From sle-updates at lists.suse.com Fri Jan 2 02:05:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jan 2015 10:05:09 +0100 (CET) Subject: SUSE-SU-2015:0003-1: moderate: Security update for libxml2 Message-ID: <20150102090509.BBFC93235B@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0003-1 Rating: moderate References: #901546 #908376 Cross-References: CVE-2014-3660 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This libxml2 update fixes the following security and non-security issues: - Fix a denial of service via recursive entity expansion. (CVE-2014-3660, bnc#901546, bgo#738805) - Fix a regression in xzlib compression support. (bnc#908376) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-10.1 libxml2-devel-2.9.1-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libxml2-2-2.9.1-10.1 libxml2-2-debuginfo-2.9.1-10.1 libxml2-debugsource-2.9.1-10.1 libxml2-tools-2.9.1-10.1 libxml2-tools-debuginfo-2.9.1-10.1 python-libxml2-2.9.1-10.1 python-libxml2-debuginfo-2.9.1-10.1 python-libxml2-debugsource-2.9.1-10.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libxml2-2-32bit-2.9.1-10.1 libxml2-2-debuginfo-32bit-2.9.1-10.1 - SUSE Linux Enterprise Server 12 (noarch): libxml2-doc-2.9.1-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxml2-2-2.9.1-10.1 libxml2-2-32bit-2.9.1-10.1 libxml2-2-debuginfo-2.9.1-10.1 libxml2-2-debuginfo-32bit-2.9.1-10.1 libxml2-debugsource-2.9.1-10.1 libxml2-tools-2.9.1-10.1 libxml2-tools-debuginfo-2.9.1-10.1 python-libxml2-2.9.1-10.1 python-libxml2-debuginfo-2.9.1-10.1 python-libxml2-debugsource-2.9.1-10.1 References: http://support.novell.com/security/cve/CVE-2014-3660.html https://bugzilla.suse.com/show_bug.cgi?id=901546 https://bugzilla.suse.com/show_bug.cgi?id=908376 From sle-updates at lists.suse.com Mon Jan 5 03:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Jan 2015 11:04:42 +0100 (CET) Subject: SUSE-OU-2015:0009-1: Optional update for mtx Message-ID: <20150105100442.AC2E93235B@maintenance.suse.de> SUSE Optional Update: Optional update for mtx ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0009-1 Rating: low References: #904234 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The tape library utility "mtx" was missing from SUSE Linux Enterprise Server 12, this update adds it back. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-2 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mtx-1.3.12-22.1 mtx-debuginfo-1.3.12-22.1 mtx-debugsource-1.3.12-22.1 References: https://bugzilla.suse.com/show_bug.cgi?id=904234 From sle-updates at lists.suse.com Mon Jan 5 13:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Jan 2015 21:04:40 +0100 (CET) Subject: SUSE-SU-2015:0010-1: important: Security update for suseRegister Message-ID: <20150105200440.36FAF3235B@maintenance.suse.de> SUSE Security Update: Security update for suseRegister ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0010-1 Rating: important References: #901757 Cross-References: CVE-2014-3566 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: suseRegister was updated to fix one security issue: * POODLE: Ensure that only TLS is used. (CVE-2014-3566) Security Issues: * CVE-2014-3566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-suseRegister-10008 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-suseRegister-10008 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-suseRegister-10008 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): suseRegister-1.4-1.35.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): suseRegister-1.4-1.35.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): suseRegister-1.4-1.35.1 References: http://support.novell.com/security/cve/CVE-2014-3566.html https://bugzilla.suse.com/show_bug.cgi?id=901757 http://download.suse.com/patch/finder/?keywords=607ea368d0c29e0c7f5f3a31b17fddd9 From sle-updates at lists.suse.com Mon Jan 5 13:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Jan 2015 21:04:55 +0100 (CET) Subject: SUSE-SU-2015:0011-1: important: Security update for bind Message-ID: <20150105200455.667EC3235D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0011-1 Rating: important References: #743758 #882511 #908994 Cross-References: CVE-2014-8500 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: bind has been updated to version 9.9.6P1, fixing the following security issue: * A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500, bnc#908994). * The recursion depth limit is configured via the "max-recursion-depth" option, and the query limit via the "max-recursion-queries" option. Additionally, two non-security issues have been fixed: * bnc#882511: Fix a multi-thread issue with IXFR. * bnc#743758: Fix handling of TXT records in ldapdump. Security Issues: * CVE-2014-8500 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind-10100 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind-10100 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind-10100 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind-10100 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-devel-9.9.6P1-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.6P1]: bind-devel-32bit-9.9.6P1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.5.1 bind-chrootenv-9.9.6P1-0.5.1 bind-doc-9.9.6P1-0.5.1 bind-libs-9.9.6P1-0.5.1 bind-utils-9.9.6P1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.5.1 bind-chrootenv-9.9.6P1-0.5.1 bind-doc-9.9.6P1-0.5.1 bind-libs-9.9.6P1-0.5.1 bind-utils-9.9.6P1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.6P1]: bind-libs-x86-9.9.6P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.6P1]: bind-libs-9.9.6P1-0.5.1 bind-utils-9.9.6P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-8500.html https://bugzilla.suse.com/show_bug.cgi?id=743758 https://bugzilla.suse.com/show_bug.cgi?id=882511 https://bugzilla.suse.com/show_bug.cgi?id=908994 http://download.suse.com/patch/finder/?keywords=0260c778aca79758010e65db535ef099 From sle-updates at lists.suse.com Tue Jan 6 10:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jan 2015 18:04:44 +0100 (CET) Subject: SUSE-SU-2015:0012-1: important: Security update for mutt Message-ID: <20150106170444.278A93235B@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0012-1 Rating: important References: #899712 #907453 Cross-References: CVE-2014-9116 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: mutt was updated to fix one security issue. This security issue was fixed: - Heap-based buffer overflow in mutt_substrdup() (CVE-2014-9116). This non-security issue was fixed: - Handle text/html by default (bnc#899712) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-3 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-3 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mutt-1.5.21-49.1 mutt-debuginfo-1.5.21-49.1 mutt-debugsource-1.5.21-49.1 - SUSE Linux Enterprise Desktop 12 (x86_64): mutt-1.5.21-49.1 mutt-debuginfo-1.5.21-49.1 mutt-debugsource-1.5.21-49.1 References: http://support.novell.com/security/cve/CVE-2014-9116.html https://bugzilla.suse.com/show_bug.cgi?id=899712 https://bugzilla.suse.com/show_bug.cgi?id=907453 From sle-updates at lists.suse.com Wed Jan 7 05:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Jan 2015 13:04:40 +0100 (CET) Subject: SUSE-SU-2015:0013-1: moderate: Security update for libyaml Message-ID: <20150107120440.E3C563235B@maintenance.suse.de> SUSE Security Update: Security update for libyaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0013-1 Rating: moderate References: #907809 Cross-References: CVE-2014-9130 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libyaml update fixes the following security issue: - bnc#907809: assert failure when processing wrapped strings (CVE-2014-9130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-4 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-4 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-4 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libyaml-debugsource-0.1.6-4.1 libyaml-devel-0.1.6-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libyaml-0-2-0.1.6-4.1 libyaml-0-2-debuginfo-0.1.6-4.1 libyaml-debugsource-0.1.6-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libyaml-0-2-0.1.6-4.1 libyaml-0-2-debuginfo-0.1.6-4.1 libyaml-debugsource-0.1.6-4.1 References: http://support.novell.com/security/cve/CVE-2014-9130.html https://bugzilla.suse.com/show_bug.cgi?id=907809 From sle-updates at lists.suse.com Wed Jan 7 13:04:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Jan 2015 21:04:39 +0100 (CET) Subject: SUSE-SU-2015:0015-1: moderate: Security update for openstack-dashboard Message-ID: <20150107200439.E0B933235B@maintenance.suse.de> SUSE Security Update: Security update for openstack-dashboard ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0015-1 Rating: moderate References: #908199 Cross-References: CVE-2014-8124 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This openstack-dashboard update fixes the following security issue: * bnc#908199: Horizon denial of service attack through login page (CVE-2014-8124) Security Issues: * CVE-2014-8124 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-dashboard-10088 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev12.gfb429f4]: openstack-dashboard-2014.1.4.dev12.gfb429f4-0.7.1 python-horizon-2014.1.4.dev12.gfb429f4-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-8124.html https://bugzilla.suse.com/show_bug.cgi?id=908199 http://download.suse.com/patch/finder/?keywords=20ba9c712d91448c1cd6c380c9aeb604 From sle-updates at lists.suse.com Thu Jan 8 04:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jan 2015 12:04:44 +0100 (CET) Subject: SUSE-SU-2015:0016-1: moderate: Security update for jasper Message-ID: <20150108110444.B1E1032356@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0016-1 Rating: moderate References: #906364 #909474 #909475 Cross-References: CVE-2014-8137 CVE-2014-9029 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This libjasper update fixes the following three security issues: - bnc#906364: heap overflows in libjasper (CVE-2014-9029) - bnc#909474: double-free in jas_iccattrval_destroy() (CVE-2014-8137) - bnc#909475: heap overflow in jas_decode() (CVE-2014-8138) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-5 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-5 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-5 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): jasper-debuginfo-1.900.1-166.1 jasper-debugsource-1.900.1-166.1 libjasper-devel-1.900.1-166.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): jasper-debuginfo-1.900.1-166.1 jasper-debugsource-1.900.1-166.1 libjasper1-1.900.1-166.1 libjasper1-debuginfo-1.900.1-166.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libjasper1-32bit-1.900.1-166.1 libjasper1-debuginfo-32bit-1.900.1-166.1 - SUSE Linux Enterprise Desktop 12 (x86_64): jasper-debuginfo-1.900.1-166.1 jasper-debugsource-1.900.1-166.1 libjasper1-1.900.1-166.1 libjasper1-32bit-1.900.1-166.1 libjasper1-debuginfo-1.900.1-166.1 libjasper1-debuginfo-32bit-1.900.1-166.1 References: http://support.novell.com/security/cve/CVE-2014-8137.html http://support.novell.com/security/cve/CVE-2014-9029.html https://bugzilla.suse.com/show_bug.cgi?id=906364 https://bugzilla.suse.com/show_bug.cgi?id=909474 https://bugzilla.suse.com/show_bug.cgi?id=909475 From sle-updates at lists.suse.com Thu Jan 8 11:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jan 2015 19:04:43 +0100 (CET) Subject: SUSE-SU-2015:0018-1: Security update for openstack-neutron Message-ID: <20150108180443.ABFF63235B@maintenance.suse.de> SUSE Security Update: Security update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0018-1 Rating: low References: #890711 #896780 #897815 #899132 #905104 Cross-References: CVE-2014-6414 CVE-2014-7821 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. It includes one version update. Description: This update for openstack-neutron provides security and stability fixes: * Updated from global requirements * Stop ignoring 400 errors returned by ODL * Delete disassociated floating ips on external network deletion * Cisco: update_port should only invoke n1kv and not nexus plugin * Add unit tests covering single operations to ODL * Qpid: explicitly name subscription queue * Convert all incoming protocol numbers to string * Fix hostname regex pattern (bnc#905104, CVE-2014-7821) * Fix event_send for re-assign floating ip * Enabled Cisco ML2 driver to use new upstream ncclient * Allow delete_port to work when there are multiple floating ips * Set vif_details to reflect enable_security_group * Revert "Deletes floating ip related connection states" * Big Switch: Fix SSL version on get_server_cert * NSX: allow multiple networks with same vlan on different phy_net * Fix a recent ipv6 UT regression * Big Switch: Switch to TLSv1 in server manager * Remove unused py33 tox env * Increase the default poll duration for Cisco n1kv * Check for IPv6 file before reading * Big Switch: Don't clear hash before sync * Skip lbaas table creation if tables already exist * Create 'quota' table in folsom_initial * Forbid regular users to reset admin-only attrs to default values (bnc#896780, CVE-2014-6414) * Follow the RFC-3442-spec for DHCP (bnc#899132) * Allow unsharing a network used as gateway floatingip (bnc#890711) * Delete DHCP port without DHCP server on a net node * Add quotas to Cisco N1kv plugins supported extension aliases * Fix error adding security groups to instances with nexus * Provide way to reserve dhcp port during failovers * Enforce required config params for ODL driver * Update vsm credential correctly * Networks are not scheduled to DHCP agents for Cisco N1KV plugin * Add BSN plugin to agent migration script * Deletes floating ip related connection states * Add delete operations for the ODL MechanismDriver * Add missing ml2 plugin to migration * Big Switch: Check for 'id' in port before lookup * NSX: Optionally not enforce nat rule match length check * Don't spawn metadata-proxy for non-isolated nets * Send network name and uuid to subnet create * Don't allow user to set firewall rule with port and no protocol * Allow unsharing a network used as gateway/floatingip * Big Switch: Retry on 503 errors from backend * BSN: Allow concurrent reads to consistency DB * Fix metadata agent's auth info caching * Fixes Hyper-V agent issue on Hyper-V 2008 R2 * Fixes Hyper-V issue due to ML2 RPC versioning * Verify ML2 type driver exists before calling del * NSX: Correct allowed_address_pair return value on create_port * Neutron should not use the neutronclient utils module for import_class * Pass object to policy when finding fields to strip * Perform policy checks only once on list responses * Cisco N1kv plugin to send subtype on network profile creation * Add support for router scheduling in Cisco N1kv Plugin * Remove explicit dependency on amqplib * Fix func job hook script permission problems * Big Switch: Only update hash header on success * Clear entries in Cisco N1KV specific tables on rollback * Fix no-ipv6 regression (lp#1361542) * Add hook scripts for the functional infra job * Ensure ip6tables are used only if ipv6 is enabled in kernel * Ignore variable column widths in ovsdb functional tests * VMWare: don't notify on disassociate_floatingips() * Avoid notifying while inside transaction opened in delete_port() * Cisco N1kv: Remove vmnetwork delete REST call on last port delete * Raise exception for network delete with subnets presents * Security Group rule validation for ICMP rules. Security Issues: * CVE-2014-7821 * CVE-2014-6414 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-neutron-1214-10031 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev66.gb8c0c7b]: openstack-neutron-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-dhcp-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-ha-tool-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-l3-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-lbaas-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-linuxbridge-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-metadata-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-metering-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-mlnx-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-nec-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-openvswitch-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-plugin-cisco-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-ryu-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-server-2014.1.4.dev66.gb8c0c7b-0.7.1 openstack-neutron-vpn-agent-2014.1.4.dev66.gb8c0c7b-0.7.1 python-neutron-2014.1.4.dev66.gb8c0c7b-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev66.gb8c0c7b]: openstack-neutron-doc-2014.1.4.dev66.gb8c0c7b-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-6414.html http://support.novell.com/security/cve/CVE-2014-7821.html https://bugzilla.suse.com/show_bug.cgi?id=890711 https://bugzilla.suse.com/show_bug.cgi?id=896780 https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=899132 https://bugzilla.suse.com/show_bug.cgi?id=905104 http://download.suse.com/patch/finder/?keywords=6fef8cad1f09e4cf337bdbe3462f5cf2 From sle-updates at lists.suse.com Thu Jan 8 15:04:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jan 2015 23:04:39 +0100 (CET) Subject: SUSE-RU-2015:0019-1: Recommended update for openCryptoki Message-ID: <20150108220439.1C8993235A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0019-1 Rating: low References: #892644 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for openCryptoki fixes ICA token's SHA update function when a message with length 0 is passed. (bnc#892644) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-openCryptoki-9854 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openCryptoki-9854 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openCryptoki-9854 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 2.4.3.1]: openCryptoki-devel-2.4.3.1-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.4.3.1]: openCryptoki-2.4.3.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.4.3.1]: openCryptoki-2.4.3.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 2.4.3.1]: openCryptoki-64bit-2.4.3.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 2.4.3.1]: openCryptoki-32bit-2.4.3.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390 s390x x86_64) [New Version: 2.4.3.1]: openCryptoki-2.4.3.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 2.4.3.1]: openCryptoki-64bit-2.4.3.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 s390) [New Version: 2.4.3.1]: openCryptoki-32bit-2.4.3.1-0.9.1 References: https://bugzilla.suse.com/show_bug.cgi?id=892644 http://download.suse.com/patch/finder/?keywords=df8d3e66a94280fcab4741a90b4d26da From sle-updates at lists.suse.com Thu Jan 8 19:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jan 2015 03:04:43 +0100 (CET) Subject: SUSE-RU-2015:0020-1: Recommended update for dhcp Message-ID: <20150109020443.90F2032340@maintenance.suse.de> SUSE Recommended Update: Recommended update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0020-1 Rating: low References: #872609 #886094 #890731 #891655 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This collective update for dhcp provides the following fixes and enhancements: * Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to reorder config to add all global options or option declarations to the dhcpService object instead to create new service object (bsc#886094,ISC-Bugs#37876). * Applied an upstream patch by Thomas Markwalder adding missed mapping of SHA TSIG algorithm names to their constants to enable hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). * Decline IPv6 addresses on Duplicate Address Detection failure and stop client message exchanges on reached MRD rather than at some point after it. Applied Fedora patches by Jiri Popelka and added DAD reporting via exit 3 to the dhclient-script and a fix to use correct address variables in the DEPREF6 action (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). * Applied backport patch by William Preston avoiding to bind ddns socket in the server when ddns-update-style is none (bsc#891655). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-dhcp-10009 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-dhcp-10009 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-dhcp-10009 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-dhcp-10009 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.22.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): dhcp-4.2.4.P2-0.22.1 dhcp-client-4.2.4.P2-0.22.1 dhcp-relay-4.2.4.P2-0.22.1 dhcp-server-4.2.4.P2-0.22.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.22.1 dhcp-client-4.2.4.P2-0.22.1 dhcp-relay-4.2.4.P2-0.22.1 dhcp-server-4.2.4.P2-0.22.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): dhcp-4.2.4.P2-0.22.1 dhcp-client-4.2.4.P2-0.22.1 References: https://bugzilla.suse.com/show_bug.cgi?id=872609 https://bugzilla.suse.com/show_bug.cgi?id=886094 https://bugzilla.suse.com/show_bug.cgi?id=890731 https://bugzilla.suse.com/show_bug.cgi?id=891655 http://download.suse.com/patch/finder/?keywords=dc7c877db3ba1e86db8aafd9e30a7b3e From sle-updates at lists.suse.com Fri Jan 9 02:04:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jan 2015 10:04:41 +0100 (CET) Subject: SUSE-RU-2015:0021-1: Recommended update for yast2-instserver Message-ID: <20150109090441.AE6353235A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-instserver ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0021-1 Rating: low References: #900660 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-instserver adds support for serving SLE 12 medias: - Added support for SLE12 products - Write "cpeid" attribute to SLP configuration (SLE12 products only) - Save FTP firewall port configuration option - Install "nfs-kernel-server" package when NFS server is selected - Fixed Apache configuration template to work with Apache 2.4.x. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-6 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-6 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): yast2-instserver-devel-doc-3.1.2-6.7 - SUSE Linux Enterprise Server 12 (noarch): yast2-instserver-3.1.2-6.7 References: https://bugzilla.suse.com/show_bug.cgi?id=900660 From sle-updates at lists.suse.com Fri Jan 9 04:04:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jan 2015 12:04:41 +0100 (CET) Subject: SUSE-SU-2015:0022-1: important: Security update for xen Message-ID: <20150109110441.42D4F3235A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0022-1 Rating: important References: #826717 #866902 #882089 #889526 #896023 #897614 #897906 #898772 #900292 #901317 #903357 #903359 #903850 #903967 #903970 #905465 #905467 #906439 Cross-References: CVE-2013-3495 CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 10 fixes is now available. Description: xen was updated to fix nine security issues. These security issues were fixed: - Guest affectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). - Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). - Guest user mode triggerable VM exits not handled by hypervisor (bnc#9038500). - Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). - Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). - Long latency virtual-mmu operations are not preemptible (CVE-2014-5146, CVE-2014-5149). - Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts (CVE-2013-3495). These non-security issues were fixed: - Corrupted save/restore test leaves orphaned data in xenstore (bnc#903357). - Temporary migration name is not cleaned up after migration (bnc#903359). - Xen save/restore of HVM guests cuts off disk and networking (bnc#866902). - increase limit domUloader to 32MB (bnc#901317). - XEN Host crashes when assigning non-VF device (SR-IOV) to guest (bnc#898772). - Windows 2012 R2 fails to boot up with greater than 60 vcpus (bnc#882089). - Restrict requires on grub2-x86_64-xen to x86_64 hosts - Change default dump directory (bsc#900292). - Update xen2libvirt.py to better detect and handle file formats - libxc: check return values on mmap() and madvise() on xc_alloc_hypercall_buffer() (bnc#897906). - Bug `xen-tools` uninstallable; grub2-x86_64-xen dependency not available (bnc#897614). - Adjust xentop column layout (bnc#896023). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-8 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-8 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-8 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.1_08-5.2 xen-devel-4.4.1_08-5.2 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.1_08-5.2 xen-debugsource-4.4.1_08-5.2 xen-doc-html-4.4.1_08-5.2 xen-kmp-default-4.4.1_08_k3.12.28_4-5.2 xen-kmp-default-debuginfo-4.4.1_08_k3.12.28_4-5.2 xen-libs-32bit-4.4.1_08-5.2 xen-libs-4.4.1_08-5.2 xen-libs-debuginfo-32bit-4.4.1_08-5.2 xen-libs-debuginfo-4.4.1_08-5.2 xen-tools-4.4.1_08-5.2 xen-tools-debuginfo-4.4.1_08-5.2 xen-tools-domU-4.4.1_08-5.2 xen-tools-domU-debuginfo-4.4.1_08-5.2 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.1_08-5.2 xen-debugsource-4.4.1_08-5.2 xen-kmp-default-4.4.1_08_k3.12.28_4-5.2 xen-kmp-default-debuginfo-4.4.1_08_k3.12.28_4-5.2 xen-libs-32bit-4.4.1_08-5.2 xen-libs-4.4.1_08-5.2 xen-libs-debuginfo-32bit-4.4.1_08-5.2 xen-libs-debuginfo-4.4.1_08-5.2 References: http://support.novell.com/security/cve/CVE-2013-3495.html http://support.novell.com/security/cve/CVE-2014-5146.html http://support.novell.com/security/cve/CVE-2014-5149.html http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=826717 https://bugzilla.suse.com/show_bug.cgi?id=866902 https://bugzilla.suse.com/show_bug.cgi?id=882089 https://bugzilla.suse.com/show_bug.cgi?id=889526 https://bugzilla.suse.com/show_bug.cgi?id=896023 https://bugzilla.suse.com/show_bug.cgi?id=897614 https://bugzilla.suse.com/show_bug.cgi?id=897906 https://bugzilla.suse.com/show_bug.cgi?id=898772 https://bugzilla.suse.com/show_bug.cgi?id=900292 https://bugzilla.suse.com/show_bug.cgi?id=901317 https://bugzilla.suse.com/show_bug.cgi?id=903357 https://bugzilla.suse.com/show_bug.cgi?id=903359 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905465 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 From sle-updates at lists.suse.com Fri Jan 9 06:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jan 2015 14:04:43 +0100 (CET) Subject: SUSE-RU-2015:0023-1: Recommended update for rear116 Message-ID: <20150109130443.906453235A@maintenance.suse.de> SUSE Recommended Update: Recommended update for rear116 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0023-1 Rating: low References: #900078 #902911 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rear116 provides the following fixes: - Add '/var/tmp/*' and '/tmp/*' to $BACKUP_PROG_INCLUDE in SLE12-btrfs-example.conf, matching the contents of $EXCLUDE_RECREATE. This avoids the generation of tar exclude patterns like 'tmp' and 'tmp/*' during restore, an issue that prevented other files and directories that match those patterns (like '/usr/tmp') from being restored. (bnc#900078) - Include a configuration example for SLE11 with default ext3 filesystem (/usr/share/rear/conf/SLE11-ext3-example.conf). (bnc#902911) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-9 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): rear116-1.16-14.1 References: https://bugzilla.suse.com/show_bug.cgi?id=900078 https://bugzilla.suse.com/show_bug.cgi?id=902911 From sle-updates at lists.suse.com Fri Jan 9 06:05:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jan 2015 14:05:09 +0100 (CET) Subject: SUSE-RU-2015:0024-1: moderate: Recommended update for freeradius-server Message-ID: <20150109130509.85D6E3235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0024-1 Rating: moderate References: #906682 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for freeradius-server fixes the following issues: - Ignore libssl minor version during OpenSSL version compares. - Don't install systemd service file as executable. - Create /run/radiusd in %post installation script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-10 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-10 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-6.1 freeradius-server-debugsource-3.0.3-6.1 freeradius-server-devel-3.0.3-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): freeradius-server-3.0.3-6.1 freeradius-server-debuginfo-3.0.3-6.1 freeradius-server-debugsource-3.0.3-6.1 freeradius-server-doc-3.0.3-6.1 freeradius-server-libs-3.0.3-6.1 freeradius-server-libs-debuginfo-3.0.3-6.1 freeradius-server-utils-3.0.3-6.1 freeradius-server-utils-debuginfo-3.0.3-6.1 References: https://bugzilla.suse.com/show_bug.cgi?id=906682 From sle-updates at lists.suse.com Fri Jan 9 08:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jan 2015 16:04:43 +0100 (CET) Subject: SUSE-RU-2015:0025-1: moderate: Recommended update for SUSEConnect Message-ID: <20150109150443.5AA523235A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0025-1 Rating: moderate References: #900689 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes SUSEConnect to always write the configuration file when --url parameter used. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-11 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-11 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): SUSEConnect-0.2.14-7.6 ruby2.1-rubygem-suse-connect-0.2.14-7.6 - SUSE Linux Enterprise Desktop 12 (x86_64): SUSEConnect-0.2.14-7.6 ruby2.1-rubygem-suse-connect-0.2.14-7.6 References: https://bugzilla.suse.com/show_bug.cgi?id=900689 From sle-updates at lists.suse.com Mon Jan 12 03:04:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jan 2015 11:04:41 +0100 (CET) Subject: SUSE-SU-2015:0026-1: moderate: Security update for unzip Message-ID: <20150112100441.A49CB3235C@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0026-1 Rating: moderate References: #909214 Cross-References: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following security issues: - CVE-2014-8139: fix heap overflow condition in the CRC32 verification (fixes bnc#909214) - CVE-2014-8140 and CVE-2014-8141: fix write error (*_8349_*) shows a problem in extract.c:test_compr_eb(), and: read errors (*_6430_*, *_3422_*) show problems in process.c:getZip64Data() (fixes bnc#909214) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-12 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-12 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): unzip-6.00-28.1 unzip-debuginfo-6.00-28.1 unzip-debugsource-6.00-28.1 - SUSE Linux Enterprise Desktop 12 (x86_64): unzip-6.00-28.1 unzip-debuginfo-6.00-28.1 unzip-debugsource-6.00-28.1 References: http://support.novell.com/security/cve/CVE-2014-8139.html http://support.novell.com/security/cve/CVE-2014-8140.html http://support.novell.com/security/cve/CVE-2014-8141.html https://bugzilla.suse.com/show_bug.cgi?id=909214 From sle-updates at lists.suse.com Mon Jan 12 06:25:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jan 2015 14:25:51 +0100 (CET) Subject: SUSE-RU-2015:0027-1: moderate: Recommended update for machinery Message-ID: <20150112132551.E2A9B3235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for machinery ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0027-1 Rating: moderate References: #910271 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Machinery was updated from version 1.0.4 to 1.2.0, bringing the following enhancements: - Added AutoYaST export for system descriptions - Handle zypper locks gracefully - Prevent scopes from being inspected multiple times - Keep already extracted results after canceling an inspection - Don't fail on file validation errors, but report them as warnings - List scopes more natural with a space after comma - Use UTF-8 for displaying HTML report - Do not ignore Btrfs subvolumes during unmanaged-files inspection - Store KIWI and AutoYaST exports in subdirectories - Skip Gnome Virtual File System mounts on inspection - Skip special file systems like proc, devtmpfs and so on - Show names of packages where changed config files come from - File extraction status is now shown in the comparison output - Fixed image building issue when the repository alias contained spaces - Fixed compare output for unmanaged-files - Added hint for analyze how to show the diffs - Added hint to recommend ssh-copy-id if passwordless logins are not possible. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2015-13 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (x86_64): machinery-1.2.0-12.2 machinery-debuginfo-1.2.0-12.2 machinery-debugsource-1.2.0-12.2 References: https://bugzilla.suse.com/show_bug.cgi?id=910271 From sle-updates at lists.suse.com Mon Jan 12 07:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jan 2015 15:04:40 +0100 (CET) Subject: SUSE-SU-2015:0028-1: moderate: Security update for squid Message-ID: <20150112140440.E37083235A@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0028-1 Rating: moderate References: #895773 Cross-References: CVE-2014-6270 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This squid updated fixes the following security update. - bnc#895773: fix off-by-one in snmp subsystem (CVE-2014-6270) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-14 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): squid-3.3.13-4.2 squid-debuginfo-3.3.13-4.2 squid-debugsource-3.3.13-4.2 References: http://support.novell.com/security/cve/CVE-2014-6270.html https://bugzilla.suse.com/show_bug.cgi?id=895773 From sle-updates at lists.suse.com Tue Jan 13 03:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jan 2015 11:04:42 +0100 (CET) Subject: SUSE-SU-2015:0029-1: moderate: Security update for libjpeg-turbo, libjpeg62-turbo Message-ID: <20150113100442.95AAE32356@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo, libjpeg62-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0029-1 Rating: moderate References: #906761 Cross-References: CVE-2014-9092 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libjpeg-turbo, libjpeg62-turbo were updated to fix one security issue. This security issue was fixed: - Passing special crafted jpeg file smashes stack (CVE-2014-9092). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-15 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-15 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-15 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libjpeg62-devel-62.1.0-30.1 libjpeg8-devel-8.0.2-30.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libjpeg-turbo-1.3.1-30.3 libjpeg-turbo-debuginfo-1.3.1-30.3 libjpeg-turbo-debugsource-1.3.1-30.3 libjpeg62-62.1.0-30.1 libjpeg62-debuginfo-62.1.0-30.1 libjpeg62-turbo-1.3.1-30.1 libjpeg62-turbo-debugsource-1.3.1-30.1 libjpeg8-8.0.2-30.3 libjpeg8-debuginfo-8.0.2-30.3 libturbojpeg0-8.0.2-30.3 libturbojpeg0-debuginfo-8.0.2-30.3 - SUSE Linux Enterprise Server 12 (s390x x86_64): libjpeg62-32bit-62.1.0-30.1 libjpeg62-debuginfo-32bit-62.1.0-30.1 libjpeg8-32bit-8.0.2-30.3 libjpeg8-debuginfo-32bit-8.0.2-30.3 - SUSE Linux Enterprise Desktop 12 (x86_64): libjpeg-turbo-1.3.1-30.3 libjpeg-turbo-debuginfo-1.3.1-30.3 libjpeg-turbo-debugsource-1.3.1-30.3 libjpeg62-62.1.0-30.1 libjpeg62-debuginfo-62.1.0-30.1 libjpeg62-turbo-1.3.1-30.1 libjpeg62-turbo-debugsource-1.3.1-30.1 libjpeg8-32bit-8.0.2-30.3 libjpeg8-8.0.2-30.3 libjpeg8-debuginfo-32bit-8.0.2-30.3 libjpeg8-debuginfo-8.0.2-30.3 libturbojpeg0-8.0.2-30.3 libturbojpeg0-debuginfo-8.0.2-30.3 References: http://support.novell.com/security/cve/CVE-2014-9092.html https://bugzilla.suse.com/show_bug.cgi?id=906761 From sle-updates at lists.suse.com Tue Jan 13 05:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jan 2015 13:04:43 +0100 (CET) Subject: SUSE-SU-2015:0030-1: moderate: Security update for libksba Message-ID: <20150113120443.A04C93235E@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0030-1 Rating: moderate References: #907074 Cross-References: CVE-2014-9087 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libksba update fixes the following security issue: - bnc#907074: buffer overflow in OID processing (CVE-2014-9087) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-16 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-16 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-16 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-9.1 libksba-devel-1.3.0-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-9.1 libksba8-1.3.0-9.1 libksba8-debuginfo-1.3.0-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libksba-debugsource-1.3.0-9.1 libksba8-1.3.0-9.1 libksba8-debuginfo-1.3.0-9.1 References: http://support.novell.com/security/cve/CVE-2014-9087.html https://bugzilla.suse.com/show_bug.cgi?id=907074 From sle-updates at lists.suse.com Tue Jan 13 05:05:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jan 2015 13:05:00 +0100 (CET) Subject: SUSE-RU-2015:0031-1: important: Recommended update for kgraft Message-ID: <20150113120500.DC0963235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kgraft ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0031-1 Rating: important References: #912640 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This recommended update for kgraft fixes the following issue: - added license file (bsc#912640 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-17 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-1.0-7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=912640 From sle-updates at lists.suse.com Tue Jan 13 14:05:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jan 2015 22:05:05 +0100 (CET) Subject: SUSE-RU-2015:0033-1: Recommended update for openstack-dashboard Message-ID: <20150113210505.135043235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-dashboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0033-1 Rating: low References: #897815 #910008 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for openstack-dashboard provides the following fixes: * Remove per-feature extension check method in api/neutron (bnc#910008) * Prevent leaking target info into subsequent policy.check() calls * Exclude security group related quotas when the extension disabled (FATE#318267) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-dashboard-10135 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev16]: openstack-dashboard-2014.1.4.dev16-0.7.1 python-horizon-2014.1.4.dev16-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=910008 http://download.suse.com/patch/finder/?keywords=9417c38116158f6acae8e40dd8034654 From sle-updates at lists.suse.com Wed Jan 14 11:04:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jan 2015 19:04:39 +0100 (CET) Subject: SUSE-SU-2014:1695-2: important: Security update for Linux kernel Message-ID: <20150114180440.00FC63235D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1695-2 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 #907818 #909077 #910251 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8133 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-10107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.32-2.27.121 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.32-2.27.121 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.32-0.22.87 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.32-0.22.87 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.32-0.38.106 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.32-0.38.106 kernel-rt-3.0.101.rt130-0.32.1 kernel-rt-base-3.0.101.rt130-0.32.1 kernel-rt-devel-3.0.101.rt130-0.32.1 kernel-rt_trace-3.0.101.rt130-0.32.1 kernel-rt_trace-base-3.0.101.rt130-0.32.1 kernel-rt_trace-devel-3.0.101.rt130-0.32.1 kernel-source-rt-3.0.101.rt130-0.32.1 kernel-syms-rt-3.0.101.rt130-0.32.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.32-0.11.96 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.32-0.11.96 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.32-0.20.121 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.32-0.20.121 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.32-0.13.112 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.32-0.13.112 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 http://download.suse.com/patch/finder/?keywords=4c2fbbe393eb620db11efdb808134fc2 From sle-updates at lists.suse.com Wed Jan 14 15:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jan 2015 23:04:40 +0100 (CET) Subject: SUSE-SU-2015:0045-1: important: Security update for xorg-x11-server Message-ID: <20150114220440.131783235D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0045-1 Rating: important References: #864911 #886213 #907268 #907633 Cross-References: CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The XOrg X11 server was updated to fix 12 security issues: * Denial of service due to unchecked malloc in client authentication (CVE-2014-8091). * Integer overflows calculating memory needs for requests (CVE-2014-8092). * Integer overflows calculating memory needs for requests in GLX extension (CVE-2014-8093). * Integer overflows calculating memory needs for requests in DRI2 extension (CVE-2014-8094). * Out of bounds access due to not validating length or offset values in requests in XInput extension (CVE-2014-8095). * Out of bounds access due to not validating length or offset values in requests in XC-MISC extension (CVE-2014-8096). * Out of bounds access due to not validating length or offset values in requests in DBE extension (CVE-2014-8097). * Out of bounds access due to not validating length or offset values in requests in GLX extension (CVE-2014-8098). * Out of bounds access due to not validating length or offset values in requests in XVideo extension (CVE-2014-8099). * Out of bounds access due to not validating length or offset values in requests in Render extension (CVE-2014-8100). * Out of bounds access due to not validating length or offset values in requests in RandR extension (CVE-2014-8101). * Out of bounds access due to not validating length or offset values in requests in XFixes extension (CVE-2014-8102). Additionally, these non-security issues were fixed: * Fix crash in RENDER protocol, PanoramiX wrappers (bnc#864911). * Some formats used for pictures did not work with the chosen framebuffer format (bnc#886213). Security Issues: * CVE-2014-8091 * CVE-2014-8092 * CVE-2014-8093 * CVE-2014-8094 * CVE-2014-8095 * CVE-2014-8096 * CVE-2014-8097 * CVE-2014-8098 * CVE-2014-8099 * CVE-2014-8100 * CVE-2014-8101 * CVE-2014-8102 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-Xvnc-10108 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-Xvnc-10108 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-Xvnc-10108 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-Xvnc-10108 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.101.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.101.1 xorg-x11-server-7.4-27.101.1 xorg-x11-server-extra-7.4-27.101.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.101.1 xorg-x11-server-7.4-27.101.1 xorg-x11-server-extra-7.4-27.101.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.101.1 xorg-x11-server-7.4-27.101.1 xorg-x11-server-extra-7.4-27.101.1 References: http://support.novell.com/security/cve/CVE-2014-8091.html http://support.novell.com/security/cve/CVE-2014-8092.html http://support.novell.com/security/cve/CVE-2014-8093.html http://support.novell.com/security/cve/CVE-2014-8094.html http://support.novell.com/security/cve/CVE-2014-8095.html http://support.novell.com/security/cve/CVE-2014-8096.html http://support.novell.com/security/cve/CVE-2014-8097.html http://support.novell.com/security/cve/CVE-2014-8098.html http://support.novell.com/security/cve/CVE-2014-8099.html http://support.novell.com/security/cve/CVE-2014-8100.html http://support.novell.com/security/cve/CVE-2014-8101.html http://support.novell.com/security/cve/CVE-2014-8102.html https://bugzilla.suse.com/show_bug.cgi?id=864911 https://bugzilla.suse.com/show_bug.cgi?id=886213 https://bugzilla.suse.com/show_bug.cgi?id=907268 https://bugzilla.suse.com/show_bug.cgi?id=907633 http://download.suse.com/patch/finder/?keywords=db43f4ff257c785d653548cec666bca4 From sle-updates at lists.suse.com Wed Jan 14 16:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jan 2015 00:04:43 +0100 (CET) Subject: SUSE-YU-2015:0046-1: important: Recommended update for rpm Message-ID: <20150114230443.7A7603235F@maintenance.suse.de> SUSE YOU Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-YU-2015:0046-1 Rating: important References: #911228 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one YOU fix can now be installed. Description: This update for "rpm" fixes installation of packages when there are spaces in the path or file name and the option "--noglob" is used. Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE YOU Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rpm-201501-10143 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-rpm-201501-10143 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-rpm-201501-10143 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-rpm-201501-10143 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): popt-devel-1.7-37.62.9 rpm-devel-4.4.2.3-37.62.9 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): rpm-32bit-4.4.2.3-37.62.9 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): popt-devel-32bit-1.7-37.62.9 rpm-devel-32bit-4.4.2.3-37.62.9 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): rpm-x86-4.4.2.3-37.62.9 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): popt-1.7-37.62.9 rpm-4.4.2.3-37.62.9 rpm-python-4.4.2.3-37.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): popt-32bit-1.7-37.62.9 rpm-32bit-4.4.2.3-37.62.9 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): popt-1.7-37.62.9 rpm-4.4.2.3-37.62.9 rpm-python-4.4.2.3-37.62.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): popt-32bit-1.7-37.62.9 rpm-32bit-4.4.2.3-37.62.9 - SUSE Linux Enterprise Server 11 SP3 (ia64): popt-x86-1.7-37.62.9 rpm-x86-4.4.2.3-37.62.9 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): popt-1.7-37.62.9 rpm-4.4.2.3-37.62.9 rpm-python-4.4.2.3-37.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): popt-32bit-1.7-37.62.9 rpm-32bit-4.4.2.3-37.62.9 References: https://bugzilla.suse.com/show_bug.cgi?id=911228 http://download.suse.com/patch/finder/?keywords=d2817ba1b0f5196b014b99c4b7a24745 From sle-updates at lists.suse.com Thu Jan 15 05:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jan 2015 13:04:43 +0100 (CET) Subject: SUSE-SU-2015:0047-1: moderate: Security update for xorg-x11-server Message-ID: <20150115120443.C8B703235D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0047-1 Rating: moderate References: #907268 Cross-References: CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This X.Org update fixes the following security issues: - denial of service due to unchecked malloc in client authentication (CVE-2014-8091) - integer overflows calculating memory needs for requests: CVE-2014-8092: X11 core protocol requests CVE-2014-8093: GLX extension CVE-2014-8094: DRI2 extension - out of bounds access due to not validating length or offset values in requests: CVE-2014-8095: XInput extension CVE-2014-8096: XC-MISC extension CVE-2014-8097: DBE extension CVE-2014-8098: GLX extension CVE-2014-8099: XVideo extension CVE-2014-8100: Render extension CVE-2014-8101: RandR extension CVE-2014-8102: XFixes extension CVE-2014-8103: DRI3 and Present extensions Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-18 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-18 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-18 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-17.2 xorg-x11-server-debugsource-7.6_1.15.2-17.2 xorg-x11-server-sdk-7.6_1.15.2-17.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-17.2 xorg-x11-server-debuginfo-7.6_1.15.2-17.2 xorg-x11-server-debugsource-7.6_1.15.2-17.2 xorg-x11-server-extra-7.6_1.15.2-17.2 xorg-x11-server-extra-debuginfo-7.6_1.15.2-17.2 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-17.2 xorg-x11-server-debuginfo-7.6_1.15.2-17.2 xorg-x11-server-debugsource-7.6_1.15.2-17.2 xorg-x11-server-extra-7.6_1.15.2-17.2 xorg-x11-server-extra-debuginfo-7.6_1.15.2-17.2 References: http://support.novell.com/security/cve/CVE-2014-8091.html http://support.novell.com/security/cve/CVE-2014-8092.html http://support.novell.com/security/cve/CVE-2014-8093.html http://support.novell.com/security/cve/CVE-2014-8094.html http://support.novell.com/security/cve/CVE-2014-8095.html http://support.novell.com/security/cve/CVE-2014-8096.html http://support.novell.com/security/cve/CVE-2014-8097.html http://support.novell.com/security/cve/CVE-2014-8098.html http://support.novell.com/security/cve/CVE-2014-8099.html http://support.novell.com/security/cve/CVE-2014-8100.html http://support.novell.com/security/cve/CVE-2014-8101.html http://support.novell.com/security/cve/CVE-2014-8102.html http://support.novell.com/security/cve/CVE-2014-8103.html https://bugzilla.suse.com/show_bug.cgi?id=907268 From sle-updates at lists.suse.com Thu Jan 15 09:05:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jan 2015 17:05:12 +0100 (CET) Subject: SUSE-SU-2015:0052-1: important: Security update for flash-player Message-ID: <20150115160512.C2FB53235F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0052-1 Rating: important References: #856386 #913057 Cross-References: CVE-2015-0301 CVE-2015-0302 CVE-2015-0303 CVE-2015-0304 CVE-2015-0305 CVE-2015-0306 CVE-2015-0307 CVE-2015-0308 CVE-2015-0309 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.429 (bsc#913057): * APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309. More information can be found on http://helpx.adobe.com/security/products/flash-player/apsb15-01.html - Disable flash player on machines without SSE2 (bnc#856386). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-19 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-19 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.429-23.1 flash-player-gnome-11.2.202.429-23.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.429-23.1 flash-player-gnome-11.2.202.429-23.1 References: http://support.novell.com/security/cve/CVE-2015-0301.html http://support.novell.com/security/cve/CVE-2015-0302.html http://support.novell.com/security/cve/CVE-2015-0303.html http://support.novell.com/security/cve/CVE-2015-0304.html http://support.novell.com/security/cve/CVE-2015-0305.html http://support.novell.com/security/cve/CVE-2015-0306.html http://support.novell.com/security/cve/CVE-2015-0307.html http://support.novell.com/security/cve/CVE-2015-0308.html http://support.novell.com/security/cve/CVE-2015-0309.html https://bugzilla.suse.com/show_bug.cgi?id=856386 https://bugzilla.suse.com/show_bug.cgi?id=913057 From sle-updates at lists.suse.com Thu Jan 15 11:04:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jan 2015 19:04:39 +0100 (CET) Subject: SUSE-RU-2015:0060-1: Recommended update for iptables Message-ID: <20150115180439.E44D53235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for iptables ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0060-1 Rating: low References: #863290 #868452 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for iptables provides the following fixes and enhancements: * Move from libipt_set/libipt_SET to libxt_set/libxt_SET in order to support IPv6. (bnc#868452) * Fix man page to reflect actual supported syntax of 'limit' command. (bnc#863290) * Fix broken output of list/save for xt_SET target. (bnc#868452) * Fix direction parser in xt_set match and xt_SET target. (bnc#868452) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-iptables-10130 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-iptables-10130 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-iptables-10130 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-iptables-10130 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): iptables-devel-1.4.6-2.13.3.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): iptables-1.4.6-2.13.3.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): iptables-1.4.6-2.13.3.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): iptables-1.4.6-2.13.3.2 References: https://bugzilla.suse.com/show_bug.cgi?id=863290 https://bugzilla.suse.com/show_bug.cgi?id=868452 http://download.suse.com/patch/finder/?keywords=2ffc706002692e8de4e94d210c53f8a0 From sle-updates at lists.suse.com Thu Jan 15 17:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jan 2015 01:04:43 +0100 (CET) Subject: SUSE-SU-2015:0062-1: important: Security update for flash-player Message-ID: <20150116000443.AC0993235B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0062-1 Rating: important References: #856386 #913057 Cross-References: CVE-2015-0301 CVE-2015-0302 CVE-2015-0303 CVE-2015-0304 CVE-2015-0305 CVE-2015-0306 CVE-2015-0307 CVE-2015-0308 CVE-2015-0309 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes one version update. Description: Adobe Flash Player was updated to fix several vulnerabilities. More information can be found at http://helpx.adobe.com/security/products/flash-player/apsb15-01.html . Security Issues: * CVE-2015-0301 * CVE-2015-0302 * CVE-2015-0303 * CVE-2015-0304 * CVE-2015-0305 * CVE-2015-0306 * CVE-2015-0307 * CVE-2015-0308 * CVE-2015-0309 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10164 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.429]: flash-player-11.2.202.429-0.4.1 flash-player-gnome-11.2.202.429-0.4.1 flash-player-kde4-11.2.202.429-0.4.1 References: http://support.novell.com/security/cve/CVE-2015-0301.html http://support.novell.com/security/cve/CVE-2015-0302.html http://support.novell.com/security/cve/CVE-2015-0303.html http://support.novell.com/security/cve/CVE-2015-0304.html http://support.novell.com/security/cve/CVE-2015-0305.html http://support.novell.com/security/cve/CVE-2015-0306.html http://support.novell.com/security/cve/CVE-2015-0307.html http://support.novell.com/security/cve/CVE-2015-0308.html http://support.novell.com/security/cve/CVE-2015-0309.html https://bugzilla.suse.com/show_bug.cgi?id=856386 https://bugzilla.suse.com/show_bug.cgi?id=913057 http://download.suse.com/patch/finder/?keywords=6699dd4415e0f8176f6147b7057346d1 From sle-updates at lists.suse.com Fri Jan 16 04:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jan 2015 12:04:44 +0100 (CET) Subject: SUSE-RU-2015:0067-1: Recommended update for libgweather Message-ID: <20150116110444.0FF523235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgweather ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0067-1 Rating: low References: #910688 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgweather adds a newer version of the API used to retrieve weather forecast information from yr.no. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-20 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-20 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-20 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-20 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libgweather-debugsource-3.10.2-7.1 typelib-1_0-GWeather-3_0-3.10.2-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgweather-debugsource-3.10.2-7.1 libgweather-devel-3.10.2-7.1 typelib-1_0-GWeather-3_0-3.10.2-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgweather-3-6-3.10.2-7.1 libgweather-3-6-debuginfo-3.10.2-7.1 libgweather-debugsource-3.10.2-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgweather-3-6-32bit-3.10.2-7.1 libgweather-3-6-debuginfo-32bit-3.10.2-7.1 - SUSE Linux Enterprise Server 12 (noarch): libgweather-data-3.10.2-7.1 libgweather-lang-3.10.2-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgweather-3-6-3.10.2-7.1 libgweather-3-6-32bit-3.10.2-7.1 libgweather-3-6-debuginfo-3.10.2-7.1 libgweather-3-6-debuginfo-32bit-3.10.2-7.1 libgweather-debugsource-3.10.2-7.1 typelib-1_0-GWeather-3_0-3.10.2-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): libgweather-data-3.10.2-7.1 libgweather-lang-3.10.2-7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=910688 From sle-updates at lists.suse.com Fri Jan 16 06:05:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jan 2015 14:05:01 +0100 (CET) Subject: SUSE-SU-2015:0068-1: important: Security update for the Linux Kernel Message-ID: <20150116130501.135BC3235F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0068-1 Rating: important References: #851603 #853040 #860441 #862957 #863526 #870498 #873228 #874025 #877622 #879255 #880767 #880892 #881085 #883139 #887046 #887382 #887418 #889295 #889297 #891259 #891619 #892254 #892612 #892650 #892860 #893454 #894057 #894863 #895221 #895387 #895468 #895680 #895983 #896391 #897101 #897736 #897770 #897912 #898234 #898297 #899192 #899489 #899551 #899785 #899787 #899908 #900126 #901090 #901774 #901809 #901925 #902010 #902016 #902346 #902893 #902898 #903279 #903307 #904013 #904077 #904115 #904354 #904871 #905087 #905100 #905296 #905758 #905772 #907818 #908184 #909077 #910251 #910697 Cross-References: CVE-2013-6405 CVE-2014-3185 CVE-2014-3610 CVE-2014-3611 CVE-2014-3647 CVE-2014-3673 CVE-2014-7826 CVE-2014-7841 CVE-2014-8133 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive various security and bugfixes. Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode on the x86_64 platform were fixed, where local attackers could crash the machine. CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandled noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO could use this flaw to cause a denial of service (system crash) of the guest. CVE-2014-3611: A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. CVE-2014-3610: If the guest writes a noncanonical value to certain MSR registers, KVM will write that value to the MSR in the host context and a #GP will be raised leading to kernel panic. A privileged guest user could have used this flaw to crash the host. CVE-2014-7841: A remote attacker could have used a flaw in SCTP to crash the system by sending a maliciously prepared SCTP packet in order to trigger a NULL pointer dereference on the server. CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. Bugs fixed: BTRFS: - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items (bnc#904077). - btrfs: fix invalid leaf slot access in btrfs_lookup_extent() (bnc#904077). - btrfs: avoid returning -ENOMEM in convert_extent_bit() too early (bnc#902016). - btrfs: make find_first_extent_bit be able to cache any state (bnc#902016). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#902016). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#899551). - btrfs: add missing end_page_writeback on submit_extent_page failure (bnc#899551). - btrfs: fix crash of btrfs_release_extent_buffer_page (bnc#899551). - btrfs: ensure readers see new data after a clone operation (bnc#898234). - btrfs: avoid visiting all extent items when cloning a range (bnc#898234). - btrfs: fix clone to deal with holes when NO_HOLES feature is enabled (bnc#898234). - btrfs: make fsync work after cloning into a file (bnc#898234). - btrfs: fix use-after-free when cloning a trailing file hole (bnc#898234). - btrfs: clone, don't create invalid hole extent map (bnc#898234). - btrfs: limit the path size in send to PATH_MAX (bnc#897770). - btrfs: send, fix more issues related to directory renames (bnc#897770). - btrfs: send, remove dead code from __get_cur_name_and_parent (bnc#897770). - btrfs: send, account for orphan directories when building path strings (bnc#897770). - btrfs: send, avoid unnecessary inode item lookup in the btree (bnc#897770). - btrfs: send, fix incorrect ref access when using extrefs (bnc#897770). - btrfs: send, build path string only once in send_hole (bnc#897770). - btrfs: part 2, fix incremental send's decision to delay a dir move/rename (bnc#897770). - btrfs: fix incremental send's decision to delay a dir move/rename (bnc#897770). - btrfs: remove unnecessary inode generation lookup in send (bnc#897770). - btrfs: avoid unnecessary utimes update in incremental send (bnc#897770). - btrfs: fix send issuing outdated paths for utimes, chown and chmod (bnc#897770). - btrfs: fix send attempting to rmdir non-empty directories (bnc#897770). - btrfs: send, don't send rmdir for same target multiple times (bnc#897770). - btrfs: incremental send, fix invalid path after dir rename (bnc#897770). - btrfs: fix assert screwup for the pending move stuff (bnc#897770). - btrfs: make some tree searches in send.c more efficient (bnc#897770). - btrfs: use right extent item position in send when finding extent clones (bnc#897770). - btrfs: more send support for parent/child dir relationship inversion (bnc#897770). - btrfs: fix send dealing with file renames and directory moves (bnc#897770). - btrfs: add missing error check in incremental send (bnc#897770). - btrfs: make send's file extent item search more efficient (bnc#897770). - btrfs: fix infinite path build loops in incremental send (bnc#897770). - btrfs: send, don't delay dir move if there's a new parent inode (bnc#897770). - btrfs: add helper btrfs_fdatawrite_range (bnc#902010). - btrfs: correctly flush compressed data before/after direct IO (bnc#902010). - btrfs: make inode.c:compress_file_range() return void (bnc#902010). - btrfs: report error after failure inlining extent in compressed write path (bnc#902010). - btrfs: don't ignore compressed bio write errors (bnc#902010). - btrfs: make inode.c:submit_compressed_extents() return void (bnc#902010). - btrfs: process all async extents on compressed write failure (bnc#902010). - btrfs: don't leak pages and memory on compressed write error (bnc#902010). - btrfs: fix hang on compressed write error (bnc#902010). - btrfs: set page and mapping error on compressed write failure (bnc#902010). - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup (bnc#904115). Hyper-V: - hyperv: Fix a bug in netvsc_send(). - hyperv: Fix a bug in netvsc_start_xmit(). - drivers: hv: vmbus: Enable interrupt driven flow control. - drivers: hv: vmbus: Properly protect calls to smp_processor_id(). - drivers: hv: vmbus: Cleanup hv_post_message(). - drivers: hv: vmbus: Cleanup vmbus_close_internal(). - drivers: hv: vmbus: Fix a bug in vmbus_open(). - drivers: hv: vmbus: Cleanup vmbus_establish_gpadl(). - drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl(). - drivers: hv: vmbus: Cleanup vmbus_post_msg(). - storvsc: get rid of overly verbose warning messages. - hyperv: NULL dereference on error. - hyperv: Increase the buffer length for netvsc_channel_cb(). zSeries / S390: - s390: pass march flag to assembly files as well (bnc#903279, LTC#118177). - kernel: reduce function tracer overhead (bnc#903279, LTC#118177). - SUNRPC: Handle EPIPE in xprt_connect_status (bnc#901090). - SUNRPC: Ensure that we handle ENOBUFS errors correctly (bnc#901090). - SUNRPC: Ensure call_connect_status() deals correctly with SOFTCONN tasks (bnc#901090). - SUNRPC: Ensure that call_connect times out correctly (bnc#901090). - SUNRPC: Handle connect errors ECONNABORTED and EHOSTUNREACH (bnc#901090). - SUNRPC: Ensure xprt_connect_status handles all potential connection errors (bnc#901090). - SUNRPC: call_connect_status should recheck bind and connect status on error (bnc#901090). kGraft: - kgr: force patching process to succeed (fate#313296). - kgr: usb-storage, mark kthread safe (fate#313296 bnc#899908). - Refresh patches.suse/kgr-0039-kgr-fix-ugly-race.patch. Fix few bugs, and also races (immutable vs mark_processes vs other threads). - kgr: always use locked bit ops for thread_info->flags (fate#313296). - kgr: lower the workqueue scheduling timeout (fate#313296 bnc#905087). - kgr: mark even more kthreads (fate#313296 bnc#904871). - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft packages (bnc#901925) Other: - NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for support (bnc#905758). - Enable cmac(aes) and cmac(3des_ede) for FIPS mode (bnc#905296 bnc#905772). - scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). - powerpc/vphn: NUMA node code expects big-endian (bsc#900126). - net: fix checksum features handling in netif_skb_features() (bnc#891259). - be2net: Fix invocation of be_close() after be_clear() (bnc#895468). - PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898297). - PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898297). - PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898297). - PCI: pciehp: Make check_link_active() non-static (bnc#898297). - PCI: pciehp: Enable link state change notifications (bnc#898297). - ALSA: hda - Treat zero connection as non-error (bnc#902898). - bcache: add mutex lock for bch_is_open (bnc#902893). - futex: Fix a race condition between REQUEUE_PI and task death (bcn #851603 (futex scalability series)). - Linux 3.12.31 (bnc#895983 bnc#897912). - futex: Ensure get_futex_key_refs() always implies a barrier (bcn #851603 (futex scalability series)). - usbback: don't access request fields in shared ring more than once. - Update Xen patches to 3.12.30. - locking/rwsem: Avoid double checking before try acquiring write lock (Locking scalability.). - zcrypt: toleration of new crypto adapter hardware (bnc#894057, LTC#117041). - zcrypt: support for extended number of ap domains (bnc#894057, LTC#117041). - kABI: protect linux/fs.h include in mm/internal.h. - Linux 3.12.30 (FATE#315482 bnc#862957 bnc#863526 bnc#870498). - Update patches.fixes/xfs-mark-all-internal-workqueues-as-freezable.patch (bnc#899785). - xfs: mark all internal workqueues as freezable. - drm/i915: Move DP port disable to post_disable for pch platforms (bnc#899787). - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). - Linux 3.12.29 (bnc#879255 bnc#880892 bnc#887046 bnc#887418 bnc#891619 bnc#892612 bnc#892650 bnc#897101). - iommu/vt-d: Work around broken RMRR firmware entries (bnc#892860). - iommu/vt-d: Store bus information in RMRR PCI device path (bnc#892860). - iommu/vt-d: Only remove domain when device is removed (bnc#883139). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#883139). - Update config files: Re-enable CONFIG_FUNCTION_PROFILER (bnc#899489) Option FUNCTION_PROFILER was enabled in debug and trace kernels so far, but it was accidentally disabled before tracing features were merged into the default kernel and the trace flavor was discarded. So all kernels are missing the feature now. Re-enable it. - xfs: xlog_cil_force_lsn doesn't always wait correctly. - scsi: clear 'host_scribble' upon successful abort (bnc#894863). - module: warn if module init + probe takes long (bnc#889297 bnc#877622 bnc#889295 bnc#893454). - mm, THP: don't hold mmap_sem in khugepaged when allocating THP (bnc#880767, VM Performance). - pagecache_limit: batch large nr_to_scan targets (bnc#895221). - iommu/vt-d: Check return value of acpi_bus_get_device() (bnc#903307). - rpm/kernel-binary.spec.in: Fix including the secure boot cert in /etc/uefi/certs - sched: Reduce contention in update_cfs_rq_blocked_load() (Scheduler/core performance). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904354). - netxen: Fix link event handling (bnc#873228). - x86, cpu: Detect more TLB configuration -xen (TLB Performance). - x86/mm: Fix RCU splat from new TLB tracepoints (TLB Performance). - x86/mm: Set TLB flush tunable to sane value (33) (TLB Performance). - x86/mm: New tunable for single vs full TLB flush (TLB Performance). - x86/mm: Add tracepoints for TLB flushes (TLB Performance). - x86/mm: Unify remote INVLPG code (TLB Performance). - x86/mm: Fix missed global TLB flush stat (TLB Performance). - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB Performance). - x86, cpu: Detect more TLB configuration (TLB Performance). - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on IvyBridge (TLB Performance). - x86/mm: Clean up the TLB flushing code (TLB Performance). - mm: free compound page with correct order (VM Functionality). - bnx2x: Utilize FW 7.10.51 (bnc#887382). - bnx2x: Remove unnecessary internal mem config (bnc#887382). - rtnetlink: fix oops in rtnl_link_get_slave_info_data_size (bnc#901774). - dm: do not call dm_sync_table() when creating new devices (bnc#901809). - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736). - uas: replace WARN_ON_ONCE() with lockdep_assert_held() (FATE#315595). - cxgb4/cxgb4vf: Add Devicde ID for two more adapter (bsc#903999). - cxgb4/cxgb4vf: Add device ID for new adapter and remove for dbg adapter (bsc#903999). - cxgb4: Adds device ID for few more Chelsio T4 Adapters (bsc#903999). - cxgb4: Check if rx checksum offload is enabled, while reading hardware calculated checksum (bsc#903999). - xen-pciback: drop SR-IOV VFs when PF driver unloads (bsc#901839). This update also includes fixes contained in the Linux 3.12.stable release series, not seperately listed here. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-21 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-21 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-21 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-21 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-21 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-21 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.32-33.1 kernel-default-debugsource-3.12.32-33.1 kernel-default-extra-3.12.32-33.1 kernel-default-extra-debuginfo-3.12.32-33.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.32-33.1 kernel-obs-build-debugsource-3.12.32-33.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.32-33.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.32-33.1 kernel-default-base-3.12.32-33.1 kernel-default-base-debuginfo-3.12.32-33.1 kernel-default-debuginfo-3.12.32-33.1 kernel-default-debugsource-3.12.32-33.1 kernel-default-devel-3.12.32-33.1 kernel-syms-3.12.32-33.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.32-33.1 kernel-xen-base-3.12.32-33.1 kernel-xen-base-debuginfo-3.12.32-33.1 kernel-xen-debuginfo-3.12.32-33.1 kernel-xen-debugsource-3.12.32-33.1 kernel-xen-devel-3.12.32-33.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.32-33.1 kernel-macros-3.12.32-33.1 kernel-source-3.12.32-33.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.32-33.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.32-33.1 kernel-ec2-debuginfo-3.12.32-33.1 kernel-ec2-debugsource-3.12.32-33.1 kernel-ec2-devel-3.12.32-33.1 kernel-ec2-extra-3.12.32-33.1 kernel-ec2-extra-debuginfo-3.12.32-33.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.32-33.1 kernel-default-debuginfo-3.12.32-33.1 kernel-default-debugsource-3.12.32-33.1 kernel-default-devel-3.12.32-33.1 kernel-default-extra-3.12.32-33.1 kernel-default-extra-debuginfo-3.12.32-33.1 kernel-syms-3.12.32-33.1 kernel-xen-3.12.32-33.1 kernel-xen-debuginfo-3.12.32-33.1 kernel-xen-debugsource-3.12.32-33.1 kernel-xen-devel-3.12.32-33.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.32-33.1 kernel-macros-3.12.32-33.1 kernel-source-3.12.32-33.1 - SUSE Linux Enterprise Build System Kit 12 (s390x): kernel-zfcpdump-3.12.32-33.1 kernel-zfcpdump-debuginfo-3.12.32-33.1 kernel-zfcpdump-debugsource-3.12.32-33.1 References: http://support.novell.com/security/cve/CVE-2013-6405.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3611.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=862957 https://bugzilla.suse.com/show_bug.cgi?id=863526 https://bugzilla.suse.com/show_bug.cgi?id=870498 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=874025 https://bugzilla.suse.com/show_bug.cgi?id=877622 https://bugzilla.suse.com/show_bug.cgi?id=879255 https://bugzilla.suse.com/show_bug.cgi?id=880767 https://bugzilla.suse.com/show_bug.cgi?id=880892 https://bugzilla.suse.com/show_bug.cgi?id=881085 https://bugzilla.suse.com/show_bug.cgi?id=883139 https://bugzilla.suse.com/show_bug.cgi?id=887046 https://bugzilla.suse.com/show_bug.cgi?id=887382 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=889295 https://bugzilla.suse.com/show_bug.cgi?id=889297 https://bugzilla.suse.com/show_bug.cgi?id=891259 https://bugzilla.suse.com/show_bug.cgi?id=891619 https://bugzilla.suse.com/show_bug.cgi?id=892254 https://bugzilla.suse.com/show_bug.cgi?id=892612 https://bugzilla.suse.com/show_bug.cgi?id=892650 https://bugzilla.suse.com/show_bug.cgi?id=892860 https://bugzilla.suse.com/show_bug.cgi?id=893454 https://bugzilla.suse.com/show_bug.cgi?id=894057 https://bugzilla.suse.com/show_bug.cgi?id=894863 https://bugzilla.suse.com/show_bug.cgi?id=895221 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=895680 https://bugzilla.suse.com/show_bug.cgi?id=895983 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=897101 https://bugzilla.suse.com/show_bug.cgi?id=897736 https://bugzilla.suse.com/show_bug.cgi?id=897770 https://bugzilla.suse.com/show_bug.cgi?id=897912 https://bugzilla.suse.com/show_bug.cgi?id=898234 https://bugzilla.suse.com/show_bug.cgi?id=898297 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899489 https://bugzilla.suse.com/show_bug.cgi?id=899551 https://bugzilla.suse.com/show_bug.cgi?id=899785 https://bugzilla.suse.com/show_bug.cgi?id=899787 https://bugzilla.suse.com/show_bug.cgi?id=899908 https://bugzilla.suse.com/show_bug.cgi?id=900126 https://bugzilla.suse.com/show_bug.cgi?id=901090 https://bugzilla.suse.com/show_bug.cgi?id=901774 https://bugzilla.suse.com/show_bug.cgi?id=901809 https://bugzilla.suse.com/show_bug.cgi?id=901925 https://bugzilla.suse.com/show_bug.cgi?id=902010 https://bugzilla.suse.com/show_bug.cgi?id=902016 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902893 https://bugzilla.suse.com/show_bug.cgi?id=902898 https://bugzilla.suse.com/show_bug.cgi?id=903279 https://bugzilla.suse.com/show_bug.cgi?id=903307 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904077 https://bugzilla.suse.com/show_bug.cgi?id=904115 https://bugzilla.suse.com/show_bug.cgi?id=904354 https://bugzilla.suse.com/show_bug.cgi?id=904871 https://bugzilla.suse.com/show_bug.cgi?id=905087 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905296 https://bugzilla.suse.com/show_bug.cgi?id=905758 https://bugzilla.suse.com/show_bug.cgi?id=905772 https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=908184 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 https://bugzilla.suse.com/show_bug.cgi?id=910697 From sle-updates at lists.suse.com Fri Jan 16 09:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jan 2015 17:04:42 +0100 (CET) Subject: SUSE-RU-2015:0069-1: Recommended update for perl-Net-DNS Message-ID: <20150116160442.57F113235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Net-DNS ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0069-1 Rating: low References: #904041 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Net-DNS fixes handling of TSIG algorithms, no longer removing dots and dashes from their names. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-22 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-22 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): perl-Net-DNS-0.73-4.1 perl-Net-DNS-debuginfo-0.73-4.1 perl-Net-DNS-debugsource-0.73-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): perl-Net-DNS-0.73-4.1 perl-Net-DNS-debuginfo-0.73-4.1 perl-Net-DNS-debugsource-0.73-4.1 References: https://bugzilla.suse.com/show_bug.cgi?id=904041 From sle-updates at lists.suse.com Fri Jan 16 11:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jan 2015 19:04:40 +0100 (CET) Subject: SUSE-SU-2015:0070-1: moderate: Security update for unzip Message-ID: <20150116180440.CF3AE3235D@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0070-1 Rating: moderate References: #909214 Cross-References: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following security issues: * CVE-2014-8139: heap overflow condition in the CRC32 verification * CVE-2014-8140: write error (_8349_) shows a problem in extract.c:test_compr_eb() * CVE-2014-8141: read errors (_6430_, _3422_) show problems in process.c:getZip64Data() Security Issues: * CVE-2014-8139 * CVE-2014-8140 * CVE-2014-8141 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-unzip-10159 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-unzip-10159 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-unzip-10159 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): unzip-6.00-11.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): unzip-6.00-11.9.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): unzip-6.00-11.9.1 References: http://support.novell.com/security/cve/CVE-2014-8139.html http://support.novell.com/security/cve/CVE-2014-8140.html http://support.novell.com/security/cve/CVE-2014-8141.html https://bugzilla.suse.com/show_bug.cgi?id=909214 http://download.suse.com/patch/finder/?keywords=b50fd3919c79cddfa486995f81297d4a From sle-updates at lists.suse.com Mon Jan 19 04:04:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 12:04:39 +0100 (CET) Subject: SUSE-RU-2015:0074-1: Recommended update for release-notes-sled Message-ID: <20150119110439.DB2D63235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0074-1 Rating: low References: #896645 #900771 #900919 #903217 #904030 #905802 #911707 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides the latest revision of the release notes for SUSE Linux Enterprise Desktop 12. - New: Drivers for Nvidia Graphical Chipsets (fate#316691) - New: Connection to VNC support GNOME (fate#318311) - New: Autoselecting Packages during Module Activation (bnc#905802, fate#318213) - New: cifs-utils /etc/samba/smbfstab migration (bnc#903217, fate#318090) - Updated: Current Features and Limitations in a UEFI Secure Boot Context (bnc#896645, fate#317500) - Updated: "Enabling the wicked "nanny" Framework" (fate#316649) - Updated: /proc/acpit/event Interface Removed (fate#317911) - Fixed minor bugs: bnc#900771 (fate#316585, typo); reference to conline documentation (bnc#900919). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-24 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-24 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (noarch): release-notes-sled-12.0.20150108-8.1 - SUSE Linux Enterprise Desktop 12 (noarch): release-notes-sled-12.0.20150108-8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=896645 https://bugzilla.suse.com/show_bug.cgi?id=900771 https://bugzilla.suse.com/show_bug.cgi?id=900919 https://bugzilla.suse.com/show_bug.cgi?id=903217 https://bugzilla.suse.com/show_bug.cgi?id=904030 https://bugzilla.suse.com/show_bug.cgi?id=905802 https://bugzilla.suse.com/show_bug.cgi?id=911707 From sle-updates at lists.suse.com Mon Jan 19 04:06:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 12:06:00 +0100 (CET) Subject: SUSE-RU-2015:0075-1: Recommended update for release-notes-sles Message-ID: <20150119110600.851D33235F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0075-1 Rating: low References: #896645 #903217 #903673 #903795 #905802 #909721 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides the latest revision of the release notes for SUSE Linux Enterprise Server 12: - New: Dynamic Aggregation of LVM Metadata via lvmetad (fate#314556) - New: Linux support for Flash and concurrent Flash MCL updates (bnc#909721, fate#315317) - New: Connection to VNC support GNOME (fate#318311) - New: Autoselecting Packages during Module Activation (bnc#905802, fate#318213) - New: cifs-utils /etc/samba/smbfstab migration (bnc#903217, fate#318090) - Updated: System z Performance Counters in perf Tool (bnc#909721, fate#315988) - Updated: Current Features and Limitations in a UEFI Secure Boot Context (bnc#896645, fate#317500) - Updated: Filesystem Support Table (bnc#903673) - Updated: Enabling the wicked "nanny" Framework (fate#316649) - Updated: Apache 2.4 (fate#317912) - Updated: Serial Console Bootloader Settings (fate#317818) - Updated: /proc/acpit/event Interface Removed (fate#317911). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-25 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): release-notes-sles-12.0.20150108-12.1 References: https://bugzilla.suse.com/show_bug.cgi?id=896645 https://bugzilla.suse.com/show_bug.cgi?id=903217 https://bugzilla.suse.com/show_bug.cgi?id=903673 https://bugzilla.suse.com/show_bug.cgi?id=903795 https://bugzilla.suse.com/show_bug.cgi?id=905802 https://bugzilla.suse.com/show_bug.cgi?id=909721 From sle-updates at lists.suse.com Mon Jan 19 05:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 13:04:44 +0100 (CET) Subject: SUSE-SU-2015:0076-1: important: Security update for MozillaFirefox Message-ID: <20150119120444.2F5793235F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0076-1 Rating: important References: #909563 #910647 #910669 Cross-References: CVE-2014-1569 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update fixes the following security issues in MozillaFirefox: - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 (bmo#1109889, bmo#1111737, bmo#1026774, bmo#1027300, bmo#1054538, bmo#1067473, bmo#1070962, bmo#1072130, bmo#1072871, bmo#1098583) Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) - MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header - MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses - MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC Also Mozilla NSS was updated to 3.17.3 to fix: * The QuickDER decoder now decodes lengths robustly (bmo#1064670/CVE-2014-1569) * Support for TLS_FALLBACK_SCSV has been added to the ssltap and tstclnt utilities * Changes in CA certificates Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-26 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-26 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-26 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-31.4.0esr-20.1 MozillaFirefox-debugsource-31.4.0esr-20.1 MozillaFirefox-devel-31.4.0esr-20.1 mozilla-nss-debuginfo-3.17.3-16.1 mozilla-nss-debugsource-3.17.3-16.1 mozilla-nss-devel-3.17.3-16.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-31.4.0esr-20.1 MozillaFirefox-debuginfo-31.4.0esr-20.1 MozillaFirefox-debugsource-31.4.0esr-20.1 MozillaFirefox-translations-31.4.0esr-20.1 libfreebl3-3.17.3-16.1 libfreebl3-debuginfo-3.17.3-16.1 libfreebl3-hmac-3.17.3-16.1 libsoftokn3-3.17.3-16.1 libsoftokn3-debuginfo-3.17.3-16.1 libsoftokn3-hmac-3.17.3-16.1 mozilla-nss-3.17.3-16.1 mozilla-nss-certs-3.17.3-16.1 mozilla-nss-certs-debuginfo-3.17.3-16.1 mozilla-nss-debuginfo-3.17.3-16.1 mozilla-nss-debugsource-3.17.3-16.1 mozilla-nss-tools-3.17.3-16.1 mozilla-nss-tools-debuginfo-3.17.3-16.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.17.3-16.1 libfreebl3-debuginfo-32bit-3.17.3-16.1 libfreebl3-hmac-32bit-3.17.3-16.1 libsoftokn3-32bit-3.17.3-16.1 libsoftokn3-debuginfo-32bit-3.17.3-16.1 libsoftokn3-hmac-32bit-3.17.3-16.1 mozilla-nss-32bit-3.17.3-16.1 mozilla-nss-certs-32bit-3.17.3-16.1 mozilla-nss-certs-debuginfo-32bit-3.17.3-16.1 mozilla-nss-debuginfo-32bit-3.17.3-16.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-31.4.0esr-20.1 MozillaFirefox-debuginfo-31.4.0esr-20.1 MozillaFirefox-debugsource-31.4.0esr-20.1 MozillaFirefox-translations-31.4.0esr-20.1 libfreebl3-3.17.3-16.1 libfreebl3-32bit-3.17.3-16.1 libfreebl3-debuginfo-3.17.3-16.1 libfreebl3-debuginfo-32bit-3.17.3-16.1 libsoftokn3-3.17.3-16.1 libsoftokn3-32bit-3.17.3-16.1 libsoftokn3-debuginfo-3.17.3-16.1 libsoftokn3-debuginfo-32bit-3.17.3-16.1 mozilla-nss-3.17.3-16.1 mozilla-nss-32bit-3.17.3-16.1 mozilla-nss-certs-3.17.3-16.1 mozilla-nss-certs-32bit-3.17.3-16.1 mozilla-nss-certs-debuginfo-3.17.3-16.1 mozilla-nss-certs-debuginfo-32bit-3.17.3-16.1 mozilla-nss-debuginfo-3.17.3-16.1 mozilla-nss-debuginfo-32bit-3.17.3-16.1 mozilla-nss-debugsource-3.17.3-16.1 mozilla-nss-tools-3.17.3-16.1 mozilla-nss-tools-debuginfo-3.17.3-16.1 References: http://support.novell.com/security/cve/CVE-2014-1569.html http://support.novell.com/security/cve/CVE-2014-8634.html http://support.novell.com/security/cve/CVE-2014-8635.html http://support.novell.com/security/cve/CVE-2014-8638.html http://support.novell.com/security/cve/CVE-2014-8639.html http://support.novell.com/security/cve/CVE-2014-8641.html https://bugzilla.suse.com/show_bug.cgi?id=909563 https://bugzilla.suse.com/show_bug.cgi?id=910647 https://bugzilla.suse.com/show_bug.cgi?id=910669 From sle-updates at lists.suse.com Mon Jan 19 06:06:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 14:06:27 +0100 (CET) Subject: SUSE-RU-2015:0080-1: Recommended update for release-notes-ha-geo Message-ID: <20150119130627.7E2CA3235F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha-geo ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0080-1 Rating: low References: #904680 #910672 Affected Products: SUSE Linux Enterprise High Availability GEO 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for Geo Clustering for SUSE Linux Enterprise High Availability Extension. Fixes include: - Replace references to Novell with SUSE (bsc#904680) - FIx typos and other cosmetic issues (bsc#910672) - Fix documentation URL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12: zypper in -t patch SUSE-SLE-HA-GEO-12-2015-27 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability GEO 12 (noarch): release-notes-ha-geo-12.0.20150112-8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=904680 https://bugzilla.suse.com/show_bug.cgi?id=910672 From sle-updates at lists.suse.com Mon Jan 19 09:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 17:04:40 +0100 (CET) Subject: SUSE-SU-2015:0082-1: moderate: Security update for docker Message-ID: <20150119160440.A06DE3235D@maintenance.suse.de> SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0082-1 Rating: moderate References: #909709 #909710 #909712 #913211 #913213 Cross-References: CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This docker version upgrade fixes the following security and non security issues, and adds the also additional features: - Updated to 1.4.1 (2014-12-15): * Runtime: - Fix issue with volumes-from and bind mounts not being honored after create (fixes bnc#913213) - Added e2fsprogs as runtime dependency, this is required when the devicemapper driver is used. (bnc#913211). - Fixed owner & group for docker.socket (thanks to Andrei Dziahel and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5) - Updated to 1.4.0 (2014-12-11): * Notable Features since 1.3.0: - Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag - Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...` - New Overlayfs Storage Driver - `docker info` now returns an `ID` and `Name` field - Filter events by event name, container, or image - `docker cp` now supports copying from container volumes - Fixed `docker tag`, so it honors `--force` when overriding a tag for existing image. - Changes introduced by 1.3.3 (2014-12-11): * Security: - Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709) - Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710) - Validate image IDs (CVE-2014-9358) - (bnc#909712) * Runtime: - Fix an issue when image archives are being read slowly * Client: - Fix a regression related to stdin redirection - Fix a regression with `docker cp` when destination is the current directory Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-28 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): docker-1.4.1-16.1 docker-debuginfo-1.4.1-16.1 docker-debugsource-1.4.1-16.1 References: http://support.novell.com/security/cve/CVE-2014-9356.html http://support.novell.com/security/cve/CVE-2014-9357.html http://support.novell.com/security/cve/CVE-2014-9358.html https://bugzilla.suse.com/show_bug.cgi?id=909709 https://bugzilla.suse.com/show_bug.cgi?id=909710 https://bugzilla.suse.com/show_bug.cgi?id=909712 https://bugzilla.suse.com/show_bug.cgi?id=913211 https://bugzilla.suse.com/show_bug.cgi?id=913213 From sle-updates at lists.suse.com Mon Jan 19 09:05:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 17:05:36 +0100 (CET) Subject: SUSE-SU-2015:0083-1: moderate: Security update for curl Message-ID: <20150119160536.96F913235F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0083-1 Rating: moderate References: #901924 #911363 Cross-References: CVE-2014-3707 CVE-2014-8150 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues - CVE-2014-8150: URL request injection vulnerability (bnc#911363) - CVE-2014-3707: duphandle read out of bounds (bnc#901924) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-29 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-29 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-29 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-5.1 curl-debugsource-7.37.0-5.1 libcurl-devel-7.37.0-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): curl-7.37.0-5.1 curl-debuginfo-7.37.0-5.1 curl-debugsource-7.37.0-5.1 libcurl4-7.37.0-5.1 libcurl4-debuginfo-7.37.0-5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcurl4-32bit-7.37.0-5.1 libcurl4-debuginfo-32bit-7.37.0-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): curl-7.37.0-5.1 curl-debuginfo-7.37.0-5.1 curl-debugsource-7.37.0-5.1 libcurl4-32bit-7.37.0-5.1 libcurl4-7.37.0-5.1 libcurl4-debuginfo-32bit-7.37.0-5.1 libcurl4-debuginfo-7.37.0-5.1 References: http://support.novell.com/security/cve/CVE-2014-3707.html http://support.novell.com/security/cve/CVE-2014-8150.html https://bugzilla.suse.com/show_bug.cgi?id=901924 https://bugzilla.suse.com/show_bug.cgi?id=911363 From sle-updates at lists.suse.com Mon Jan 19 10:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 18:04:42 +0100 (CET) Subject: SUSE-RU-2015:0084-1: Initial live patch for kernel 3.12.32-31 Message-ID: <20150119170442.74B2C3235D@maintenance.suse.de> SUSE Recommended Update: Initial live patch for kernel 3.12.32-31 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0084-1 Rating: low References: #904970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This patch contains modifications of uname syscall and no bug fixes yet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-30 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-33-default-1-2.4 kgraft-patch-3_12_32-33-xen-1-2.4 References: https://bugzilla.suse.com/show_bug.cgi?id=904970 From sle-updates at lists.suse.com Mon Jan 19 11:04:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 19:04:40 +0100 (CET) Subject: SUSE-RU-2015:0086-1: Recommended update for crowbar-barclamp-heat Message-ID: <20150119180440.8EE923235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-heat ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0086-1 Rating: low References: #892512 #896481 #897815 #900887 #901150 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crowbar-barclamp-heat provides stability fixes from the upstream OpenStack project: * Generate an auth encryption key of at least 32 chars on upgrades * Use region from keystone settings * Add region parameter for CLI usage (bnc#896481) * Fix creation of auth_encryption_key attribute on migration (bnc#892512) * Fix fetching the ID of stack_user_domain when keystone is HA * Make configuration files owned by root:heat, instead of heat:root * Fix ownership and permissions of directories * Add Requires on crowbar-barclamp-openstack for the new crowbar-openstack cookbook * Use helpers from new crowbar-openstack cookbook * Fix registering heat domain when keystone is deployed with HA * Add dependency on crowbar-barclamp-openstack as Requires(post) and Requires to make sure the package is installed before the %post scriplet is executed (bnc#900887) * Replaced service for heat-cfn endpoint registration (bnc#901150). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-heat-10163 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-heat-1.8+git.1421057285.5ffc08c-0.7.2 References: https://bugzilla.suse.com/show_bug.cgi?id=892512 https://bugzilla.suse.com/show_bug.cgi?id=896481 https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=900887 https://bugzilla.suse.com/show_bug.cgi?id=901150 http://download.suse.com/patch/finder/?keywords=c631879b7431768948dc80cdd5a01631 From sle-updates at lists.suse.com Mon Jan 19 12:04:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jan 2015 20:04:41 +0100 (CET) Subject: SUSE-RU-2015:0087-1: moderate: Recommended update for release-notes-sled Message-ID: <20150119190441.984453235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0087-1 Rating: moderate References: #912833 #913516 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise Desktop 12 release notes were updated. Topics added: - Deliver "parallel" implementations of compression software (fate#316220); - Clarify that SELinux is not supported on SUSE Linux Enterprise Desktop 12 (bnc#913516 via fate#318353). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-31 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-31 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (noarch): release-notes-sled-12.0.20150119-16.1 - SUSE Linux Enterprise Desktop 12 (noarch): release-notes-sled-12.0.20150119-16.1 References: https://bugzilla.suse.com/show_bug.cgi?id=912833 https://bugzilla.suse.com/show_bug.cgi?id=913516 From sle-updates at lists.suse.com Tue Jan 20 02:05:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jan 2015 10:05:17 +0100 (CET) Subject: SUSE-RU-2015:0088-1: Recommended update for xrdp Message-ID: <20150120090517.12F743235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0088-1 Rating: low References: #899105 #910824 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xrdp provides the following fixes: - add systemd support for xrdp (bnc#899105). - fix some segmentation faults in xrdp-chansrv (bnc#899105). - Fix endian issues on zSeries (bnc#910824). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-32 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-32 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xrdp-0.6.1-6.1 xrdp-debuginfo-0.6.1-6.1 xrdp-debugsource-0.6.1-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xrdp-0.6.1-6.1 xrdp-debuginfo-0.6.1-6.1 xrdp-debugsource-0.6.1-6.1 References: https://bugzilla.suse.com/show_bug.cgi?id=899105 https://bugzilla.suse.com/show_bug.cgi?id=910824 From sle-updates at lists.suse.com Tue Jan 20 04:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jan 2015 12:04:59 +0100 (CET) Subject: SUSE-RU-2015:0080-2: Recommended update for release-notes-ha-geo Message-ID: <20150120110459.5D0E83235F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha-geo ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0080-2 Rating: low References: #904680 #910672 Affected Products: SUSE Linux Enterprise High Availability GEO 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for Geo Clustering for SUSE Linux Enterprise High Availability Extension. Fixes include: - Replace references to Novell with SUSE (bsc#904680) - FIx typos and other cosmetic issues (bsc#910672) - Fix documentation URL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12: zypper in -t patch SUSE-SLE-HA-GEO-12-2015-27 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability GEO 12 (noarch): release-notes-ha-geo-12.0.20150112-8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=904680 https://bugzilla.suse.com/show_bug.cgi?id=910672 From sle-updates at lists.suse.com Tue Jan 20 06:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jan 2015 14:04:44 +0100 (CET) Subject: SUSE-SU-2015:0092-1: important: Security update for libpng16 Message-ID: <20150120130444.E6AEC3235D@maintenance.suse.de> SUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0092-1 Rating: important References: #912076 #912929 Cross-References: CVE-2014-9495 CVE-2015-0973 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues: * CVE-2014-9495: libpng versions heap overflow vulnerability, that under certain circumstances could be exploit. [bnc#912076] * CVE-2015-0973: A heap-based overflow was found in the png_combine_row() function of the libpng library, when very large interlaced images were used.[bnc#912929] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-33 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-33 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-33 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libpng16-compat-devel-1.6.8-5.1 libpng16-debugsource-1.6.8-5.1 libpng16-devel-1.6.8-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpng16-16-1.6.8-5.1 libpng16-16-debuginfo-1.6.8-5.1 libpng16-debugsource-1.6.8-5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpng16-16-32bit-1.6.8-5.1 libpng16-16-debuginfo-32bit-1.6.8-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpng16-16-1.6.8-5.1 libpng16-16-32bit-1.6.8-5.1 libpng16-16-debuginfo-1.6.8-5.1 libpng16-16-debuginfo-32bit-1.6.8-5.1 libpng16-debugsource-1.6.8-5.1 References: http://support.novell.com/security/cve/CVE-2014-9495.html http://support.novell.com/security/cve/CVE-2015-0973.html https://bugzilla.suse.com/show_bug.cgi?id=912076 https://bugzilla.suse.com/show_bug.cgi?id=912929 From sle-updates at lists.suse.com Tue Jan 20 08:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jan 2015 16:04:43 +0100 (CET) Subject: SUSE-SU-2015:0093-1: moderate: Security update for ruby2.1 Message-ID: <20150120150443.B7F703235D@maintenance.suse.de> SUSE Security Update: Security update for ruby2.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0093-1 Rating: moderate References: #902851 #905326 Cross-References: CVE-2014-8080 CVE-2014-8090 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This ruby update fixes the following two security issues: - bnc#902851: fix CVE-2014-8080: Denial Of Service XML Expansion - bnc#905326: fix CVE-2014-8090: Another Denial Of Service XML Expansion - Enable tests to run during the build. This way we can compare the results on different builds. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-34 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-34 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-34 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.2-9.1 ruby2.1-debugsource-2.1.2-9.1 ruby2.1-devel-2.1.2-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libruby2_1-2_1-2.1.2-9.1 libruby2_1-2_1-debuginfo-2.1.2-9.1 ruby2.1-2.1.2-9.1 ruby2.1-debuginfo-2.1.2-9.1 ruby2.1-debugsource-2.1.2-9.1 ruby2.1-stdlib-2.1.2-9.1 ruby2.1-stdlib-debuginfo-2.1.2-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libruby2_1-2_1-2.1.2-9.1 libruby2_1-2_1-debuginfo-2.1.2-9.1 ruby2.1-2.1.2-9.1 ruby2.1-debuginfo-2.1.2-9.1 ruby2.1-debugsource-2.1.2-9.1 ruby2.1-stdlib-2.1.2-9.1 ruby2.1-stdlib-debuginfo-2.1.2-9.1 References: http://support.novell.com/security/cve/CVE-2014-8080.html http://support.novell.com/security/cve/CVE-2014-8090.html https://bugzilla.suse.com/show_bug.cgi?id=902851 https://bugzilla.suse.com/show_bug.cgi?id=905326 From sle-updates at lists.suse.com Tue Jan 20 09:04:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jan 2015 17:04:45 +0100 (CET) Subject: SUSE-RU-2015:0094-1: moderate: Recommended update for samba Message-ID: <20150120160445.177DD3235F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0094-1 Rating: moderate References: #896536 #899558 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Samba provides the following fixes: - Backport upstream master fixes for samba-regedit. (bsc#896536) - Fix small memory-leak in the background print process. (bsc#899558) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-35 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-35 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-35 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libdcerpc-atsvc-devel-4.1.12-10.2 libdcerpc-atsvc0-4.1.12-10.2 libdcerpc-atsvc0-debuginfo-4.1.12-10.2 libdcerpc-devel-4.1.12-10.2 libdcerpc-samr-devel-4.1.12-10.2 libdcerpc-samr0-4.1.12-10.2 libdcerpc-samr0-debuginfo-4.1.12-10.2 libgensec-devel-4.1.12-10.2 libndr-devel-4.1.12-10.2 libndr-krb5pac-devel-4.1.12-10.2 libndr-nbt-devel-4.1.12-10.2 libndr-standard-devel-4.1.12-10.2 libnetapi-devel-4.1.12-10.2 libpdb-devel-4.1.12-10.2 libregistry-devel-4.1.12-10.2 libsamba-credentials-devel-4.1.12-10.2 libsamba-hostconfig-devel-4.1.12-10.2 libsamba-policy-devel-4.1.12-10.2 libsamba-policy0-4.1.12-10.2 libsamba-policy0-debuginfo-4.1.12-10.2 libsamba-util-devel-4.1.12-10.2 libsamdb-devel-4.1.12-10.2 libsmbclient-devel-4.1.12-10.2 libsmbclient-raw-devel-4.1.12-10.2 libsmbconf-devel-4.1.12-10.2 libsmbldap-devel-4.1.12-10.2 libsmbsharemodes-devel-4.1.12-10.2 libsmbsharemodes0-4.1.12-10.2 libsmbsharemodes0-debuginfo-4.1.12-10.2 libtevent-util-devel-4.1.12-10.2 libwbclient-devel-4.1.12-10.2 samba-core-devel-4.1.12-10.2 samba-debuginfo-4.1.12-10.2 samba-debugsource-4.1.12-10.2 samba-test-devel-4.1.12-10.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libdcerpc-binding0-4.1.12-10.2 libdcerpc-binding0-debuginfo-4.1.12-10.2 libdcerpc0-4.1.12-10.2 libdcerpc0-debuginfo-4.1.12-10.2 libgensec0-4.1.12-10.2 libgensec0-debuginfo-4.1.12-10.2 libndr-krb5pac0-4.1.12-10.2 libndr-krb5pac0-debuginfo-4.1.12-10.2 libndr-nbt0-4.1.12-10.2 libndr-nbt0-debuginfo-4.1.12-10.2 libndr-standard0-4.1.12-10.2 libndr-standard0-debuginfo-4.1.12-10.2 libndr0-4.1.12-10.2 libndr0-debuginfo-4.1.12-10.2 libnetapi0-4.1.12-10.2 libnetapi0-debuginfo-4.1.12-10.2 libpdb0-4.1.12-10.2 libpdb0-debuginfo-4.1.12-10.2 libregistry0-4.1.12-10.2 libregistry0-debuginfo-4.1.12-10.2 libsamba-credentials0-4.1.12-10.2 libsamba-credentials0-debuginfo-4.1.12-10.2 libsamba-hostconfig0-4.1.12-10.2 libsamba-hostconfig0-debuginfo-4.1.12-10.2 libsamba-util0-4.1.12-10.2 libsamba-util0-debuginfo-4.1.12-10.2 libsamdb0-4.1.12-10.2 libsamdb0-debuginfo-4.1.12-10.2 libsmbclient-raw0-4.1.12-10.2 libsmbclient-raw0-debuginfo-4.1.12-10.2 libsmbclient0-4.1.12-10.2 libsmbclient0-debuginfo-4.1.12-10.2 libsmbconf0-4.1.12-10.2 libsmbconf0-debuginfo-4.1.12-10.2 libsmbldap0-4.1.12-10.2 libsmbldap0-debuginfo-4.1.12-10.2 libtevent-util0-4.1.12-10.2 libtevent-util0-debuginfo-4.1.12-10.2 libwbclient0-4.1.12-10.2 libwbclient0-debuginfo-4.1.12-10.2 samba-4.1.12-10.2 samba-client-4.1.12-10.2 samba-client-debuginfo-4.1.12-10.2 samba-debuginfo-4.1.12-10.2 samba-debugsource-4.1.12-10.2 samba-libs-4.1.12-10.2 samba-libs-debuginfo-4.1.12-10.2 samba-winbind-4.1.12-10.2 samba-winbind-debuginfo-4.1.12-10.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdcerpc-binding0-32bit-4.1.12-10.2 libdcerpc-binding0-debuginfo-32bit-4.1.12-10.2 libdcerpc0-32bit-4.1.12-10.2 libdcerpc0-debuginfo-32bit-4.1.12-10.2 libgensec0-32bit-4.1.12-10.2 libgensec0-debuginfo-32bit-4.1.12-10.2 libndr-krb5pac0-32bit-4.1.12-10.2 libndr-krb5pac0-debuginfo-32bit-4.1.12-10.2 libndr-nbt0-32bit-4.1.12-10.2 libndr-nbt0-debuginfo-32bit-4.1.12-10.2 libndr-standard0-32bit-4.1.12-10.2 libndr-standard0-debuginfo-32bit-4.1.12-10.2 libndr0-32bit-4.1.12-10.2 libndr0-debuginfo-32bit-4.1.12-10.2 libnetapi0-32bit-4.1.12-10.2 libnetapi0-debuginfo-32bit-4.1.12-10.2 libpdb0-32bit-4.1.12-10.2 libpdb0-debuginfo-32bit-4.1.12-10.2 libsamba-credentials0-32bit-4.1.12-10.2 libsamba-credentials0-debuginfo-32bit-4.1.12-10.2 libsamba-hostconfig0-32bit-4.1.12-10.2 libsamba-hostconfig0-debuginfo-32bit-4.1.12-10.2 libsamba-util0-32bit-4.1.12-10.2 libsamba-util0-debuginfo-32bit-4.1.12-10.2 libsamdb0-32bit-4.1.12-10.2 libsamdb0-debuginfo-32bit-4.1.12-10.2 libsmbclient-raw0-32bit-4.1.12-10.2 libsmbclient-raw0-debuginfo-32bit-4.1.12-10.2 libsmbclient0-32bit-4.1.12-10.2 libsmbclient0-debuginfo-32bit-4.1.12-10.2 libsmbconf0-32bit-4.1.12-10.2 libsmbconf0-debuginfo-32bit-4.1.12-10.2 libsmbldap0-32bit-4.1.12-10.2 libsmbldap0-debuginfo-32bit-4.1.12-10.2 libtevent-util0-32bit-4.1.12-10.2 libtevent-util0-debuginfo-32bit-4.1.12-10.2 libwbclient0-32bit-4.1.12-10.2 libwbclient0-debuginfo-32bit-4.1.12-10.2 samba-32bit-4.1.12-10.2 samba-client-32bit-4.1.12-10.2 samba-client-debuginfo-32bit-4.1.12-10.2 samba-debuginfo-32bit-4.1.12-10.2 samba-libs-32bit-4.1.12-10.2 samba-libs-debuginfo-32bit-4.1.12-10.2 samba-winbind-32bit-4.1.12-10.2 samba-winbind-debuginfo-32bit-4.1.12-10.2 - SUSE Linux Enterprise Server 12 (noarch): samba-doc-4.1.12-10.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libdcerpc-binding0-32bit-4.1.12-10.2 libdcerpc-binding0-4.1.12-10.2 libdcerpc-binding0-debuginfo-32bit-4.1.12-10.2 libdcerpc-binding0-debuginfo-4.1.12-10.2 libdcerpc0-32bit-4.1.12-10.2 libdcerpc0-4.1.12-10.2 libdcerpc0-debuginfo-32bit-4.1.12-10.2 libdcerpc0-debuginfo-4.1.12-10.2 libgensec0-32bit-4.1.12-10.2 libgensec0-4.1.12-10.2 libgensec0-debuginfo-32bit-4.1.12-10.2 libgensec0-debuginfo-4.1.12-10.2 libndr-krb5pac0-32bit-4.1.12-10.2 libndr-krb5pac0-4.1.12-10.2 libndr-krb5pac0-debuginfo-32bit-4.1.12-10.2 libndr-krb5pac0-debuginfo-4.1.12-10.2 libndr-nbt0-32bit-4.1.12-10.2 libndr-nbt0-4.1.12-10.2 libndr-nbt0-debuginfo-32bit-4.1.12-10.2 libndr-nbt0-debuginfo-4.1.12-10.2 libndr-standard0-32bit-4.1.12-10.2 libndr-standard0-4.1.12-10.2 libndr-standard0-debuginfo-32bit-4.1.12-10.2 libndr-standard0-debuginfo-4.1.12-10.2 libndr0-32bit-4.1.12-10.2 libndr0-4.1.12-10.2 libndr0-debuginfo-32bit-4.1.12-10.2 libndr0-debuginfo-4.1.12-10.2 libnetapi0-32bit-4.1.12-10.2 libnetapi0-4.1.12-10.2 libnetapi0-debuginfo-32bit-4.1.12-10.2 libnetapi0-debuginfo-4.1.12-10.2 libpdb0-32bit-4.1.12-10.2 libpdb0-4.1.12-10.2 libpdb0-debuginfo-32bit-4.1.12-10.2 libpdb0-debuginfo-4.1.12-10.2 libregistry0-4.1.12-10.2 libregistry0-debuginfo-4.1.12-10.2 libsamba-credentials0-32bit-4.1.12-10.2 libsamba-credentials0-4.1.12-10.2 libsamba-credentials0-debuginfo-32bit-4.1.12-10.2 libsamba-credentials0-debuginfo-4.1.12-10.2 libsamba-hostconfig0-32bit-4.1.12-10.2 libsamba-hostconfig0-4.1.12-10.2 libsamba-hostconfig0-debuginfo-32bit-4.1.12-10.2 libsamba-hostconfig0-debuginfo-4.1.12-10.2 libsamba-util0-32bit-4.1.12-10.2 libsamba-util0-4.1.12-10.2 libsamba-util0-debuginfo-32bit-4.1.12-10.2 libsamba-util0-debuginfo-4.1.12-10.2 libsamdb0-32bit-4.1.12-10.2 libsamdb0-4.1.12-10.2 libsamdb0-debuginfo-32bit-4.1.12-10.2 libsamdb0-debuginfo-4.1.12-10.2 libsmbclient-raw0-32bit-4.1.12-10.2 libsmbclient-raw0-4.1.12-10.2 libsmbclient-raw0-debuginfo-32bit-4.1.12-10.2 libsmbclient-raw0-debuginfo-4.1.12-10.2 libsmbclient0-32bit-4.1.12-10.2 libsmbclient0-4.1.12-10.2 libsmbclient0-debuginfo-32bit-4.1.12-10.2 libsmbclient0-debuginfo-4.1.12-10.2 libsmbconf0-32bit-4.1.12-10.2 libsmbconf0-4.1.12-10.2 libsmbconf0-debuginfo-32bit-4.1.12-10.2 libsmbconf0-debuginfo-4.1.12-10.2 libsmbldap0-32bit-4.1.12-10.2 libsmbldap0-4.1.12-10.2 libsmbldap0-debuginfo-32bit-4.1.12-10.2 libsmbldap0-debuginfo-4.1.12-10.2 libtevent-util0-32bit-4.1.12-10.2 libtevent-util0-4.1.12-10.2 libtevent-util0-debuginfo-32bit-4.1.12-10.2 libtevent-util0-debuginfo-4.1.12-10.2 libwbclient0-32bit-4.1.12-10.2 libwbclient0-4.1.12-10.2 libwbclient0-debuginfo-32bit-4.1.12-10.2 libwbclient0-debuginfo-4.1.12-10.2 samba-32bit-4.1.12-10.2 samba-4.1.12-10.2 samba-client-32bit-4.1.12-10.2 samba-client-4.1.12-10.2 samba-client-debuginfo-32bit-4.1.12-10.2 samba-client-debuginfo-4.1.12-10.2 samba-debuginfo-32bit-4.1.12-10.2 samba-debuginfo-4.1.12-10.2 samba-debugsource-4.1.12-10.2 samba-libs-32bit-4.1.12-10.2 samba-libs-4.1.12-10.2 samba-libs-debuginfo-32bit-4.1.12-10.2 samba-libs-debuginfo-4.1.12-10.2 samba-winbind-32bit-4.1.12-10.2 samba-winbind-4.1.12-10.2 samba-winbind-debuginfo-32bit-4.1.12-10.2 samba-winbind-debuginfo-4.1.12-10.2 - SUSE Linux Enterprise Desktop 12 (noarch): samba-doc-4.1.12-10.2 References: https://bugzilla.suse.com/show_bug.cgi?id=896536 https://bugzilla.suse.com/show_bug.cgi?id=899558 From sle-updates at lists.suse.com Tue Jan 20 11:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jan 2015 19:04:42 +0100 (CET) Subject: SUSE-RU-2015:0095-1: Recommended update for perl-Net-DNS Message-ID: <20150120180442.A879A3235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Net-DNS ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0095-1 Rating: low References: #816936 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Net-DNS prevents some warnings that were erroneously printed when using IPv6 sockets. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-perl-Net-DNS-10123 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-perl-Net-DNS-10123 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-perl-Net-DNS-10123 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): perl-Net-DNS-0.63-43.10.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): perl-Net-DNS-0.63-43.10.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): perl-Net-DNS-0.63-43.10.1 References: https://bugzilla.suse.com/show_bug.cgi?id=816936 http://download.suse.com/patch/finder/?keywords=5f15d9251aa65138f0fed9f718e5995f From sle-updates at lists.suse.com Wed Jan 21 03:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jan 2015 11:04:42 +0100 (CET) Subject: SUSE-SU-2015:0096-1: important: Security update for bind Message-ID: <20150121100442.65F7A3235D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0096-1 Rating: important References: #908994 Cross-References: CVE-2014-8500 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of bind to 9.9.6P1 fixes bugs and also the following security issue: A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500, bnc#908994). The recursion depth limit is configured via the "max-recursion-depth" option, and the query limit via the "max-recursion-queries" option. Also the rpz2 patch was removed as it is no longer maintained. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-36 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-36 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-36 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.5P1-8.1 bind-debugsource-9.9.5P1-8.1 bind-devel-9.9.5P1-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.5P1-8.1 bind-chrootenv-9.9.5P1-8.1 bind-debuginfo-9.9.5P1-8.1 bind-debugsource-9.9.5P1-8.1 bind-libs-9.9.5P1-8.1 bind-libs-debuginfo-9.9.5P1-8.1 bind-utils-9.9.5P1-8.1 bind-utils-debuginfo-9.9.5P1-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.5P1-8.1 bind-libs-debuginfo-32bit-9.9.5P1-8.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.5P1-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.5P1-8.1 bind-debugsource-9.9.5P1-8.1 bind-libs-32bit-9.9.5P1-8.1 bind-libs-9.9.5P1-8.1 bind-libs-debuginfo-32bit-9.9.5P1-8.1 bind-libs-debuginfo-9.9.5P1-8.1 bind-utils-9.9.5P1-8.1 bind-utils-debuginfo-9.9.5P1-8.1 References: http://support.novell.com/security/cve/CVE-2014-8500.html https://bugzilla.suse.com/show_bug.cgi?id=908994 From sle-updates at lists.suse.com Wed Jan 21 13:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jan 2015 21:04:43 +0100 (CET) Subject: SUSE-RU-2015:0099-1: Recommended update for metacity Message-ID: <20150121200443.552323235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for metacity ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0099-1 Rating: low References: #894018 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Metacity window manager adds a new configuration option (/apps/metacity/general/new_windows_always_on_top) that, when enabled, forces new windows to be placed always on top, even if they are denied focus. This is useful on large screens and multihead setups where the tasklist can be hard to notice and difficult to access with the mouse, so the normal behaviour of flashing in the tasklist is less effective. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-metacity-10175 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-metacity-10175 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-metacity-10175 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-metacity-10175 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): metacity-devel-2.28.1-0.20.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): metacity-2.28.1-0.20.1 metacity-lang-2.28.1-0.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): metacity-2.28.1-0.20.1 metacity-lang-2.28.1-0.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): metacity-2.28.1-0.20.1 metacity-lang-2.28.1-0.20.1 References: https://bugzilla.suse.com/show_bug.cgi?id=894018 http://download.suse.com/patch/finder/?keywords=5375fcfffa9f325964228a5b0ff30b27 From sle-updates at lists.suse.com Wed Jan 21 13:05:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jan 2015 21:05:01 +0100 (CET) Subject: SUSE-SU-2015:0100-1: moderate: Security update for git Message-ID: <20150121200501.C20923235F@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0100-1 Rating: moderate References: #910756 Cross-References: CVE-2014-9390 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2014-9390: arbitrary command execution vulnerability on case- insensitive file system (bnc#910756) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-37 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-37 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): git-1.8.5.6-5.1 git-arch-1.8.5.6-5.1 git-core-1.8.5.6-5.1 git-core-debuginfo-1.8.5.6-5.1 git-cvs-1.8.5.6-5.1 git-daemon-1.8.5.6-5.1 git-daemon-debuginfo-1.8.5.6-5.1 git-debugsource-1.8.5.6-5.1 git-email-1.8.5.6-5.1 git-gui-1.8.5.6-5.1 git-svn-1.8.5.6-5.1 git-svn-debuginfo-1.8.5.6-5.1 git-web-1.8.5.6-5.1 gitk-1.8.5.6-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): git-core-1.8.5.6-5.1 git-core-debuginfo-1.8.5.6-5.1 git-debugsource-1.8.5.6-5.1 References: http://support.novell.com/security/cve/CVE-2014-9390.html https://bugzilla.suse.com/show_bug.cgi?id=910756 From sle-updates at lists.suse.com Thu Jan 22 06:04:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jan 2015 14:04:46 +0100 (CET) Subject: SUSE-RU-2015:0101-1: important: Recommended update for dracut Message-ID: <20150122130446.F40453235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0101-1 Rating: important References: #874621 #897901 #900831 #901322 #904533 #905296 #905869 #906592 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for dracut provides the following fixes: - Fix console font for foreign languages (bnc#904533). - Fix SUSE specific initrd-$kernel_ver vs mainline initramfs-$kernel_ver.img. - Run file system check (bnc#906592). - Add ifname=NIC:MAC boot parameter to always identify correct NIC (bnc#900831). - Fix a typo (bnc#901322). - Add the cmac.ko cryptographic module to the FIPS modules list (bnc#905296). - Fix two install-kernel issues: call depmod (bnc#874621); add .config (bnc#897901). - Clean up kgraft-patch packages in purge-kernel (bnc#905869). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-38 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-38 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dracut-037-37.2 dracut-debuginfo-037-37.2 dracut-debugsource-037-37.2 dracut-fips-037-37.2 - SUSE Linux Enterprise Desktop 12 (x86_64): dracut-037-37.2 dracut-debuginfo-037-37.2 dracut-debugsource-037-37.2 References: https://bugzilla.suse.com/show_bug.cgi?id=874621 https://bugzilla.suse.com/show_bug.cgi?id=897901 https://bugzilla.suse.com/show_bug.cgi?id=900831 https://bugzilla.suse.com/show_bug.cgi?id=901322 https://bugzilla.suse.com/show_bug.cgi?id=904533 https://bugzilla.suse.com/show_bug.cgi?id=905296 https://bugzilla.suse.com/show_bug.cgi?id=905869 https://bugzilla.suse.com/show_bug.cgi?id=906592 From sle-updates at lists.suse.com Thu Jan 22 10:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jan 2015 18:04:52 +0100 (CET) Subject: SUSE-SU-2015:0107-1: important: Security update for rpm Message-ID: <20150122170452.D1CF53235E@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0107-1 Rating: important References: #892431 #906803 #908128 #911228 Cross-References: CVE-2013-6435 CVE-2014-8118 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This rpm update fixes the following security and non-security issues: - bnc#908128: Check for bad invalid name sizes (CVE-2014-8118) - bnc#906803: Create files with mode 0 (CVE-2013-6435) - bnc#892431: Honor --noglob in install mode - bnc#911228: Fix noglob patch, it broke files with space. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-40 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-40 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-40 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): rpm-debuginfo-4.11.2-10.1 rpm-debugsource-4.11.2-10.1 rpm-devel-4.11.2-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): rpm-4.11.2-10.1 rpm-build-4.11.2-10.1 rpm-build-debuginfo-4.11.2-10.1 rpm-debuginfo-4.11.2-10.1 rpm-debugsource-4.11.2-10.1 rpm-python-4.11.2-10.1 rpm-python-debuginfo-4.11.2-10.1 rpm-python-debugsource-4.11.2-10.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): rpm-32bit-4.11.2-10.1 rpm-debuginfo-32bit-4.11.2-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): rpm-32bit-4.11.2-10.1 rpm-4.11.2-10.1 rpm-build-4.11.2-10.1 rpm-build-debuginfo-4.11.2-10.1 rpm-debuginfo-32bit-4.11.2-10.1 rpm-debuginfo-4.11.2-10.1 rpm-debugsource-4.11.2-10.1 rpm-python-4.11.2-10.1 rpm-python-debuginfo-4.11.2-10.1 rpm-python-debugsource-4.11.2-10.1 References: http://support.novell.com/security/cve/CVE-2013-6435.html http://support.novell.com/security/cve/CVE-2014-8118.html https://bugzilla.suse.com/show_bug.cgi?id=892431 https://bugzilla.suse.com/show_bug.cgi?id=906803 https://bugzilla.suse.com/show_bug.cgi?id=908128 https://bugzilla.suse.com/show_bug.cgi?id=911228 From sle-updates at lists.suse.com Thu Jan 22 10:05:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jan 2015 18:05:45 +0100 (CET) Subject: SUSE-SU-2015:0108-1: moderate: Security update for evolution-data-server Message-ID: <20150122170545.5D9FB3235E@maintenance.suse.de> SUSE Security Update: Security update for evolution-data-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0108-1 Rating: moderate References: #901361 #901553 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: evolution-data-server was updated to disable support for SSLv3. This security issues was fixed: - SSLv3 POODLE attack (CVE-2014-3566) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-39 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-39 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-39 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): evolution-data-server-3.10.4-5.11 evolution-data-server-debuginfo-3.10.4-5.11 evolution-data-server-debugsource-3.10.4-5.11 libcamel-1_2-45-3.10.4-5.11 libcamel-1_2-45-32bit-3.10.4-5.11 libcamel-1_2-45-debuginfo-3.10.4-5.11 libcamel-1_2-45-debuginfo-32bit-3.10.4-5.11 libebackend-1_2-7-3.10.4-5.11 libebackend-1_2-7-32bit-3.10.4-5.11 libebackend-1_2-7-debuginfo-3.10.4-5.11 libebackend-1_2-7-debuginfo-32bit-3.10.4-5.11 libebook-1_2-14-3.10.4-5.11 libebook-1_2-14-32bit-3.10.4-5.11 libebook-1_2-14-debuginfo-3.10.4-5.11 libebook-1_2-14-debuginfo-32bit-3.10.4-5.11 libebook-contacts-1_2-0-3.10.4-5.11 libebook-contacts-1_2-0-32bit-3.10.4-5.11 libebook-contacts-1_2-0-debuginfo-3.10.4-5.11 libebook-contacts-1_2-0-debuginfo-32bit-3.10.4-5.11 libecal-1_2-16-3.10.4-5.11 libecal-1_2-16-32bit-3.10.4-5.11 libecal-1_2-16-debuginfo-3.10.4-5.11 libecal-1_2-16-debuginfo-32bit-3.10.4-5.11 libedata-book-1_2-20-3.10.4-5.11 libedata-book-1_2-20-32bit-3.10.4-5.11 libedata-book-1_2-20-debuginfo-3.10.4-5.11 libedata-book-1_2-20-debuginfo-32bit-3.10.4-5.11 libedata-cal-1_2-23-3.10.4-5.11 libedata-cal-1_2-23-32bit-3.10.4-5.11 libedata-cal-1_2-23-debuginfo-3.10.4-5.11 libedata-cal-1_2-23-debuginfo-32bit-3.10.4-5.11 libedataserver-1_2-18-3.10.4-5.11 libedataserver-1_2-18-32bit-3.10.4-5.11 libedataserver-1_2-18-debuginfo-3.10.4-5.11 libedataserver-1_2-18-debuginfo-32bit-3.10.4-5.11 - SUSE Linux Enterprise Workstation Extension 12 (noarch): evolution-data-server-lang-3.10.4-5.11 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): evolution-data-server-debuginfo-3.10.4-5.11 evolution-data-server-debugsource-3.10.4-5.11 evolution-data-server-devel-3.10.4-5.11 typelib-1_0-EBook-1_2-3.10.4-5.11 typelib-1_0-EBookContacts-1_2-3.10.4-5.11 typelib-1_0-EDataServer-1_2-3.10.4-5.11 - SUSE Linux Enterprise Desktop 12 (x86_64): evolution-data-server-3.10.4-5.11 evolution-data-server-debuginfo-3.10.4-5.11 evolution-data-server-debugsource-3.10.4-5.11 libcamel-1_2-45-3.10.4-5.11 libcamel-1_2-45-32bit-3.10.4-5.11 libcamel-1_2-45-debuginfo-3.10.4-5.11 libcamel-1_2-45-debuginfo-32bit-3.10.4-5.11 libebackend-1_2-7-3.10.4-5.11 libebackend-1_2-7-32bit-3.10.4-5.11 libebackend-1_2-7-debuginfo-3.10.4-5.11 libebackend-1_2-7-debuginfo-32bit-3.10.4-5.11 libebook-1_2-14-3.10.4-5.11 libebook-1_2-14-32bit-3.10.4-5.11 libebook-1_2-14-debuginfo-3.10.4-5.11 libebook-1_2-14-debuginfo-32bit-3.10.4-5.11 libebook-contacts-1_2-0-3.10.4-5.11 libebook-contacts-1_2-0-32bit-3.10.4-5.11 libebook-contacts-1_2-0-debuginfo-3.10.4-5.11 libebook-contacts-1_2-0-debuginfo-32bit-3.10.4-5.11 libecal-1_2-16-3.10.4-5.11 libecal-1_2-16-32bit-3.10.4-5.11 libecal-1_2-16-debuginfo-3.10.4-5.11 libecal-1_2-16-debuginfo-32bit-3.10.4-5.11 libedata-book-1_2-20-3.10.4-5.11 libedata-book-1_2-20-32bit-3.10.4-5.11 libedata-book-1_2-20-debuginfo-3.10.4-5.11 libedata-book-1_2-20-debuginfo-32bit-3.10.4-5.11 libedata-cal-1_2-23-3.10.4-5.11 libedata-cal-1_2-23-32bit-3.10.4-5.11 libedata-cal-1_2-23-debuginfo-3.10.4-5.11 libedata-cal-1_2-23-debuginfo-32bit-3.10.4-5.11 libedataserver-1_2-18-3.10.4-5.11 libedataserver-1_2-18-32bit-3.10.4-5.11 libedataserver-1_2-18-debuginfo-3.10.4-5.11 libedataserver-1_2-18-debuginfo-32bit-3.10.4-5.11 - SUSE Linux Enterprise Desktop 12 (noarch): evolution-data-server-lang-3.10.4-5.11 References: https://bugzilla.suse.com/show_bug.cgi?id=901361 https://bugzilla.suse.com/show_bug.cgi?id=901553 From sle-updates at lists.suse.com Thu Jan 22 11:05:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jan 2015 19:05:52 +0100 (CET) Subject: SUSE-RU-2015:0109-1: Recommended update for ceph. Message-ID: <20150122180552.1D5233235E@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph. ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0109-1 Rating: low References: #890736 #890737 #890738 #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ceph provides stability fixes from the upstream OpenStack project: * Drop ceph-disk.patch which interfere with external SSD journals (bnc#890737) * Work around MBR breaking ceph-disk (bnc#890738) * Install 95-ceph-osd-alt.rules on older suse versions. (bnc#890736) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-ceph-9783 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): ceph-0.80.5-0.11.2 ceph-radosgw-0.80.5-0.11.2 libcephfs1-0.80.5-0.11.2 librados2-0.80.5-0.11.2 librbd1-0.80.5-0.11.2 python-ceph-0.80.5-0.11.2 References: https://bugzilla.suse.com/show_bug.cgi?id=890736 https://bugzilla.suse.com/show_bug.cgi?id=890737 https://bugzilla.suse.com/show_bug.cgi?id=890738 https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=6455bb37593dff4a3e777286977e4304 From sle-updates at lists.suse.com Fri Jan 23 05:04:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jan 2015 13:04:45 +0100 (CET) Subject: SUSE-RU-2015:0127-1: moderate: Recommended update for yast2-auth-server Message-ID: <20150123120445.0B4143235F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-auth-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0127-1 Rating: moderate References: #897441 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the path where yast2-auth-server looks for CA certificates. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-41 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x): yast2-auth-server-3.1.12-5.1 yast2-auth-server-debuginfo-3.1.12-5.1 yast2-auth-server-debugsource-3.1.12-5.1 References: https://bugzilla.suse.com/show_bug.cgi?id=897441 From sle-updates at lists.suse.com Fri Jan 23 06:07:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jan 2015 14:07:54 +0100 (CET) Subject: SUSE-RU-2015:0127-2: moderate: Recommended update for yast2-auth-server Message-ID: <20150123130754.0736A32361@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-auth-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0127-2 Rating: moderate References: #897441 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the path where yast2-auth-server looks for CA certificates. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-41 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le x86_64): yast2-auth-server-3.1.12-5.1 yast2-auth-server-debuginfo-3.1.12-5.1 yast2-auth-server-debugsource-3.1.12-5.1 References: https://bugzilla.suse.com/show_bug.cgi?id=897441 From sle-updates at lists.suse.com Fri Jan 23 07:04:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jan 2015 15:04:42 +0100 (CET) Subject: SUSE-SU-2015:0129-1: critical: Security update for flash-player Message-ID: <20150123140442.C20F83235F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0129-1 Rating: critical References: #914333 Cross-References: CVE-2015-0310 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Adobe Flash Player was updated to 11.2.202.438 to fix one security isssue. http://helpx.adobe.com/security/products/flash-player/apsb15-02.html (APSB15-02, CVE-2015-0310) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-42 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-42 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.438-27.1 flash-player-gnome-11.2.202.438-27.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.438-27.1 flash-player-gnome-11.2.202.438-27.1 References: http://support.novell.com/security/cve/CVE-2015-0310.html https://bugzilla.suse.com/show_bug.cgi?id=914333 From sle-updates at lists.suse.com Fri Jan 23 17:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Jan 2015 01:04:52 +0100 (CET) Subject: SUSE-SU-2015:0135-1: critical: Security update for flash-player Message-ID: <20150124000452.2FC023235B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0135-1 Rating: critical References: #914333 Cross-References: CVE-2015-0310 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Adobe Flash Player was updated to version 11.2.202.438 to fix one security issue. (APSB15-02, CVE-2015-0310) For more details refer to the vendor advisory at http://helpx.adobe.com/security/products/flash-player/apsb15-02.html . Security Issues: * CVE-2015-0310 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10215 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.438]: flash-player-11.2.202.438-0.3.1 flash-player-gnome-11.2.202.438-0.3.1 flash-player-kde4-11.2.202.438-0.3.1 References: http://support.novell.com/security/cve/CVE-2015-0310.html https://bugzilla.suse.com/show_bug.cgi?id=914333 http://download.suse.com/patch/finder/?keywords=23c46c7c451b73f11ea60613d28b56ce From sle-updates at lists.suse.com Fri Jan 23 19:05:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Jan 2015 03:05:47 +0100 (CET) Subject: SUSE-SU-2015:0136-1: important: Security update for vsftpd Message-ID: <20150124020548.0145A3235B@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0136-1 Rating: important References: #900326 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The vsftp daemon was not handling the "deny_file" option properly, allowing unauthorized access in some specific scenarios.(bnc#900326). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-vsftpd-10161 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vsftpd-10161 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): vsftpd-2.0.7-4.27.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): vsftpd-2.0.7-4.27.1 References: https://bugzilla.suse.com/show_bug.cgi?id=900326 http://download.suse.com/patch/finder/?keywords=c6526212ede876aeb795aefc7af90012 From sle-updates at lists.suse.com Mon Jan 26 11:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jan 2015 19:04:54 +0100 (CET) Subject: SUSE-RU-2015:0144-1: Recommended update for crowbar Message-ID: <20150126180454.68AAC32362@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0144-1 Rating: low References: #901744 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar provides stability fixes from the upstream OpenStack project: * Fix the dns availability check * Remove ping test (bnc#901744) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-10183 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-1.8+git.1411390919.f59b3ae-0.11.1 References: https://bugzilla.suse.com/show_bug.cgi?id=901744 https://bugzilla.suse.com/show_bug.cgi?id=913692 http://download.suse.com/patch/finder/?keywords=bb4a6f6182463d7efbd7eee32e36d07b From sle-updates at lists.suse.com Mon Jan 26 11:08:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jan 2015 19:08:28 +0100 (CET) Subject: SUSE-RU-2015:0145-1: Recommended update for crowbar-barclamp-pacemaker Message-ID: <20150126180828.47D2432362@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0145-1 Rating: low References: #897815 #897902 #898484 #900950 #905038 #909056 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crowbar-barclamp-pacemaker provides the following fixes: * Fix migration for transport key in schema. (bnc#909056) * Force output of "crm configure show" to not use colors. * Raise header bufsize to 32kb. (bnc#900950) * Raise server/client timeouts to 3h. (bnc#897902) * Add ability to pick between multicast and unicast. * Allow setting the tune.bufsize and tune.chksize options in haproxy. * Increase tune.bufsize option of haproxy. (bnc#898484) * Make adding a node to a cluster give all roles from that cluster to node. * Fix libvirt stonith configuration. (bnc#905038) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-pacemaker-10197 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-pacemaker-1.8+git.1421500370.c987500-0.7.2 References: https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=897902 https://bugzilla.suse.com/show_bug.cgi?id=898484 https://bugzilla.suse.com/show_bug.cgi?id=900950 https://bugzilla.suse.com/show_bug.cgi?id=905038 https://bugzilla.suse.com/show_bug.cgi?id=909056 http://download.suse.com/patch/finder/?keywords=5e4cd970c1b282e802b36501f62a7f90 From sle-updates at lists.suse.com Mon Jan 26 11:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jan 2015 19:09:38 +0100 (CET) Subject: SUSE-RU-2015:0146-1: Recommended update for crowbar-barclamp-tempest, openstack-tempest Message-ID: <20150126180938.234FD32364@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-tempest, openstack-tempest ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0146-1 Rating: low References: #896481 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes two new package versions. Description: This update provides stability fixes from the upstream OpenStack project: openstack-tempest: * Remove duplicate _ping_ip_address() methods * Migrate object_storage API tests to resource_* fixtures * Migrate image API tests to resource_* fixtures * Migrate test_load_balancer_basic to tempest client * Drop autoscaling scenario test * Migrate data_processing API tests to resource_* fixtures * Migrate database API tests to resource_* fixtures * Migrate TestStampPattern to tempest client * Replace wait with communicate to avoid potential deadlock * Migrate baremetal_basic_ops to tempest clients * Migrate baremetal API tests to resource_* fixtures * Migrate network API tests to resource_* fixtures * Migrate identity API tests to resource_* fixtures * Migrate computev3 API tests to resource_* fixtures * Removes bogus negative create image compute * Fix scenarios not passing down specific network * Backward compatibility to credentials in conf * Migrate computev2 API tests to resource_* fixtures. crowbar-barclamp-tempest: * Ensure that tempest role has a node assigned * Add custom region support (bnc#896481). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-tempest-0115-10181 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2.dev1101.g9f74390]: openstack-tempest-2.dev1101.g9f74390-0.7.1 openstack-tempest-test-2.dev1101.g9f74390-0.7.1 python-tempest-2.dev1101.g9f74390-0.7.1 - SUSE Cloud 4 (noarch): crowbar-barclamp-tempest-1.8+git.1421500022.7052f87-0.7.2 References: https://bugzilla.suse.com/show_bug.cgi?id=896481 https://bugzilla.suse.com/show_bug.cgi?id=913692 http://download.suse.com/patch/finder/?keywords=155d27d08234cb3d5dab3cae93099a2b From sle-updates at lists.suse.com Mon Jan 26 17:04:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 01:04:46 +0100 (CET) Subject: SUSE-OU-2015:0148-1: Optional update for rubygem-faraday, rubygem-multipart-post, rubygem-system_timer Message-ID: <20150127000446.594A43235B@maintenance.suse.de> SUSE Optional Update: Optional update for rubygem-faraday, rubygem-multipart-post, rubygem-system_timer ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0148-1 Rating: low References: #898670 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This optional update adds rubygem-faraday, rubygem-multipart-post and rubygem-system_timer to SUSE Cloud 4. These new packages are used to ease the deployment of the Neutron barclamp with NSX. Indications: Any user can install these packages. Contraindications: Indications: Any user can install these packages. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-rubygems-nsx-9822 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): rubygem-faraday-0.9.0-0.7.1 rubygem-multipart-post-2.0.0-0.7.1 rubygem-system_timer-1.2.4-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=898670 http://download.suse.com/patch/finder/?keywords=25e2e77f3eb9acc9c0352127723321e4 From sle-updates at lists.suse.com Tue Jan 27 06:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 14:04:53 +0100 (CET) Subject: SUSE-SU-2015:0151-1: critical: Security update for flash-player Message-ID: <20150127130453.2D92332366@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0151-1 Rating: critical References: #914463 Cross-References: CVE-2015-0311 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01, CVE-2015-0311). More information can be found on https://helpx.adobe.com/security/products/flash-player/apsa15-01.html An update of flashplayer (executable binary) for i386 is currently not available. Disabled! Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-43 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-43 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.440-31.1 flash-player-gnome-11.2.202.440-31.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.440-31.1 flash-player-gnome-11.2.202.440-31.1 References: http://support.novell.com/security/cve/CVE-2015-0311.html https://bugzilla.suse.com/show_bug.cgi?id=914463 From sle-updates at lists.suse.com Tue Jan 27 08:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 16:04:52 +0100 (CET) Subject: SUSE-SU-2015:0152-1: moderate: Security update for binutils Message-ID: <20150127150452.0C43332366@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0152-1 Rating: moderate References: #902676 #902677 #903655 #905735 #905736 Cross-References: CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This binutils update fixes the following security issues: - bnc#902676: lack of range checking leading to controlled write in _bfd_elf_setup_sections() (CVE-2014-8485) - bnc#902677: invalid read flaw in libbfd (CVE-2014-8484) - bnc#903655: Multiple memory corruption issues in binary parsers of libbfd (CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504) - bnc#905735: Out-of-bounds memory write while processing a crafted "ar" archive (CVE-2014-8738) - bnc#905736: Directory traversal vulnerability allowing random file deletion/creation (CVE-2014-8737) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-44 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-44 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-44 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): binutils-debuginfo-2.24-7.1 binutils-debugsource-2.24-7.1 binutils-devel-2.24-7.1 cross-ppc-binutils-2.24-7.1 cross-ppc-binutils-debuginfo-2.24-7.1 cross-ppc-binutils-debugsource-2.24-7.1 cross-spu-binutils-2.24-7.1 cross-spu-binutils-debuginfo-2.24-7.1 cross-spu-binutils-debugsource-2.24-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le x86_64): binutils-gold-2.24-7.1 binutils-gold-debuginfo-2.24-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): binutils-2.24-7.1 binutils-debuginfo-2.24-7.1 binutils-debugsource-2.24-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): binutils-2.24-7.1 binutils-debuginfo-2.24-7.1 binutils-debugsource-2.24-7.1 References: http://support.novell.com/security/cve/CVE-2014-8484.html http://support.novell.com/security/cve/CVE-2014-8485.html http://support.novell.com/security/cve/CVE-2014-8501.html http://support.novell.com/security/cve/CVE-2014-8502.html http://support.novell.com/security/cve/CVE-2014-8503.html http://support.novell.com/security/cve/CVE-2014-8504.html http://support.novell.com/security/cve/CVE-2014-8737.html http://support.novell.com/security/cve/CVE-2014-8738.html https://bugzilla.suse.com/show_bug.cgi?id=902676 https://bugzilla.suse.com/show_bug.cgi?id=902677 https://bugzilla.suse.com/show_bug.cgi?id=903655 https://bugzilla.suse.com/show_bug.cgi?id=905735 https://bugzilla.suse.com/show_bug.cgi?id=905736 From sle-updates at lists.suse.com Tue Jan 27 08:05:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 16:05:51 +0100 (CET) Subject: SUSE-SU-2015:0153-1: moderate: Security update for subversion Message-ID: <20150127150551.896CC32366@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0153-1 Rating: moderate References: #909935 Cross-References: CVE-2014-3580 CVE-2014-8108 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues: CVE-2014-3580: mod_dav_svn is vulnerable to a remotely triggerable segfault DoS vulnerability with certain invalid REPORT requests. CVE-2014-8108: Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-45 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-4.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-4.1 libsvn_auth_kwallet-1-0-1.8.10-4.1 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-4.1 subversion-1.8.10-4.1 subversion-debuginfo-1.8.10-4.1 subversion-debugsource-1.8.10-4.1 subversion-devel-1.8.10-4.1 subversion-perl-1.8.10-4.1 subversion-perl-debuginfo-1.8.10-4.1 subversion-python-1.8.10-4.1 subversion-python-debuginfo-1.8.10-4.1 subversion-server-1.8.10-4.1 subversion-server-debuginfo-1.8.10-4.1 subversion-tools-1.8.10-4.1 subversion-tools-debuginfo-1.8.10-4.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): subversion-bash-completion-1.8.10-4.1 References: http://support.novell.com/security/cve/CVE-2014-3580.html http://support.novell.com/security/cve/CVE-2014-8108.html https://bugzilla.suse.com/show_bug.cgi?id=909935 From sle-updates at lists.suse.com Tue Jan 27 11:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 19:04:53 +0100 (CET) Subject: SUSE-SU-2014:1699-2: moderate: Security update for libyaml Message-ID: <20150127180453.6558632366@maintenance.suse.de> SUSE Security Update: Security update for libyaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1699-2 Rating: moderate References: #907809 Cross-References: CVE-2014-9130 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager Server SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libyaml update fixes the following security issue: * CVE-2014-9130: Assert failure when processing wrapped strings. (bnc#907809) Security Issues: * CVE-2014-9130 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libyaml-0-2-10075 - SUSE Manager Server: zypper in -t patch sleman21-libyaml-0-2-10076 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-libyaml-0-2-10075 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libyaml-0-2-0.1.3-0.10.16.1 - SUSE Manager Server (x86_64): libyaml-0-2-0.1.3-0.10.16.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): libyaml-0-2-0.1.3-0.10.16.1 References: http://support.novell.com/security/cve/CVE-2014-9130.html https://bugzilla.suse.com/show_bug.cgi?id=907809 http://download.suse.com/patch/finder/?keywords=1c4631ed6add6b8cbaef6678f41cb744 http://download.suse.com/patch/finder/?keywords=e46bef72bdc829a0fdd1d28f478123cf From sle-updates at lists.suse.com Tue Jan 27 11:08:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 19:08:15 +0100 (CET) Subject: SUSE-SU-2015:0154-1: moderate: Security update for git Message-ID: <20150127180815.C5D8832366@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0154-1 Rating: moderate References: #910756 Cross-References: CVE-2014-9390 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems (bnc#910756) Please note that Linux is usually not affected, unless you operate git on FAT, NTFS or other non Linux filesystems Security Issues: * CVE-2014-9390 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-git-10173 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): git-1.7.12.4-0.9.1 git-core-1.7.12.4-0.9.1 References: http://support.novell.com/security/cve/CVE-2014-9390.html https://bugzilla.suse.com/show_bug.cgi?id=910756 http://download.suse.com/patch/finder/?keywords=b8869b7df1bbf98dce214a566d9ad641 From sle-updates at lists.suse.com Tue Jan 27 11:08:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 19:08:29 +0100 (CET) Subject: SUSE-SU-2015:0155-1: Security update for subversion Message-ID: <20150127180829.C4A8F32368@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0155-1 Rating: low References: #909935 #910376 Cross-References: CVE-2014-3580 CVE-2014-8108 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for Subversion fixes the following security issues in mod_dav_svn: * CVE-2014-3580: A remotely triggerable segmentation fault when handling invalid REPORT requests. * CVE-2014-8108: A remotely triggerable segmentation fault when handling requests with no existent virtual transaction names. Security Issues: * CVE-2014-3580 * CVE-2014-8108 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-10157 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.31.3 References: http://support.novell.com/security/cve/CVE-2014-3580.html http://support.novell.com/security/cve/CVE-2014-8108.html https://bugzilla.suse.com/show_bug.cgi?id=909935 https://bugzilla.suse.com/show_bug.cgi?id=910376 http://download.suse.com/patch/finder/?keywords=b8d8a183da8f6c48216e572bbc96a937 From sle-updates at lists.suse.com Tue Jan 27 15:08:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 23:08:01 +0100 (CET) Subject: SUSE-SU-2015:0154-2: moderate: Security update for git Message-ID: <20150127220801.2E08332365@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0154-2 Rating: moderate References: #910756 Cross-References: CVE-2014-9390 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2014-9390: Arbitrary command execution vulnerability on case-insensitive file systems. (bsc#910756) Linux systems are normally not affected by this issue, unless git is operating on FAT, NTFS or other non Linux file systems. Security Issues: * CVE-2014-9390 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-git-10174 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.9.1 git-arch-1.7.12.4-0.9.1 git-core-1.7.12.4-0.9.1 git-cvs-1.7.12.4-0.9.1 git-daemon-1.7.12.4-0.9.1 git-email-1.7.12.4-0.9.1 git-gui-1.7.12.4-0.9.1 git-svn-1.7.12.4-0.9.1 git-web-1.7.12.4-0.9.1 gitk-1.7.12.4-0.9.1 References: http://support.novell.com/security/cve/CVE-2014-9390.html https://bugzilla.suse.com/show_bug.cgi?id=910756 http://download.suse.com/patch/finder/?keywords=a2f19610a12483beb95e8317e4121f61 From sle-updates at lists.suse.com Tue Jan 27 15:08:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 23:08:15 +0100 (CET) Subject: SUSE-SU-2015:0155-2: Security update for subversion Message-ID: <20150127220815.9C55F32367@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0155-2 Rating: low References: #909935 #910376 Cross-References: CVE-2014-3580 CVE-2014-8108 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for Subversion fixes the following security issues in mod_dav_svn: * CVE-2014-3580: A remotely triggerable segmentation fault when handling invalid REPORT requests. * CVE-2014-8108: A remotely triggerable segmentation fault when handling requests with no existent virtual transaction names. Security Issues: * CVE-2014-3580 * CVE-2014-8108 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-10156 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.31.3 subversion-devel-1.6.17-1.31.3 subversion-perl-1.6.17-1.31.3 subversion-python-1.6.17-1.31.3 subversion-server-1.6.17-1.31.3 subversion-tools-1.6.17-1.31.3 References: http://support.novell.com/security/cve/CVE-2014-3580.html http://support.novell.com/security/cve/CVE-2014-8108.html https://bugzilla.suse.com/show_bug.cgi?id=909935 https://bugzilla.suse.com/show_bug.cgi?id=910376 http://download.suse.com/patch/finder/?keywords=0d6b8900128e42369bb6ce253e90137b From sle-updates at lists.suse.com Tue Jan 27 15:04:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jan 2015 23:04:47 +0100 (CET) Subject: SUSE-SU-2014:1699-3: moderate: Security update for libyaml Message-ID: <20150127220447.2C27832365@maintenance.suse.de> SUSE Security Update: Security update for libyaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1699-3 Rating: moderate References: #907809 Cross-References: CVE-2014-9130 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libyaml update fixes the following security issue: * CVE-2014-9130: Assert failure when processing wrapped strings. (bnc#907809) Security Issues: * CVE-2014-9130 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libyaml-10122 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libyaml-devel-0.1.3-0.10.16.2 References: http://support.novell.com/security/cve/CVE-2014-9130.html https://bugzilla.suse.com/show_bug.cgi?id=907809 http://download.suse.com/patch/finder/?keywords=ced3c37a37ab85c3cd953355eb1191dc From sle-updates at lists.suse.com Tue Jan 27 17:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jan 2015 01:04:51 +0100 (CET) Subject: SUSE-SU-2014:1609-2: Security update for rubygem-sprockets-2_2 Message-ID: <20150128000451.45B6032365@maintenance.suse.de> SUSE Security Update: Security update for rubygem-sprockets-2_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1609-2 Rating: low References: #903658 Cross-References: CVE-2014-7819 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-sprockets-2_2 has been updated to fix one security issue: * Arbitrary file existence disclosure (CVE-2014-7819). Security Issues: * CVE-2014-7819 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-sprockets-2_2-9965 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-sprockets-2_2-9965 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-sprockets-2_2-9965 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-sprockets-2_2-2.2.1-0.7.11.1 - SUSE Studio Onsite 1.3 (x86_64): rubygem-sprockets-2_2-2.2.1-0.7.11.1 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-sprockets-2_2-2.2.1-0.7.11.1 References: http://support.novell.com/security/cve/CVE-2014-7819.html https://bugzilla.suse.com/show_bug.cgi?id=903658 http://download.suse.com/patch/finder/?keywords=317cf5eec6cc9c87648f042d234679cb From sle-updates at lists.suse.com Tue Jan 27 17:05:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jan 2015 01:05:10 +0100 (CET) Subject: SUSE-SU-2015:0156-1: moderate: Security update for rubygem-actionpack-3_2 Message-ID: <20150128000510.AC8A332365@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-3_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0156-1 Rating: moderate References: #903662 #905727 Cross-References: CVE-2014-7818 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: rubygem-actionpack-3_2 has been updated to fix two security issues: * Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) * Arbitrary file existence disclosure in Action Pack (CVE-2014-7829) Further information can be found at http://weblog.rubyonrails.org/2014/10/30/Rails_3_2_20_4_0_11_4_1_7_and_4_2_ 0_beta3_have_been_released/ Security Issues: * CVE-2014-7818 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-actionpack-3_2-10006 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-actionpack-3_2-10006 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-actionpack-3_2-10006 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.19.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.19.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.19.1 References: http://support.novell.com/security/cve/CVE-2014-7818.html https://bugzilla.suse.com/show_bug.cgi?id=903662 https://bugzilla.suse.com/show_bug.cgi?id=905727 http://download.suse.com/patch/finder/?keywords=6c68c57be4203c176afb27d82a46eefa From sle-updates at lists.suse.com Tue Jan 27 17:05:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jan 2015 01:05:44 +0100 (CET) Subject: SUSE-SU-2015:0157-1: Security update for Ruby Message-ID: <20150128000544.102AE3235C@maintenance.suse.de> SUSE Security Update: Security update for Ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0157-1 Rating: low References: #902851 #905326 Cross-References: CVE-2014-8080 CVE-2014-8090 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: The Ruby script interpreter has been updated to fix two denial of service attacks when expanding XML. (CVE-2014-8080 and CVE-2014-8090) Security Issues: * CVE-2014-8080 * CVE-2014-8090 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-10034 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ruby-10126 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ruby-10126 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ruby-10126 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ruby-10126 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]: ruby19-1.9.3.p392-0.19.1 ruby19-devel-1.9.3.p392-0.19.1 ruby19-devel-extra-1.9.3.p392-0.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.17.1 ruby-doc-html-1.8.7.p357-0.9.17.1 ruby-doc-ri-1.8.7.p357-0.9.17.1 ruby-examples-1.8.7.p357-0.9.17.1 ruby-test-suite-1.8.7.p357-0.9.17.1 ruby-tk-1.8.7.p357-0.9.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.17.1 ruby-doc-html-1.8.7.p357-0.9.17.1 ruby-tk-1.8.7.p357-0.9.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.17.1 ruby-doc-html-1.8.7.p357-0.9.17.1 ruby-tk-1.8.7.p357-0.9.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ruby-1.8.7.p357-0.9.17.1 References: http://support.novell.com/security/cve/CVE-2014-8080.html http://support.novell.com/security/cve/CVE-2014-8090.html https://bugzilla.suse.com/show_bug.cgi?id=902851 https://bugzilla.suse.com/show_bug.cgi?id=905326 http://download.suse.com/patch/finder/?keywords=ddfbb791731523f404cfccce22ab0630 http://download.suse.com/patch/finder/?keywords=f6bfbda222d9b9bf39e44aecc3b32fcb From sle-updates at lists.suse.com Tue Jan 27 19:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jan 2015 03:04:53 +0100 (CET) Subject: SUSE-SU-2015:0158-1: critical: Security update for glibc Message-ID: <20150128020453.BE5E03235C@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0158-1 Rating: critical References: #913646 Cross-References: CVE-2015-0235 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following security issue: CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that could lead to a local or remote buffer overflow. (bsc#913646) Security Issues: * CVE-2015-0235 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc-10206 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc-10206 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc-10206 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-glibc-10204 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-glibc-10202 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc-10206 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.74.13 glibc-info-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.74.13 glibc-devel-2.11.3-17.74.13 glibc-html-2.11.3-17.74.13 glibc-i18ndata-2.11.3-17.74.13 glibc-info-2.11.3-17.74.13 glibc-locale-2.11.3-17.74.13 glibc-profile-2.11.3-17.74.13 nscd-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.74.13 glibc-devel-32bit-2.11.3-17.74.13 glibc-locale-32bit-2.11.3-17.74.13 glibc-profile-32bit-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.74.13 glibc-devel-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.74.13 glibc-i18ndata-2.11.3-17.74.13 glibc-info-2.11.3-17.74.13 glibc-locale-2.11.3-17.74.13 glibc-profile-2.11.3-17.74.13 nscd-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.74.13 glibc-devel-32bit-2.11.3-17.74.13 glibc-locale-32bit-2.11.3-17.74.13 glibc-profile-32bit-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.74.13 glibc-profile-x86-2.11.3-17.74.13 glibc-x86-2.11.3-17.74.13 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.45.55.5 glibc-devel-2.11.3-17.45.55.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.45.55.5 glibc-i18ndata-2.11.3-17.45.55.5 glibc-info-2.11.3-17.45.55.5 glibc-locale-2.11.3-17.45.55.5 glibc-profile-2.11.3-17.45.55.5 nscd-2.11.3-17.45.55.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): glibc-32bit-2.11.3-17.45.55.5 glibc-devel-32bit-2.11.3-17.45.55.5 glibc-locale-32bit-2.11.3-17.45.55.5 glibc-profile-32bit-2.11.3-17.45.55.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 i686 s390x x86_64): glibc-2.11.1-0.60.1 glibc-devel-2.11.1-0.60.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): glibc-html-2.11.1-0.60.1 glibc-i18ndata-2.11.1-0.60.1 glibc-info-2.11.1-0.60.1 glibc-locale-2.11.1-0.60.1 glibc-profile-2.11.1-0.60.1 nscd-2.11.1-0.60.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): glibc-32bit-2.11.1-0.60.1 glibc-devel-32bit-2.11.1-0.60.1 glibc-locale-32bit-2.11.1-0.60.1 glibc-profile-32bit-2.11.1-0.60.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 i686 s390x x86_64): glibc-2.4-31.113.3 glibc-devel-2.4-31.113.3 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): glibc-html-2.4-31.113.3 glibc-i18ndata-2.4-31.113.3 glibc-info-2.4-31.113.3 glibc-locale-2.4-31.113.3 glibc-profile-2.4-31.113.3 nscd-2.4-31.113.3 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): glibc-32bit-2.4-31.113.3 glibc-devel-32bit-2.4-31.113.3 glibc-locale-32bit-2.4-31.113.3 glibc-profile-32bit-2.4-31.113.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.74.13 glibc-devel-2.11.3-17.74.13 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.74.13 glibc-locale-2.11.3-17.74.13 nscd-2.11.3-17.74.13 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.74.13 glibc-devel-32bit-2.11.3-17.74.13 glibc-locale-32bit-2.11.3-17.74.13 References: http://support.novell.com/security/cve/CVE-2015-0235.html https://bugzilla.suse.com/show_bug.cgi?id=913646 http://download.suse.com/patch/finder/?keywords=1ca03fa8282503d216439947cd177344 http://download.suse.com/patch/finder/?keywords=663c904782de77d808d74a6c283518c8 http://download.suse.com/patch/finder/?keywords=7fbea3f9bf3b0ca0902540ea678de798 http://download.suse.com/patch/finder/?keywords=fbc502d34a8bffb84719dc9a5ec60cde From sle-updates at lists.suse.com Wed Jan 28 10:05:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jan 2015 18:05:10 +0100 (CET) Subject: SUSE-SU-2015:0160-1: moderate: Security update for libsndfile Message-ID: <20150128170510.971E032368@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0160-1 Rating: moderate References: #911796 Cross-References: CVE-2014-9496 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - two buffer read overflows in sd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream fix patches Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-46 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-46 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-46 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-21.1 libsndfile-devel-1.0.25-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-21.1 libsndfile1-1.0.25-21.1 libsndfile1-debuginfo-1.0.25-21.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libsndfile1-32bit-1.0.25-21.1 libsndfile1-debuginfo-32bit-1.0.25-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libsndfile-debugsource-1.0.25-21.1 libsndfile1-1.0.25-21.1 libsndfile1-32bit-1.0.25-21.1 libsndfile1-debuginfo-1.0.25-21.1 libsndfile1-debuginfo-32bit-1.0.25-21.1 References: http://support.novell.com/security/cve/CVE-2014-9496.html https://bugzilla.suse.com/show_bug.cgi?id=911796 From sle-updates at lists.suse.com Wed Jan 28 11:05:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jan 2015 19:05:11 +0100 (CET) Subject: SUSE-SU-2015:0163-1: critical: Security update for flash-player Message-ID: <20150128180511.3E8F832368@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0163-1 Rating: critical References: #914463 Cross-References: CVE-2015-0311 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Adobe Flash Player was updated to version 11.2.202.440 (bsc#914463, APSA15-01, CVE-2015-0311). More information can be found at https://helpx.adobe.com/security/products/flash-player/apsa15-01.html . An update of flashplayer (executable binary) for i386 is currently not available and was thus disabled. Security Issues: * CVE-2015-0311 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10226 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.440]: flash-player-11.2.202.440-0.3.1 flash-player-gnome-11.2.202.440-0.3.1 flash-player-kde4-11.2.202.440-0.3.1 References: http://support.novell.com/security/cve/CVE-2015-0311.html https://bugzilla.suse.com/show_bug.cgi?id=914463 http://download.suse.com/patch/finder/?keywords=7db1258290d221d2ae042f2c7805a21a From sle-updates at lists.suse.com Wed Jan 28 17:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 01:04:50 +0100 (CET) Subject: SUSE-SU-2015:0164-1: moderate: Security update for glibc Message-ID: <20150129000450.BBC3232367@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0164-1 Rating: moderate References: #844309 #888860 #894553 #894556 #909053 Cross-References: CVE-2012-6656 CVE-2013-4357 CVE-2014-6040 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: glibc has been updated to fix one security issue and several bugs: Security issue fixed: * Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, CVE-2012-6656) * Fixed a stack overflow during hosts parsing (CVE-2013-4357) Bugs fixed: * don't touch user-controlled stdio locks in forked child (bsc#864081, GLIBC BZ #12847) * Fix infinite loop in check_pf (bsc#909053, GLIBC BZ #12926) * Add check for RTLD_DEEPBIND environment variable to disable deepbinding of NSS modules (bsc#888860) * Fix infinite loop in check_pf (bsc#909053, GLIBC BZ #12926) Security Issues: * CVE-2014-6040 * CVE-2012-6656 * CVE-2013-4357 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-glibc-10217 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 i686 s390x x86_64): glibc-2.11.1-0.62.1 glibc-devel-2.11.1-0.62.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): glibc-html-2.11.1-0.62.1 glibc-i18ndata-2.11.1-0.62.1 glibc-info-2.11.1-0.62.1 glibc-locale-2.11.1-0.62.1 glibc-profile-2.11.1-0.62.1 nscd-2.11.1-0.62.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): glibc-32bit-2.11.1-0.62.1 glibc-devel-32bit-2.11.1-0.62.1 glibc-locale-32bit-2.11.1-0.62.1 glibc-profile-32bit-2.11.1-0.62.1 References: http://support.novell.com/security/cve/CVE-2012-6656.html http://support.novell.com/security/cve/CVE-2013-4357.html http://support.novell.com/security/cve/CVE-2014-6040.html https://bugzilla.suse.com/show_bug.cgi?id=844309 https://bugzilla.suse.com/show_bug.cgi?id=888860 https://bugzilla.suse.com/show_bug.cgi?id=894553 https://bugzilla.suse.com/show_bug.cgi?id=894556 https://bugzilla.suse.com/show_bug.cgi?id=909053 http://download.suse.com/patch/finder/?keywords=0d01346ebb9d9e39d1c632f49a85a7ee From sle-updates at lists.suse.com Wed Jan 28 17:05:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 01:05:54 +0100 (CET) Subject: SUSE-RU-2015:0165-1: Recommended update for supportutils-plugin-susecloud Message-ID: <20150129000554.5DF5D32366@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-susecloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0165-1 Rating: low References: #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for supportutils-plugin-susecloud brings the following enhancements: * Add crowbar backup and restore logs to plugin. * Add find_and_plog_files_0 helper to capture entire files in a directory. * Export chef nodes, roles and data bags. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-supportutils-plugin-susecloud-10192 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch) [New Version: 4.0.1421229981.e2006ad]: supportutils-plugin-susecloud-4.0.1421229981.e2006ad-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=913692 http://download.suse.com/patch/finder/?keywords=67011380e0ccad31594b12fab3798243 From sle-updates at lists.suse.com Wed Jan 28 17:06:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 01:06:08 +0100 (CET) Subject: SUSE-SU-2015:0166-1: moderate: Security update for OpenSSL Message-ID: <20150129000608.AE37232366@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0166-1 Rating: moderate References: #912014 #912015 #912018 #912292 #912293 #912294 #912296 Cross-References: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory at http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. (bsc#912294) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fixed various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. (bsc#912293) Although the OpenSSL library from SLES 10 is not affected by this problem, a fix has been applied to the sources. * CVE-2015-0206: A memory leak was fixed in dtls1_buffer_record. (bsc#912292) Security Issues: * CVE-2014-8275 * CVE-2014-3571 * CVE-2015-0204 * CVE-2014-3572 * CVE-2014-3570 * CVE-2015-0205 Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): openssl-0.9.8a-18.88.1 openssl-32bit-0.9.8a-18.88.1 - SLE CLIENT TOOLS 10 for s390x (s390x): openssl-0.9.8a-18.88.1 openssl-32bit-0.9.8a-18.88.1 - SLE CLIENT TOOLS 10 (i586): openssl-0.9.8a-18.88.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912292 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296 http://download.suse.com/patch/finder/?keywords=c27b6271d3ce7b4eee1b546d18742e98 From sle-updates at lists.suse.com Wed Jan 28 17:07:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 01:07:25 +0100 (CET) Subject: SUSE-SU-2015:0167-1: moderate: Security update for glibc Message-ID: <20150129000725.4842E3235C@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0167-1 Rating: moderate References: #864081 #882600 #909053 Cross-References: CVE-2012-6656 CVE-2014-6040 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: glibc has been updated to fix a security issue and two bugs: Security issue fixed: * Copy filename argument in posix_spawn_file_actions_addopen (CVE-2014-4043) Bugs fixed: * don't touch user-controlled stdio locks in forked child (bsc#864081, GLIBC BZ #12847) * Fix infinite loop in check_pf (bsc#909053, GLIBC BZ #12926) Security Issues: * CVE-2014-6040 * CVE-2012-6656 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-glibc-10220 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.45.57.6 glibc-devel-2.11.3-17.45.57.6 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.45.57.6 glibc-i18ndata-2.11.3-17.45.57.6 glibc-info-2.11.3-17.45.57.6 glibc-locale-2.11.3-17.45.57.6 glibc-profile-2.11.3-17.45.57.6 nscd-2.11.3-17.45.57.6 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): glibc-32bit-2.11.3-17.45.57.6 glibc-devel-32bit-2.11.3-17.45.57.6 glibc-locale-32bit-2.11.3-17.45.57.6 glibc-profile-32bit-2.11.3-17.45.57.6 References: http://support.novell.com/security/cve/CVE-2012-6656.html http://support.novell.com/security/cve/CVE-2014-6040.html https://bugzilla.suse.com/show_bug.cgi?id=864081 https://bugzilla.suse.com/show_bug.cgi?id=882600 https://bugzilla.suse.com/show_bug.cgi?id=909053 http://download.suse.com/patch/finder/?keywords=880eb49b49e66cc28d6f1daf5ce1ccae From sle-updates at lists.suse.com Wed Jan 28 19:06:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 03:06:32 +0100 (CET) Subject: SUSE-SU-2015:0168-1: moderate: Security update for binutils Message-ID: <20150129020632.8AD053235C@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0168-1 Rating: moderate References: #902676 #902677 #903655 #905735 #905736 Cross-References: CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: binutils has been updated to fix eight security issues: * Lack of range checking leading to controlled write in _bfd_elf_setup_sections() (CVE-2014-8485). * Invalid read flaw in libbfd (CVE-2014-8484). * Write to uninitialized memory in the PE parser (CVE-2014-8501). * Crash in the PE parser (CVE-2014-8502). * Segfault in the ihex parser when it encounters a malformed ihex file (CVE-2014-8503). * Stack buffer overflow in srec_scan (CVE-2014-8504). * Out-of-bounds memory write while processing a crafted "ar" archive (CVE-2014-8738). * Directory traversal vulnerability allowing random file deletion/creation (CVE-2014-8737). Security Issues: * CVE-2014-8501 * CVE-2014-8502 * CVE-2014-8503 * CVE-2014-8504 * CVE-2014-8485 * CVE-2014-8738 * CVE-2014-8484 * CVE-2014-8737 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-binutils-201501-10214 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-binutils-201501-10214 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-binutils-201501-10214 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-binutils-201501-10214 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): binutils-devel-2.23.1-0.23.15 cross-ppc-binutils-2.23.1-0.23.2 cross-spu-binutils-2.23.1-0.23.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): binutils-devel-32bit-2.23.1-0.23.15 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 x86_64): binutils-gold-2.23.1-0.23.15 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): binutils-2.23.1-0.23.15 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): binutils-2.23.1-0.23.15 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): binutils-2.23.1-0.23.15 References: http://support.novell.com/security/cve/CVE-2014-8484.html http://support.novell.com/security/cve/CVE-2014-8485.html http://support.novell.com/security/cve/CVE-2014-8501.html http://support.novell.com/security/cve/CVE-2014-8502.html http://support.novell.com/security/cve/CVE-2014-8503.html http://support.novell.com/security/cve/CVE-2014-8504.html http://support.novell.com/security/cve/CVE-2014-8737.html http://support.novell.com/security/cve/CVE-2014-8738.html https://bugzilla.suse.com/show_bug.cgi?id=902676 https://bugzilla.suse.com/show_bug.cgi?id=902677 https://bugzilla.suse.com/show_bug.cgi?id=903655 https://bugzilla.suse.com/show_bug.cgi?id=905735 https://bugzilla.suse.com/show_bug.cgi?id=905736 http://download.suse.com/patch/finder/?keywords=6d27b48bf1cdae29eb4a858e0913fa3f From sle-updates at lists.suse.com Wed Jan 28 19:07:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 03:07:35 +0100 (CET) Subject: SUSE-SU-2015:0169-1: moderate: Security update for libsndfile Message-ID: <20150129020735.C5E8632366@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0169-1 Rating: moderate References: #911796 Cross-References: CVE-2014-9496 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsndfile fixes two buffer read overflows in sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796) Security Issues: * CVE-2014-9496 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libsndfile-10221 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libsndfile-10221 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libsndfile-10221 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libsndfile-10221 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.6.5 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libsndfile-1.0.20-2.6.5 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsndfile-32bit-1.0.20-2.6.5 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.6.5 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.6.5 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsndfile-x86-1.0.20-2.6.5 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libsndfile-1.0.20-2.6.5 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libsndfile-32bit-1.0.20-2.6.5 References: http://support.novell.com/security/cve/CVE-2014-9496.html https://bugzilla.suse.com/show_bug.cgi?id=911796 http://download.suse.com/patch/finder/?keywords=5a3327bff845b70608b1b942076de8c7 From sle-updates at lists.suse.com Wed Jan 28 22:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 06:04:52 +0100 (CET) Subject: SUSE-SU-2015:0170-1: moderate: Security update for glibc Message-ID: <20150129050452.6D0F832369@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0170-1 Rating: moderate References: #844309 #882600 #894553 #894556 Cross-References: CVE-2012-6656 CVE-2013-4357 CVE-2014-6040 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: glibc has been updated to fix security issues: * Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, CVE-2012-6656, bsc#894553, bsc#894556, GLIBC BZ #17325, GLIBC BZ #14134) * Fixed a stack overflow during hosts parsing (CVE-2013-4357) * Copy filename argument in posix_spawn_file_actions_addopen (CVE-2014-4043, bsc#882600, BZ #17048) Security Issues: * CVE-2014-6040 * CVE-2012-6656 * CVE-2013-4357 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 i686 s390x x86_64): glibc-2.4-31.115.2 glibc-devel-2.4-31.115.2 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): glibc-html-2.4-31.115.2 glibc-i18ndata-2.4-31.115.2 glibc-info-2.4-31.115.2 glibc-locale-2.4-31.115.2 glibc-profile-2.4-31.115.2 nscd-2.4-31.115.2 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): glibc-32bit-2.4-31.115.2 glibc-devel-32bit-2.4-31.115.2 glibc-locale-32bit-2.4-31.115.2 glibc-profile-32bit-2.4-31.115.2 References: http://support.novell.com/security/cve/CVE-2012-6656.html http://support.novell.com/security/cve/CVE-2013-4357.html http://support.novell.com/security/cve/CVE-2014-6040.html https://bugzilla.suse.com/show_bug.cgi?id=844309 https://bugzilla.suse.com/show_bug.cgi?id=882600 https://bugzilla.suse.com/show_bug.cgi?id=894553 https://bugzilla.suse.com/show_bug.cgi?id=894556 http://download.suse.com/patch/finder/?keywords=1ccbe69cba5cc8835258525263c85657 From sle-updates at lists.suse.com Wed Jan 28 23:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 07:04:53 +0100 (CET) Subject: SUSE-SU-2015:0171-1: important: Security update for Mozilla Firefox Message-ID: <20150129060453.7873132366@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0171-1 Rating: important References: #909563 #910647 #910669 Cross-References: CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes one version update. Description: Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list. For more information, please see https://www.mozilla.org/en-US/security/advisories/ Security Issues: * CVE-2014-1569 * CVE-2014-8634 * CVE-2014-8639 * CVE-2014-8641 * CVE-2014-8638 * CVE-2014-8636 * CVE-2014-8637 * CVE-2014-8640 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.17.3]: mozilla-nss-3.17.3-0.5.1 mozilla-nss-devel-3.17.3-0.5.1 mozilla-nss-tools-3.17.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.17.3]: mozilla-nss-32bit-3.17.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-31.4.0esr-0.5.1 MozillaFirefox-translations-31.4.0esr-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-1569.html http://support.novell.com/security/cve/CVE-2014-8634.html http://support.novell.com/security/cve/CVE-2014-8636.html http://support.novell.com/security/cve/CVE-2014-8637.html http://support.novell.com/security/cve/CVE-2014-8638.html http://support.novell.com/security/cve/CVE-2014-8639.html http://support.novell.com/security/cve/CVE-2014-8640.html http://support.novell.com/security/cve/CVE-2014-8641.html https://bugzilla.suse.com/show_bug.cgi?id=909563 https://bugzilla.suse.com/show_bug.cgi?id=910647 https://bugzilla.suse.com/show_bug.cgi?id=910669 http://download.suse.com/patch/finder/?keywords=b6b2353659cdca6dc3d8d5d591e00851 From sle-updates at lists.suse.com Wed Jan 28 23:05:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 07:05:28 +0100 (CET) Subject: SUSE-SU-2015:0172-1: moderate: Security update for OpenSSL Message-ID: <20150129060528.A35A732368@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0172-1 Rating: moderate References: #912014 #912015 #912018 #912293 #912294 #912296 Cross-References: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 1.7 for SLE 11 SP2 SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. (bsc#912294) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fixed various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. Although the OpenSSL library from SLES 10 is not affected by this problem, a fix has been applied to the sources. (bsc#912293) * CVE-2015-0206: A memory leak was fixed in dtls1_buffer_record. (bsc#912292) Security Issues: * CVE-2014-8275 * CVE-2014-3571 * CVE-2015-0204 * CVE-2014-3572 * CVE-2014-3570 * CVE-2015-0205 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libopenssl-devel-10149 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-libopenssl-devel-10149 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.68.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): libopenssl0_9_8-0.9.8j-0.68.1 libopenssl0_9_8-32bit-0.9.8j-0.68.1 libopenssl0_9_8-hmac-0.9.8j-0.68.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1 openssl-0.9.8j-0.68.1 openssl-doc-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.88.1 openssl-devel-0.9.8a-18.88.1 openssl-doc-0.9.8a-18.88.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.88.1 openssl-devel-32bit-0.9.8a-18.88.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296 http://download.suse.com/patch/finder/?keywords=165b8678d71d7e1062a75a8304140691 http://download.suse.com/patch/finder/?keywords=fa132e4f1eada61e2e68b052e1d2fb3d From sle-updates at lists.suse.com Wed Jan 28 23:06:33 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 07:06:33 +0100 (CET) Subject: SUSE-SU-2015:0173-1: important: Security update for Mozilla Firefox Message-ID: <20150129060633.A16F532368@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0173-1 Rating: important References: #906111 #909563 #910647 #910669 Cross-References: CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificates list. For more information, please refer to https://www.mozilla.org/en-US/security/advisories/ . Security Issues: * CVE-2014-1569 * CVE-2014-8634 * CVE-2014-8639 * CVE-2014-8641 * CVE-2014-8638 * CVE-2014-8636 * CVE-2014-8637 * CVE-2014-8640 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201501-10167 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201501-10168 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.17.3 and 31.4.0esr]: MozillaFirefox-31.4.0esr-0.3.1 MozillaFirefox-translations-31.4.0esr-0.3.1 libfreebl3-3.17.3-0.3.1 mozilla-nss-3.17.3-0.3.1 mozilla-nss-devel-3.17.3-0.3.1 mozilla-nss-tools-3.17.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.17.3]: libfreebl3-32bit-3.17.3-0.3.1 mozilla-nss-32bit-3.17.3-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 3.17.3 and 31.4.0esr]: MozillaFirefox-31.4.0esr-0.3.1 MozillaFirefox-translations-31.4.0esr-0.3.1 libfreebl3-3.17.3-0.3.1 mozilla-nss-3.17.3-0.3.1 mozilla-nss-tools-3.17.3-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.17.3]: libfreebl3-32bit-3.17.3-0.3.1 mozilla-nss-32bit-3.17.3-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-1569.html http://support.novell.com/security/cve/CVE-2014-8634.html http://support.novell.com/security/cve/CVE-2014-8636.html http://support.novell.com/security/cve/CVE-2014-8637.html http://support.novell.com/security/cve/CVE-2014-8638.html http://support.novell.com/security/cve/CVE-2014-8639.html http://support.novell.com/security/cve/CVE-2014-8640.html http://support.novell.com/security/cve/CVE-2014-8641.html https://bugzilla.suse.com/show_bug.cgi?id=906111 https://bugzilla.suse.com/show_bug.cgi?id=909563 https://bugzilla.suse.com/show_bug.cgi?id=910647 https://bugzilla.suse.com/show_bug.cgi?id=910669 http://download.suse.com/patch/finder/?keywords=962d0b7b7ca9d1110cf2d237780cdab1 http://download.suse.com/patch/finder/?keywords=f7933e6a871816421d62da119130434e From sle-updates at lists.suse.com Thu Jan 29 15:04:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jan 2015 23:04:47 +0100 (CET) Subject: SUSE-RU-2015:0175-1: Recommended update for rubygem-chef-server Message-ID: <20150129220447.06A6F3238B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0175-1 Rating: low References: #884552 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef-server provides the following fixes: * Added compaction for the chef views and view cleanup to the script. (bsc#884552) * Set reasonable permission rights for cronjob and init script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-rubygem-chef-server-10191 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): rubygem-chef-server-10.24.4-0.17.1 rubygem-chef-server-doc-10.24.4-0.17.1 References: https://bugzilla.suse.com/show_bug.cgi?id=884552 https://bugzilla.suse.com/show_bug.cgi?id=913692 http://download.suse.com/patch/finder/?keywords=b80cd9e5880a421b086224ee35f980d5 From sle-updates at lists.suse.com Fri Jan 30 03:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jan 2015 11:04:51 +0100 (CET) Subject: SUSE-SU-2015:0178-1: important: Security update for the Linux Kernel Message-ID: <20150130100451.7E6D73238B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0178-1 Rating: important References: #800255 #809493 #829110 #856659 #862374 #873252 #875220 #884407 #887108 #887597 #889192 #891086 #891277 #893428 #895387 #895814 #902232 #902346 #902349 #903279 #903640 #904053 #904177 #904659 #904969 #905087 #905100 #906027 #906140 #906545 #907069 #907325 #907536 #907593 #907714 #907818 #907969 #907970 #907971 #907973 #908057 #908163 #908198 #908803 #908825 #908904 #909077 #909092 #909095 #909829 #910249 #910697 #911181 #911325 #912129 #912278 #912281 #912290 #912514 #912705 #912946 #913233 #913387 #913466 Cross-References: CVE-2014-3687 CVE-2014-3690 CVE-2014-8559 CVE-2014-9420 CVE-2014-9585 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 59 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive various security and bugfixes. Following security bugs were fixed: - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#906545 911325). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remained the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that triggered an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The following non-security bugs were fixed: - ACPI idle: permit sparse C-state sub-state numbers (bnc#907969). - ALSA: hda - verify pin:converter connection on unsol event for HSW and VLV. - ALSA: hda - verify pin:cvt connection on preparing a stream for Intel HDMI codec. - ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec. - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH. - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP. - Btrfs: Disable patches.suse/Btrfs-fix-abnormal-long-waiting-in-fsync.patch (bnc#910697) because it needs to be revisited due partial msync behavior. - Btrfs: Fix misuse of chunk mutex (bnc#912514). - Btrfs: always clear a block group node when removing it from the tree (bnc#912514). - Btrfs: collect only the necessary ordered extents on ranged fsync (bnc#912946). - Btrfs: do not access non-existent key when csum tree is empty. - Btrfs: do not delay inode ref updates during log replay. - Btrfs: do not ignore log btree writeback errors (bnc#912946). - Btrfs: ensure btrfs_prev_leaf does not miss 1 item. - Btrfs: ensure deletion from pinned_chunks list is protected (bnc#908198). - Btrfs: ensure ordered extent errors are not missed on fsync (bnc#912946). - Btrfs: fix abnormal long waiting in fsync (VM/FS Micro-optimisations). - Btrfs: fix abnormal long waiting in fsync (bnc#912946). - Btrfs: fix crash caused by block group removal (bnc#912514). - Btrfs: fix freeing used extent after removing empty block group (bnc#912514). - Btrfs: fix freeing used extents after removing empty block group (bnc#912514). - Btrfs: fix fs corruption on transaction abort if device supports discard (bnc#908198). - Btrfs: fix fs mapping extent map leak (bnc#908198). - Btrfs: fix invalid block group rbtree access after bg is removed (bnc#912514). - Btrfs: fix memory leak after block remove + trimming (bnc#908198). - Btrfs: fix race between fs trimming and block group remove/allocation (bnc#908198). - Btrfs: fix race between writing free space cache and trimming (bnc#908198). - Btrfs: fix transaction leak during fsync call. - Btrfs: fix unprotected deletion from pending_chunks list (bnc#908198). - Btrfs: fix unprotected system chunk array insertion (bnc#912514). - Btrfs: free ulist in qgroup_shared_accounting() error path. - Btrfs: ioctl, do not re-lock extent range when not necessary. - Btrfs: make btrfs_abort_transaction consider existence of new block groups (bnc#908198). - Btrfs: make sure logged extents complete in the current transaction V3 (bnc#912946). - Btrfs: make sure we wait on logged extents when fsycning two subvols (bnc#912946). - Btrfs: make xattr replace operations atomic (bnc#913466). - Btrfs: remove empty block groups automatically (bnc#912514). - Btrfs: remove unused wait queue in struct extent_buffer. - Btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - Btrfs: use helpers for last_trans_log_full_commit instead of opencode (bnc#912946). - Drivers: hv: kvp,vss: Fast propagation of userspace communication failure. - Drivers: hv: util: Properly pack the data for file copy functionality. - Drivers: hv: util: make struct hv_do_fcopy match Hyper-V host messages. - Drivers: hv: vmbus: Fix a race condition when unregistering a device. - Drivers: hv: vss: Introduce timeout for communication with userspace. - Fixed warning on DP unplugging driver in intel_dp.c (bnc#907536). - Fixed warning on suspend in intel_display.c (bnc#907593). - KEYS: Fix stale key registration at error path (bnc#908163). - PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range() (bug#912281). - PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range() (bug#912281). - Refresh patches.xen/xen3-patch-3.9 (bsc#909829). - Remove filesize checks for sync I/O journal commit (bnc#800255). - SELinux: fix selinuxfs policy file on big endian systems (bsc#913233). - Tools: hv: vssdaemon: ignore the EBUSY on multiple freezing the same partition. - Tools: hv: vssdaemon: report freeze errors. - Tools: hv: vssdaemon: skip all filesystems mounted readonly. - Update Xen patches to 3.12.35. - Update s390x kabi files again (bnc#903279, LTC#118177) - benet: Use pci_enable_msix_range() instead of pci_enable_msix() (bug#912281). - bfa: check for terminated commands (bnc#906027). - cpuidle / menu: Return (-1) if there are no suitable states (cpuidle performance). - cpuidle / menu: move repeated correction factor check to init (cpuidle performance). - cpuidle: Do not substract exit latency from assumed sleep length (cpuidle performance). - cpuidle: Ensure menu coefficients stay within domain (cpuidle performance). - cpuidle: Move perf multiplier calculation out of the selection loop (cpuidle performance). - cpuidle: Use actual state latency in menu governor (cpuidle performance). - cpuidle: menu governor - remove unused macro STDDEV_THRESH (cpuidle performance). - cpuidle: menu: Call nr_iowait_cpu less times (cpuidle performance). - cpuidle: menu: Lookup CPU runqueues less (cpuidle performance). - cpuidle: menu: Use ktime_to_us instead of reinventing the wheel (cpuidle performance). - cpuidle: menu: Use shifts when calculating averages where possible (cpuidle performance). - cpuidle: rename expected_us to next_timer_us in menu governor (cpuidle performance). - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387). - crypto: kernel oops at insmod of the z90crypt device driver (bnc#908057, LTC#119591). - cxgb4: Add the MC1 registers to read in the interrupt handler (bsc#912290). - cxgb4: Allow T4/T5 firmware sizes up to 1MB (bsc#912290). - cxgb4: Fix FW flash logic using ethtool (bsc#912290). - cxgb4: Fix T5 adapter accessing T4 adapter registers (bsc#912290). - cxgb4: Fix for handling 1Gb/s SFP+ Transceiver Modules (bsc#912290). - cxgb4: Fix race condition in cleanup (bsc#912290). - cxgb4: Free completed tx skbs promptly (bsc#912290). - cxgb4: Not need to hold the adap_rcu_lock lock when read adap_rcu_list (bsc#912290). - cxgb4: Use FW interface to get BAR0 value (bsc#912290). - drm/i915: Do a dummy DPCD read before the actual read (bnc#907714). - drm: add MIPI DSI encoder and connector types (bnc#907971). - ext4: cache extent hole in extent status tree for ext4_da_map_blocks() (bnc#893428). - ext4: change LRU to round-robin in extent status tree shrinker (bnc#893428). - ext4: cleanup flag definitions for extent status tree (bnc#893428). - ext4: fix block reservation for bigalloc filesystems (bnc#893428). - ext4: improve extents status tree trace point (bnc#893428). - ext4: introduce aging to extent status tree (bnc#893428). - ext4: limit number of scanned extents in status tree shrinker (bnc#893428). - ext4: move handling of list of shrinkable inodes into extent status code (bnc#893428). - ext4: track extent status tree shrinker delay statictics (bnc#893428). - fix kABI after "x86: use custom dma_get_required_mask()". - fsnotify: next_i is freed during fsnotify_unmount_inodes (bnc#908904). - hv: hv_balloon: avoid memory leak on alloc_error of 2MB memory block. - hyperv: Add processing of MTU reduced by the host. - hyperv: Fix some variable name typos in send-buffer init/revoke. - hyperv: Fix the total_data_buflen in send path. - intel_idle: Add CPU model 54 (Atom N2000 series) (bnc#907969). - intel_idle: allow sparse sub-state numbering, for Bay Trail (bnc#907969). - intel_idle: support Bay Trail (bnc#907969). - intel_pstate: Add setting voltage value for baytrail P states (bnc#907973). - intel_pstate: Add support for Baytrail turbo P states (bnc#907973). - intel_pstate: Fix BYT frequency reporting (bnc#907973). - intel_pstate: Fix setting VID (bnc#907973). - intel_pstate: Set turbo VID for BayTrail (bnc#907973). - intel_pstate: Use LFM bus ratio as min ratio/P state (bnc#907973). - iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825). - ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() (IPC scalability). - isofs: Fix unchecked printing of ER records. - kABI: fix for move of d_rcu (bnc#903640 CVE-2014-8559). - kABI: protect ipv6.h include in drivers/net. - kABI: protect rmap include in mm/truncate.c. - kABI: protect struct iwl_trans. - kABI: protect struct pci_dev. - kABI: protect struct user_namespace. - kABI: protect user_namespace.h include in kernel/groups.c. - kABI: reintroduce generic_write_sync. - kABI: uninline of_property_count_string* functions. Omitted ppc64le kabi fix for 3.12.33. - kernel: kprobes instruction corruption (bnc#908057, LTC#119330). - kernel: reduce function tracer overhead (bnc#903279, LTC#118177). - kgr: allow to search various types of struct kgr_patch_fun. - kgr: be consistent when applying patches on loaded modules. - kgr: fix replace_all. - kgr: fix typo in error message. - kgr: fix unwinder and user addresses (bnc#908803). - kgr: handle IRQ context using global variable. - kgr: mark even more kthreads (bnc#905087 bnc#906140). - kgr: prevent recursive loops of stubs in ftrace. - kgr: set revert slow state for all reverted symbols when loading patched module. - kgr: unregister only the used ftrace ops when removing a patched module. - kprobes: introduce weak arch_check_ftrace_location() helper function (bnc#903279, LTC#118177). - kvm: Do not expose MONITOR cpuid as available (bnc#887597) - lpfc: Fix race on command completion (bnc#906027). - macvlan: allow setting LRO independently of lower device (bnc#829110 bnc#891277 bnc#904053). - mm, cma: drain single zone pcplists (VM Performance, bnc#904177). - mm, compaction: always update cached scanner positions (VM Performance, bnc#904177). - mm, compaction: defer each zone individually instead of preferred zone (VM Performance, bnc#904177). - mm, compaction: defer only on COMPACT_COMPLETE (VM Performance, bnc#904177). - mm, compaction: do not count compact_stall if all zones skipped compaction (VM Performance, bnc#904177). - mm, compaction: do not recheck suitable_migration_target under lock (VM Performance, bnc#904177). - mm, compaction: khugepaged should not give up due to need_resched() (VM Performance, bnc#904177). - mm, compaction: more focused lru and pcplists draining (VM Performance, bnc#904177). - mm, compaction: move pageblock checks up from isolate_migratepages_range() (VM Performance, bnc#904177). - mm, compaction: pass classzone_idx and alloc_flags to watermark checking (VM Performance, bnc#904177). - mm, compaction: pass gfp mask to compact_control (VM Cleanup, bnc#904177). - mm, compaction: periodically drop lock and restore IRQs in scanners (VM Performance, bnc#904177). - mm, compaction: prevent infinite loop in compact_zone (VM Functionality, bnc#904177). - mm, compaction: reduce zone checking frequency in the migration scanner (VM Performance, bnc#904177). - mm, compaction: remember position within pageblock in free pages scanner (VM Performance, bnc#904177). - mm, compaction: simplify deferred compaction (VM Performance, bnc#904177). - mm, compaction: skip buddy pages by their order in the migrate scanner (VM Performance, bnc#904177). - mm, compaction: skip rechecks when lock was already held (VM Performance, bnc#904177). - mm, memory_hotplug/failure: drain single zone pcplists (VM Performance, bnc#904177). - mm, page_isolation: drain single zone pcplists (VM Performance, bnc#904177). - mm, thp: avoid excessive compaction latency during fault (VM Performance, bnc#904177). - mm, thp: restructure thp avoidance of light synchronous migration (VM Performance, bnc#904177). - mm/compaction.c: avoid premature range skip in isolate_migratepages_range (VM Functionality, bnc#904177). - mm/compaction: skip the range until proper target pageblock is met (VM Performance, bnc#904177). - mm/vmscan.c: use DIV_ROUND_UP for calculation of zones balance_gap and correct comments (VM Cleanup, bnc#904177). - mm/vmscan: do not check compaction_ready on promoted zones (VM Cleanup, bnc#904177). - mm/vmscan: restore sc->gfp_mask after promoting it to __GFP_HIGHMEM (VM Cleanup, bnc#904177). - mm: Disable patches.suse/msync-fix-incorrect-fstart-calculation.patch (bnc#910697) because it needs to be revisited due partial msync behavior. - mm: Disabled patches.suse/mm-msync.c-sync-only-the-requested-range-in-msync.patch (bnc#910697) because it needs to be revisited due partial msync behavior. - mm: improve documentation of page_order (VM Cleanup, bnc#904177). - mm: introduce single zone pcplists drain (VM Performance, bnc#904177). - mm: memcontrol: remove hierarchy restrictions for swappiness and oom_control (VM Cleanup, bnc#904177). - mm: page_alloc: determine migratetype only once (VM Performance, bnc#904177). - mm: rename allocflags_to_migratetype for clarity (VM Cleanup, bnc#904177). - mm: unmapped page migration avoid unmap+remap overhead (MM performance). - mm: vmscan: clean up struct scan_control (VM Cleanup, bnc#904177). - mm: vmscan: move call to shrink_slab() to shrink_zones() (VM Cleanup, bnc#904177). - mm: vmscan: move swappiness out of scan_control (VM Cleanup, bnc#904177). - mm: vmscan: remove all_unreclaimable() (VM Cleanup, bnc#904177). - mm: vmscan: remove remains of kswapd-managed zone->all_unreclaimable (VM Cleanup, bnc#904177). - mm: vmscan: remove shrink_control arg from do_try_to_free_pages() (VM Cleanup, bnc#904177). - mm: vmscan: rework compaction-ready signaling in direct reclaim (VM Cleanup, bnc#904177). - msync: fix incorrect fstart calculation (VM/FS Micro-optimisations). - net, sunrpc: suppress allocation warning in rpc_malloc() (bnc#904659). - net: Find the nesting level of a given device by type (bnc#829110 bnc#891277 bnc#904053). - net: Hyper-V: Deletion of an unnecessary check before the function call "vfree". - net: generic dev_disable_lro() stacked device handling (bnc#829110 bnc#891277 bnc#904053). - nvme: Add missing hunk from backport (bnc#873252). - parport: parport_pc, do not remove parent devices early (bnc#856659). - patches.suse/supported-flag: fix mis-reported supported status (bnc#809493). - patches.xen/xen-privcmd-hcall-preemption: Fix EFLAGS.IF check. - powerpc/fadump: Fix endianess issues in firmware assisted dump handling (bsc#889192). - powerpc/pseries/hvcserver: Fix endian issue in hvcs_get_partner_info (bsc#912129). - powerpc/pseries: Make CPU hotplug path endian safe (bsc#907069). - powerpc: fix dlpar memory - pseries: Fix endian issues in cpu hot-removal (bsc#907069). - pseries: Fix endian issues in onlining cpu threads (bsc#907069). - rpm/constraints.in: Require 10GB disk space on POWER A debuginfo build currently requires about 8.5 GB on POWER. Also, require at least 8 CPUs, so that builds do not get accidentally scheduled on slow machines. - rpm/gitlog-fixups: Fix invalid address in two commits - s390/ftrace,kprobes: allow to patch first instruction (bnc#903279, LTC#118177). - s390/ftrace: add HAVE_DYNAMIC_FTRACE_WITH_REGS support (bnc#903279, LTC#118177). - s390/ftrace: add code replacement sanity checks (bnc#903279, LTC#118177). - s390/ftrace: enforce DYNAMIC_FTRACE if FUNCTION_TRACER is selected (bnc#903279, LTC#118177). - s390/ftrace: optimize function graph caller code (bnc#903279, LTC#118177). - s390/ftrace: optimize mcount code (bnc#903279, LTC#118177). - s390/ftrace: remove 31 bit ftrace support (bnc#903279, LTC#118177). - s390/ftrace: remove check of obsolete variable function_trace_stop (bnc#903279, LTC#118177). - s390/ftrace: revert mcount_adjust change (bnc#903279, LTC#118177). - s390/ftrace: simplify enabling/disabling of ftrace_graph_caller (bnc#903279, LTC#118177). - s390: pass march flag to assembly files as well (bnc#903279, LTC#118177). - sched/fair: cleanup: Remove useless assignment in select_task_rq_fair() (cpuidle performance). - scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags. - scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case. - scripts/tags.sh: include compat_sys_* symbols in the generated tags. - scsi: call device handler for failed TUR command (bnc#895814). - series.conf: remove orphan bnc comments - storvsc: ring buffer failures may result in I/O freeze. - supported.conf: mark tcm_qla2xxx as supported Has not been ported from SLES11 SP3 automatically. - tags.sh: Fixup regex definition for etags. - tcm_loop: Wrong I_T nexus association (bnc#907325). - tools: hv: ignore ENOBUFS and ENOMEM in the KVP daemon. - tools: hv: introduce -n/--no-daemon option. - udf: Check component length before reading it. - udf: Check path length when reading symlink. - udf: Verify i_size when loading inode. - udf: Verify symlink size before loading it. - vmscan: memcg: always use swappiness of the reclaimed memcg (VM Cleanup, bnc#904177). - x86, cpu: Detect more TLB configuration (TLB Performance). - x86-64/MCE: flip CPU and bank numbers in log message. - x86/UV: Fix conditional in gru_exit() (bsc#909095). - x86/early quirk: use gen6 stolen detection for VLV (bnc#907970). - x86/efi: Do not export efi runtime map in case old map (bsc#904969). - x86/mm: Add tracepoints for TLB flushes (TLB Performance). - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB Performance). - x86/uv: Update the UV3 TLB shootdown logic (bsc#909092). - x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show (bsc#911181). - x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181). - x86: fix step size adjustment during initial memory mapping (bsc#910249). - x86: use custom dma_get_required_mask(). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-48 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-48 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-48 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-48 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-48 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-48 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.36-38.1 kernel-default-debugsource-3.12.36-38.1 kernel-default-extra-3.12.36-38.1 kernel-default-extra-debuginfo-3.12.36-38.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.36-38.2 kernel-obs-build-debugsource-3.12.36-38.2 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.36-38.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.36-38.1 kernel-default-base-3.12.36-38.1 kernel-default-base-debuginfo-3.12.36-38.1 kernel-default-debuginfo-3.12.36-38.1 kernel-default-debugsource-3.12.36-38.1 kernel-default-devel-3.12.36-38.1 kernel-syms-3.12.36-38.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.36-38.1 kernel-xen-base-3.12.36-38.1 kernel-xen-base-debuginfo-3.12.36-38.1 kernel-xen-debuginfo-3.12.36-38.1 kernel-xen-debugsource-3.12.36-38.1 kernel-xen-devel-3.12.36-38.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.36-38.1 kernel-macros-3.12.36-38.1 kernel-source-3.12.36-38.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.36-38.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.36-38.1 kernel-ec2-debuginfo-3.12.36-38.1 kernel-ec2-debugsource-3.12.36-38.1 kernel-ec2-devel-3.12.36-38.1 kernel-ec2-extra-3.12.36-38.1 kernel-ec2-extra-debuginfo-3.12.36-38.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.36-38.1 kernel-default-debuginfo-3.12.36-38.1 kernel-default-debugsource-3.12.36-38.1 kernel-default-devel-3.12.36-38.1 kernel-default-extra-3.12.36-38.1 kernel-default-extra-debuginfo-3.12.36-38.1 kernel-syms-3.12.36-38.1 kernel-xen-3.12.36-38.1 kernel-xen-debuginfo-3.12.36-38.1 kernel-xen-debugsource-3.12.36-38.1 kernel-xen-devel-3.12.36-38.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.36-38.1 kernel-macros-3.12.36-38.1 kernel-source-3.12.36-38.1 - SUSE Linux Enterprise Build System Kit 12 (s390x): kernel-zfcpdump-3.12.36-38.1 kernel-zfcpdump-debuginfo-3.12.36-38.1 kernel-zfcpdump-debugsource-3.12.36-38.1 References: http://support.novell.com/security/cve/CVE-2014-3687.html http://support.novell.com/security/cve/CVE-2014-3690.html http://support.novell.com/security/cve/CVE-2014-8559.html http://support.novell.com/security/cve/CVE-2014-9420.html http://support.novell.com/security/cve/CVE-2014-9585.html https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=809493 https://bugzilla.suse.com/show_bug.cgi?id=829110 https://bugzilla.suse.com/show_bug.cgi?id=856659 https://bugzilla.suse.com/show_bug.cgi?id=862374 https://bugzilla.suse.com/show_bug.cgi?id=873252 https://bugzilla.suse.com/show_bug.cgi?id=875220 https://bugzilla.suse.com/show_bug.cgi?id=884407 https://bugzilla.suse.com/show_bug.cgi?id=887108 https://bugzilla.suse.com/show_bug.cgi?id=887597 https://bugzilla.suse.com/show_bug.cgi?id=889192 https://bugzilla.suse.com/show_bug.cgi?id=891086 https://bugzilla.suse.com/show_bug.cgi?id=891277 https://bugzilla.suse.com/show_bug.cgi?id=893428 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895814 https://bugzilla.suse.com/show_bug.cgi?id=902232 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903279 https://bugzilla.suse.com/show_bug.cgi?id=903640 https://bugzilla.suse.com/show_bug.cgi?id=904053 https://bugzilla.suse.com/show_bug.cgi?id=904177 https://bugzilla.suse.com/show_bug.cgi?id=904659 https://bugzilla.suse.com/show_bug.cgi?id=904969 https://bugzilla.suse.com/show_bug.cgi?id=905087 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=906027 https://bugzilla.suse.com/show_bug.cgi?id=906140 https://bugzilla.suse.com/show_bug.cgi?id=906545 https://bugzilla.suse.com/show_bug.cgi?id=907069 https://bugzilla.suse.com/show_bug.cgi?id=907325 https://bugzilla.suse.com/show_bug.cgi?id=907536 https://bugzilla.suse.com/show_bug.cgi?id=907593 https://bugzilla.suse.com/show_bug.cgi?id=907714 https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=907969 https://bugzilla.suse.com/show_bug.cgi?id=907970 https://bugzilla.suse.com/show_bug.cgi?id=907971 https://bugzilla.suse.com/show_bug.cgi?id=907973 https://bugzilla.suse.com/show_bug.cgi?id=908057 https://bugzilla.suse.com/show_bug.cgi?id=908163 https://bugzilla.suse.com/show_bug.cgi?id=908198 https://bugzilla.suse.com/show_bug.cgi?id=908803 https://bugzilla.suse.com/show_bug.cgi?id=908825 https://bugzilla.suse.com/show_bug.cgi?id=908904 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=909092 https://bugzilla.suse.com/show_bug.cgi?id=909095 https://bugzilla.suse.com/show_bug.cgi?id=909829 https://bugzilla.suse.com/show_bug.cgi?id=910249 https://bugzilla.suse.com/show_bug.cgi?id=910697 https://bugzilla.suse.com/show_bug.cgi?id=911181 https://bugzilla.suse.com/show_bug.cgi?id=911325 https://bugzilla.suse.com/show_bug.cgi?id=912129 https://bugzilla.suse.com/show_bug.cgi?id=912278 https://bugzilla.suse.com/show_bug.cgi?id=912281 https://bugzilla.suse.com/show_bug.cgi?id=912290 https://bugzilla.suse.com/show_bug.cgi?id=912514 https://bugzilla.suse.com/show_bug.cgi?id=912705 https://bugzilla.suse.com/show_bug.cgi?id=912946 https://bugzilla.suse.com/show_bug.cgi?id=913233 https://bugzilla.suse.com/show_bug.cgi?id=913387 https://bugzilla.suse.com/show_bug.cgi?id=913466 From sle-updates at lists.suse.com Fri Jan 30 17:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Jan 2015 01:04:53 +0100 (CET) Subject: SUSE-SU-2015:0179-1: moderate: Security update for curl Message-ID: <20150131000453.2C9F432361@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0179-1 Rating: moderate References: #870444 #884698 #885302 #894575 #897816 #901924 #911363 Cross-References: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Security Module 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 * CVE-2014-3613 * CVE-2014-3707 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-curl-201501-10166 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-curl-201501-10166 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-curl-201501-10166 - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-curl-201501-10166 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-curl-201501-10166 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.40.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): curl-7.19.7-1.40.1 libcurl4-7.19.7-1.40.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libcurl4-32bit-7.19.7-1.40.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.40.1 libcurl4-7.19.7-1.40.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.40.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libcurl4-x86-7.19.7-1.40.1 - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl4-openssl1-7.19.7-0.40.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-0.40.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libcurl4-openssl1-x86-7.19.7-0.40.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): curl-7.19.7-1.40.1 libcurl4-7.19.7-1.40.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libcurl4-32bit-7.19.7-1.40.1 References: http://support.novell.com/security/cve/CVE-2014-3613.html http://support.novell.com/security/cve/CVE-2014-3707.html http://support.novell.com/security/cve/CVE-2014-8150.html https://bugzilla.suse.com/show_bug.cgi?id=870444 https://bugzilla.suse.com/show_bug.cgi?id=884698 https://bugzilla.suse.com/show_bug.cgi?id=885302 https://bugzilla.suse.com/show_bug.cgi?id=894575 https://bugzilla.suse.com/show_bug.cgi?id=897816 https://bugzilla.suse.com/show_bug.cgi?id=901924 https://bugzilla.suse.com/show_bug.cgi?id=911363 http://download.suse.com/patch/finder/?keywords=058c7ca165aac16861c50a9159fc2d64 From sle-updates at lists.suse.com Fri Jan 30 17:09:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Jan 2015 01:09:20 +0100 (CET) Subject: SUSE-SU-2015:0180-1: important: Security update for Mozilla Firefox Message-ID: <20150131000920.9711832361@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0180-1 Rating: important References: #910647 #910669 #913064 #913066 #913067 #913068 #913102 #913103 #913104 Cross-References: CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. It includes two new package versions. Description: Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list. For more information, please see https://www.mozilla.org/en-US/security/advisories/ Security Issues: * CVE-2014-1569 * CVE-2014-8634 * CVE-2014-8639 * CVE-2014-8641 * CVE-2014-8638 * CVE-2014-8636 * CVE-2014-8637 * CVE-2014-8640 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201501-10225 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201501-10225 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201501-10225 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201501-10225 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.17.3]: MozillaFirefox-devel-31.4.0esr-0.8.7 mozilla-nss-devel-3.17.3-0.8.11 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.17.3 and 31.4.0esr]: MozillaFirefox-31.4.0esr-0.8.7 MozillaFirefox-translations-31.4.0esr-0.8.7 libfreebl3-3.17.3-0.8.11 libsoftokn3-3.17.3-0.8.11 mozilla-nss-3.17.3-0.8.11 mozilla-nss-tools-3.17.3-0.8.11 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.17.3]: libfreebl3-32bit-3.17.3-0.8.11 libsoftokn3-32bit-3.17.3-0.8.11 mozilla-nss-32bit-3.17.3-0.8.11 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.17.3 and 31.4.0esr]: MozillaFirefox-31.4.0esr-0.8.7 MozillaFirefox-translations-31.4.0esr-0.8.7 libfreebl3-3.17.3-0.8.11 libsoftokn3-3.17.3-0.8.11 mozilla-nss-3.17.3-0.8.11 mozilla-nss-tools-3.17.3-0.8.11 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.17.3]: libfreebl3-32bit-3.17.3-0.8.11 libsoftokn3-32bit-3.17.3-0.8.11 mozilla-nss-32bit-3.17.3-0.8.11 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.17.3]: libfreebl3-x86-3.17.3-0.8.11 libsoftokn3-x86-3.17.3-0.8.11 mozilla-nss-x86-3.17.3-0.8.11 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.17.3 and 31.4.0esr]: MozillaFirefox-31.4.0esr-0.8.7 MozillaFirefox-translations-31.4.0esr-0.8.7 libfreebl3-3.17.3-0.8.11 libsoftokn3-3.17.3-0.8.11 mozilla-nss-3.17.3-0.8.11 mozilla-nss-tools-3.17.3-0.8.11 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.17.3]: libfreebl3-32bit-3.17.3-0.8.11 libsoftokn3-32bit-3.17.3-0.8.11 mozilla-nss-32bit-3.17.3-0.8.11 References: http://support.novell.com/security/cve/CVE-2014-1569.html http://support.novell.com/security/cve/CVE-2014-8634.html http://support.novell.com/security/cve/CVE-2014-8636.html http://support.novell.com/security/cve/CVE-2014-8637.html http://support.novell.com/security/cve/CVE-2014-8638.html http://support.novell.com/security/cve/CVE-2014-8639.html http://support.novell.com/security/cve/CVE-2014-8640.html http://support.novell.com/security/cve/CVE-2014-8641.html https://bugzilla.suse.com/show_bug.cgi?id=910647 https://bugzilla.suse.com/show_bug.cgi?id=910669 https://bugzilla.suse.com/show_bug.cgi?id=913064 https://bugzilla.suse.com/show_bug.cgi?id=913066 https://bugzilla.suse.com/show_bug.cgi?id=913067 https://bugzilla.suse.com/show_bug.cgi?id=913068 https://bugzilla.suse.com/show_bug.cgi?id=913102 https://bugzilla.suse.com/show_bug.cgi?id=913103 https://bugzilla.suse.com/show_bug.cgi?id=913104 http://download.suse.com/patch/finder/?keywords=fb2c01e4f4df7d6aef0a039442ff3067 From sle-updates at lists.suse.com Fri Jan 30 19:05:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Jan 2015 03:05:47 +0100 (CET) Subject: SUSE-SU-2015:0172-2: moderate: Security update for OpenSSL Message-ID: <20150131020547.14AF732361@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0172-2 Rating: moderate References: #912014 #912015 #912018 #912293 #912294 #912296 Cross-References: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. (bsc#912294) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fix various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. (bsc#912293) Security Issues: * CVE-2014-8275 * CVE-2014-3571 * CVE-2015-0204 * CVE-2014-3572 * CVE-2014-3570 * CVE-2015-0205 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel-10150 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel-10150 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel-10150 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libopenssl-devel-10153 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libopenssl-devel-10152 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel-10150 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.68.1 libopenssl0_9_8-hmac-0.9.8j-0.68.1 openssl-0.9.8j-0.68.1 openssl-doc-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.68.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.68.1 libopenssl0_9_8-hmac-0.9.8j-0.68.1 openssl-0.9.8j-0.68.1 openssl-doc-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.68.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.68.1 libopenssl0_9_8-0.9.8j-0.68.1 libopenssl0_9_8-hmac-0.9.8j-0.68.1 openssl-0.9.8j-0.68.1 openssl-doc-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.68.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.68.1 libopenssl0_9_8-0.9.8j-0.68.1 libopenssl0_9_8-hmac-0.9.8j-0.68.1 openssl-0.9.8j-0.68.1 openssl-doc-0.9.8j-0.68.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.68.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.68.1 openssl-0.9.8j-0.68.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.68.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296 http://download.suse.com/patch/finder/?keywords=215a4ad1322885e63313cef2469eebee http://download.suse.com/patch/finder/?keywords=2b0cde543cb6d47a7199aabdb1cb1b7c http://download.suse.com/patch/finder/?keywords=496681322ababb917876fbafe894c0ba From sle-updates at lists.suse.com Fri Jan 30 22:05:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Jan 2015 06:05:54 +0100 (CET) Subject: SUSE-SU-2015:0181-1: moderate: Security update for OpenSSL1 Message-ID: <20150131050554.8F02432366@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0181-1 Rating: moderate References: #906878 #912014 #912015 #912018 #912292 #912293 #912294 #912296 Cross-References: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: OpenSSL 1.0 has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. (bsc#912294) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fixed various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. (bsc#912293) * CVE-2015-0206: A memory leak was fixed in dtls1_buffer_record. (bsc#912292) This update also contains a non-security bug fix: * The list of elliptic curves reported by TLS was adjusted to the ones available. (bsc#906878) Security Issues: * CVE-2014-8275 * CVE-2014-3571 * CVE-2015-0204 * CVE-2014-3572 * CVE-2014-3570 * CVE-2015-0205 * CVE-2015-0206 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel-10155 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.24.1 libopenssl1_0_0-1.0.1g-0.24.1 openssl1-1.0.1g-0.24.1 openssl1-doc-1.0.1g-0.24.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.24.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.24.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html http://support.novell.com/security/cve/CVE-2015-0206.html https://bugzilla.suse.com/show_bug.cgi?id=906878 https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912292 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296 http://download.suse.com/patch/finder/?keywords=a75914f6bae848adc9589f62208f4f12 From sle-updates at lists.suse.com Fri Jan 30 23:05:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Jan 2015 07:05:48 +0100 (CET) Subject: SUSE-SU-2015:0182-1: moderate: Security update for compat-openssl097g Message-ID: <20150131060548.DB13532366@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0182-1 Rating: moderate References: #912014 #912015 #912018 #912293 #912296 Cross-References: CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 SLES for SAP Applications ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: OpenSSL (compat-openssl097g) has been updated to fix various security issues. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fixed various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. Note that compat-openssl097g is not affected by this problem, a fix was however applied to the sources. (bsc#912293) Security Issues: * CVE-2014-3570 * CVE-2014-3572 * CVE-2014-8275 * CVE-2015-0204 * CVE-2015-0205 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-openssl097g-10208 - SLES for SAP Applications: zypper in -t patch slesappsp3-compat-openssl097g-10208 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): compat-openssl097g-0.9.7g-13.27.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): compat-openssl097g-32bit-0.9.7g-13.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.27.1 - SLES for SAP Applications (x86_64): compat-openssl097g-0.9.7g-146.22.27.1 compat-openssl097g-32bit-0.9.7g-146.22.27.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912296 http://download.suse.com/patch/finder/?keywords=8844db5d02df9a7c82d92c1036debbe3 http://download.suse.com/patch/finder/?keywords=9102dd3a513bf573f1617909b74c7d77