinitrd-2.4.2-0.88.1 References: https://bugzilla.novell.com/480808 https://bugzilla.novell.com/830968 https://bugzilla.novell.com/848293 http://download.novell.com/patch/finder/?keywords=f0258e17d45806160ad925836f756b5c From sle-updates at lists.suse.com Wed Feb 26 15:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2014 23:04:10 +0100 (CET) Subject: SUSE-RU-2014:0300-1: Recommended update for glib2 Message-ID: <20140226220410.1C5B23213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0300-1 Rating: low References: #846912 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 adds a workaround to ignore multiple calls to g_thread_init(), preventing issues with some upstream Java implementations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glib2-8882 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glib2-8882 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glib2-8882 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glib2-8882 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.12.1 libgio-fam-2.22.5-0.8.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glib2-doc-2.22.5-0.8.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): glib2-devel-32bit-2.22.5-0.8.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glib2-2.22.5-0.8.12.1 glib2-doc-2.22.5-0.8.12.1 glib2-lang-2.22.5-0.8.12.1 libgio-2_0-0-2.22.5-0.8.12.1 libglib-2_0-0-2.22.5-0.8.12.1 libgmodule-2_0-0-2.22.5-0.8.12.1 libgobject-2_0-0-2.22.5-0.8.12.1 libgthread-2_0-0-2.22.5-0.8.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.12.1 libglib-2_0-0-32bit-2.22.5-0.8.12.1 libgmodule-2_0-0-32bit-2.22.5-0.8.12.1 libgobject-2_0-0-32bit-2.22.5-0.8.12.1 libgthread-2_0-0-32bit-2.22.5-0.8.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.12.1 glib2-doc-2.22.5-0.8.12.1 glib2-lang-2.22.5-0.8.12.1 libgio-2_0-0-2.22.5-0.8.12.1 libglib-2_0-0-2.22.5-0.8.12.1 libgmodule-2_0-0-2.22.5-0.8.12.1 libgobject-2_0-0-2.22.5-0.8.12.1 libgthread-2_0-0-2.22.5-0.8.12.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.12.1 libglib-2_0-0-32bit-2.22.5-0.8.12.1 libgmodule-2_0-0-32bit-2.22.5-0.8.12.1 libgobject-2_0-0-32bit-2.22.5-0.8.12.1 libgthread-2_0-0-32bit-2.22.5-0.8.12.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgio-2_0-0-x86-2.22.5-0.8.12.1 libglib-2_0-0-x86-2.22.5-0.8.12.1 libgmodule-2_0-0-x86-2.22.5-0.8.12.1 libgobject-2_0-0-x86-2.22.5-0.8.12.1 libgthread-2_0-0-x86-2.22.5-0.8.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glib2-2.22.5-0.8.12.1 glib2-devel-2.22.5-0.8.12.1 glib2-lang-2.22.5-0.8.12.1 libgio-2_0-0-2.22.5-0.8.12.1 libgio-fam-2.22.5-0.8.12.1 libglib-2_0-0-2.22.5-0.8.12.1 libgmodule-2_0-0-2.22.5-0.8.12.1 libgobject-2_0-0-2.22.5-0.8.12.1 libgthread-2_0-0-2.22.5-0.8.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.12.1 libglib-2_0-0-32bit-2.22.5-0.8.12.1 libgmodule-2_0-0-32bit-2.22.5-0.8.12.1 libgobject-2_0-0-32bit-2.22.5-0.8.12.1 libgthread-2_0-0-32bit-2.22.5-0.8.12.1 References: https://bugzilla.novell.com/846912 http://download.novell.com/patch/finder/?keywords=92b39f27e748617a5108ae74fc2ad209 From sle-updates at lists.suse.com Thu Feb 27 08:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2014 16:04:11 +0100 (CET) Subject: SUSE-SU-2014:0301-1: moderate: Security update for python-logilab-common Message-ID: <20140227150412.002973213C@maintenance.suse.de> SUSE Security Update: Security update for python-logilab-common ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0301-1 Rating: moderate References: #861822 Cross-References: CVE-2014-1838 CVE-2014-1839 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: With this update multiple temporary file vulnerabilities have been fixed (CVE-2014-1838). Security Issue references: * CVE-2014-1838 * CVE-2014-1839 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-logilab-common-8909 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-logilab-common-0.56.2-1.9.1 References: http://support.novell.com/security/cve/CVE-2014-1838.html http://support.novell.com/security/cve/CVE-2014-1839.html https://bugzilla.novell.com/861822 http://download.novell.com/patch/finder/?keywords=a47a40734ab35938287f3f5665ecd80f From sle-updates at lists.suse.com Thu Feb 27 09:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2014 17:04:12 +0100 (CET) Subject: SUSE-RU-2014:0302-1: moderate: Recommended update for btrfsprogs Message-ID: <20140227160412.660363213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0302-1 Rating: moderate References: #842510 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsprogs fixes udev's detection rule in systems with LVM. This issue could prevent some file systems from being mounted at boot time. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-btrfsprogs-8884 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-btrfsprogs-8884 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-btrfsprogs-8884 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-btrfsprogs-8884 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libbtrfs-devel-0.20-0.39.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): btrfsprogs-0.20-0.39.1 libbtrfs0-0.20-0.39.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): btrfsprogs-0.20-0.39.1 libbtrfs0-0.20-0.39.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): btrfsprogs-0.20-0.39.1 libbtrfs0-0.20-0.39.1 References: https://bugzilla.novell.com/842510 http://download.novell.com/patch/finder/?keywords=17bd66f8bd0842ed3efbe2fd86a19f86 From sle-updates at lists.suse.com Thu Feb 27 16:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2014 00:04:11 +0100 (CET) Subject: SUSE-RU-2014:0305-1: Recommended update for yast2 Message-ID: <20140227230411.9AD913213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0305-1 Rating: low References: #803358 #827031 #837517 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This collective update for YaST2 provides the following fixes: * Fix /sbin/yast2 to start correctly in non UTF-8 environment. (bnc#827031) * Fix misinterpretation of IPv6 prefixes when converting to netmask. (bnc#837517) * Warn the user if Chef could overwrite changes. (bnc#803358) * Check for Chef outside in the yast2 shell script to catch modules not using CommandLine. (bnc#803358) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-yast2-8873 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-8873 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-8873 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-8873 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.134]: yast2-devel-doc-2.17.134-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.17.134]: yast2-2.17.134-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.134]: yast2-2.17.134-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.17.134]: yast2-2.17.134-0.7.1 References: https://bugzilla.novell.com/803358 https://bugzilla.novell.com/827031 https://bugzilla.novell.com/837517 http://download.novell.com/patch/finder/?keywords=c3155e0f3890fd96eeed98333b6419dd From sle-updates at lists.suse.com Fri Feb 28 08:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2014 16:04:11 +0100 (CET) Subject: SUSE-RU-2014:0312-1: Recommended update for sudo Message-ID: <20140228150411.017163213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0312-1 Rating: low References: #823292 #823796 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sudo provides the following fixes: * Escape "sudo -i" and "sudo -s" command arguments to prevent command line corruption. (bnc#823796) * Adjust the sudoers(5) manual page to reflect SUSE-specific changes. (bnc#823292) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-sudo-8915 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-sudo-8915 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sudo-8915 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): sudo-1.7.6p2-0.19.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): sudo-1.7.6p2-0.19.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): sudo-1.7.6p2-0.19.1 References: https://bugzilla.novell.com/823292 https://bugzilla.novell.com/823796 http://download.novell.com/patch/finder/?keywords=67d1d49e7ab71ae3435113c72703091d From sle-updates at lists.suse.com Fri Feb 28 15:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2014 23:04:12 +0100 (CET) Subject: SUSE-RU-2014:0313-1: important: Recommended update for DRBD Message-ID: <20140228220412.114D23213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for DRBD ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0313-1 Rating: important References: #857231 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for DRBD fixes a compatibility issue with the latest released Linux Kernel update (version 3.0.101) that could cause a kernel panic. * Submit discard/trim/unmap bios with a single (but empty) biovec. (bnc#857231) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-drbd-844-201401-8766 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-drbd-844-201401-8766 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64): drbd-kmp-rt-8.4.4_3.0.101_rt130_0.10-0.22.7 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.10-0.22.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.4.4]: drbd-8.4.4-0.22.9 drbd-bash-completion-8.4.4-0.22.9 drbd-heartbeat-8.4.4-0.22.9 drbd-kmp-default-8.4.4_3.0.101_0.15-0.22.7 drbd-kmp-trace-8.4.4_3.0.101_0.15-0.22.7 drbd-pacemaker-8.4.4-0.22.9 drbd-udev-8.4.4-0.22.9 drbd-utils-8.4.4-0.22.9 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): drbd-kmp-xen-8.4.4_3.0.101_0.15-0.22.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64) [New Version: 8.4.4]: drbd-xen-8.4.4-0.22.9 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): drbd-kmp-ppc64-8.4.4_3.0.101_0.15-0.22.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): drbd-kmp-pae-8.4.4_3.0.101_0.15-0.22.7 References: https://bugzilla.novell.com/857231 http://download.novell.com/patch/finder/?keywords=abcae585cbf5f2419ddd7f86e5e12072