From sle-updates at lists.suse.com Mon Mar 2 12:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Mar 2015 20:04:52 +0100 (CET) Subject: SUSE-RU-2015:0409-1: Recommended update for f-spot Message-ID: <20150302190452.E25BF32336@maintenance.suse.de> SUSE Recommended Update: Recommended update for f-spot ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0409-1 Rating: low References: #807688 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This F-Spot update fixes exporting of images to Web Gallery and Picasa Web. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-f-spot=10169 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): f-spot-0.8.2-12.21.1 f-spot-extension-beagle-0.8.2-12.21.1 f-spot-lang-0.8.2-12.21.1 References: https://bugzilla.suse.com/807688 http://download.suse.com/patch/finder/?keywords=33fd46e515e19df9976b6e5548b2a2f3 From sle-updates at lists.suse.com Mon Mar 2 12:05:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Mar 2015 20:05:14 +0100 (CET) Subject: SUSE-RU-2015:0410-1: Recommended update for openstack-dashboard Message-ID: <20150302190514.4604C3238E@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-dashboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0410-1 Rating: low References: #891904 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for openstack-dashboard provides stability fixes from the upstream OpenStack project: * Also install static files from horizon (bnc#891904) * Removing Moscow's timezone check Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-dashboard=10186 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev18]: openstack-dashboard-2014.1.4.dev18-0.7.1 python-horizon-2014.1.4.dev18-0.7.1 References: https://bugzilla.suse.com/891904 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=a1d766ea6119b52dfdde8d9552439071 From sle-updates at lists.suse.com Mon Mar 2 14:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Mar 2015 22:04:54 +0100 (CET) Subject: SUSE-RU-2015:0411-1: moderate: Recommended update for libtcnative, tomcat Message-ID: <20150302210454.1BEAD32336@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtcnative, tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0411-1 Rating: moderate References: #914725 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: libtcnative has been updated to version 1.3.32 to satisfy Tomcat 7's requirements. This version also brings the following enhancements: - Support for TLSv1.1 and TLSv1.2 has been added. - Do not create RSA keys shorter than 1024 bits if system runs in FIPS mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-103=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-103=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x): libtcnative-1-0-debuginfo-1.1.32-6.1 libtcnative-1-0-debugsource-1.1.32-6.1 libtcnative-1-0-devel-1.1.32-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x): libtcnative-1-0-1.1.32-6.1 libtcnative-1-0-debuginfo-1.1.32-6.1 libtcnative-1-0-debugsource-1.1.32-6.1 - SUSE Linux Enterprise Server 12 (noarch): tomcat-7.0.55-5.3 tomcat-admin-webapps-7.0.55-5.3 tomcat-docs-webapp-7.0.55-5.3 tomcat-el-2_2-api-7.0.55-5.3 tomcat-javadoc-7.0.55-5.3 tomcat-jsp-2_2-api-7.0.55-5.3 tomcat-lib-7.0.55-5.3 tomcat-servlet-3_0-api-7.0.55-5.3 tomcat-webapps-7.0.55-5.3 References: https://bugzilla.suse.com/914725 From sle-updates at lists.suse.com Mon Mar 2 16:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Mar 2015 00:04:50 +0100 (CET) Subject: SUSE-RU-2015:0411-2: moderate: Recommended update for libtcnative, tomcat Message-ID: <20150302230450.9DBB832336@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtcnative, tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0411-2 Rating: moderate References: #914725 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: libtcnative has been updated to version 1.3.32 to satisfy Tomcat 7's requirements. This version also brings the following enhancements: - Support for TLSv1.1 and TLSv1.2 has been added. - Do not create RSA keys shorter than 1024 bits if system runs in FIPS mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-103=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): libtcnative-1-0-debuginfo-1.1.32-6.1 libtcnative-1-0-debugsource-1.1.32-6.1 libtcnative-1-0-devel-1.1.32-6.1 References: https://bugzilla.suse.com/914725 From sle-updates at lists.suse.com Mon Mar 2 17:05:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Mar 2015 01:05:07 +0100 (CET) Subject: SUSE-RU-2015:0411-3: moderate: Recommended update for libtcnative, tomcat Message-ID: <20150303000507.EB28C3200C@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtcnative, tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0411-3 Rating: moderate References: #914725 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: libtcnative has been updated to version 1.3.32 to satisfy Tomcat 7's requirements. This version also brings the following enhancements: - Support for TLSv1.1 and TLSv1.2 has been added. - Do not create RSA keys shorter than 1024 bits if system runs in FIPS mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-103=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): libtcnative-1-0-1.1.32-6.1 libtcnative-1-0-debuginfo-1.1.32-6.1 libtcnative-1-0-debugsource-1.1.32-6.1 - SUSE Linux Enterprise Server 12 (noarch): tomcat-7.0.55-5.3 tomcat-admin-webapps-7.0.55-5.3 tomcat-docs-webapp-7.0.55-5.3 tomcat-el-2_2-api-7.0.55-5.3 tomcat-javadoc-7.0.55-5.3 tomcat-jsp-2_2-api-7.0.55-5.3 tomcat-lib-7.0.55-5.3 tomcat-servlet-3_0-api-7.0.55-5.3 tomcat-webapps-7.0.55-5.3 References: https://bugzilla.suse.com/914725 From sle-updates at lists.suse.com Tue Mar 3 08:04:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Mar 2015 16:04:58 +0100 (CET) Subject: SUSE-SU-2015:0412-1: important: Security update for MozillaFirefox Message-ID: <20150303150458.B04A53238D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0412-1 Rating: important References: #917597 Cross-References: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: MozillaFirefox was updated to version 31.5.0 ESR to fix five security issues. These security issues were fixed: - CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). - CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597). - CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). - CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597). - CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-104=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-104=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-104=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-31.5.0esr-24.1 MozillaFirefox-debugsource-31.5.0esr-24.1 MozillaFirefox-devel-31.5.0esr-24.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-31.5.0esr-24.1 MozillaFirefox-debuginfo-31.5.0esr-24.1 MozillaFirefox-debugsource-31.5.0esr-24.1 MozillaFirefox-translations-31.5.0esr-24.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-31.5.0esr-24.1 MozillaFirefox-debuginfo-31.5.0esr-24.1 MozillaFirefox-debugsource-31.5.0esr-24.1 MozillaFirefox-translations-31.5.0esr-24.1 References: http://support.novell.com/security/cve/CVE-2015-0822.html http://support.novell.com/security/cve/CVE-2015-0827.html http://support.novell.com/security/cve/CVE-2015-0831.html http://support.novell.com/security/cve/CVE-2015-0835.html http://support.novell.com/security/cve/CVE-2015-0836.html https://bugzilla.suse.com/917597 From sle-updates at lists.suse.com Tue Mar 3 12:04:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Mar 2015 20:04:58 +0100 (CET) Subject: SUSE-RU-2015:0416-1: Recommended update for crowbar-barclamp-ceilometer and mongodb Message-ID: <20150303190458.2F17432196@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer and mongodb ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0416-1 Rating: low References: #738050 #907748 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-barclamp-ceilometer and mongodb provides stability fixes from the upstream OpenStack project: * crowbar-barclamp-ceilometer o Add time_to_live parameter into the barclamp o Repair database cronjob (bnc#907748) o Store the value of time to live in days, instead of seconds to make it more user friendly. o Put TTL settings before verbose setting in webui * mongodb o Remove void_return.patch. This patch avoid the deletion and repair of the database (bnc#738050) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-ceilometer-mongodb-0115=10194 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): mongodb-2.4.3-0.21.1 - SUSE Cloud 4 (noarch): crowbar-barclamp-ceilometer-1.8+git.1418890767.5605ddf-0.7.1 References: https://bugzilla.suse.com/738050 https://bugzilla.suse.com/907748 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=70c15dc809a4d453e8ca3dc731986e8b From sle-updates at lists.suse.com Tue Mar 3 17:05:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Mar 2015 01:05:02 +0100 (CET) Subject: SUSE-SU-2015:0417-1: moderate: Security update for vsftpd Message-ID: <20150304000502.8757C3200C@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0417-1 Rating: moderate References: #900326 #915522 Cross-References: CVE-2015-1419 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: vsftpd has been updated to fix one security issue: * CVE-2015-1419: Config option deny_file was not handled correctly (bnc#915522, bnc#900326) Security Issues: * CVE-2015-1419 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-vsftpd=10372 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vsftpd=10372 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): vsftpd-2.0.7-4.29.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): vsftpd-2.0.7-4.29.1 References: http://support.novell.com/security/cve/CVE-2015-1419.html https://bugzilla.suse.com/900326 https://bugzilla.suse.com/915522 http://download.suse.com/patch/finder/?keywords=41c39f75b8264ac9bf47602db91c1c91 From sle-updates at lists.suse.com Wed Mar 4 08:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Mar 2015 16:04:55 +0100 (CET) Subject: SUSE-SU-2015:0424-1: important: Security update for php5 Message-ID: <20150304150455.E5E7732369@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0424-1 Rating: important References: #917150 #918768 Cross-References: CVE-2014-9652 CVE-2015-0273 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: php5 was updated to fix two security issues. These security issues were fixed: - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150). - CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-105=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-105=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-15.1 php5-debugsource-5.5.14-15.1 php5-devel-5.5.14-15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-15.1 apache2-mod_php5-debuginfo-5.5.14-15.1 php5-5.5.14-15.1 php5-bcmath-5.5.14-15.1 php5-bcmath-debuginfo-5.5.14-15.1 php5-bz2-5.5.14-15.1 php5-bz2-debuginfo-5.5.14-15.1 php5-calendar-5.5.14-15.1 php5-calendar-debuginfo-5.5.14-15.1 php5-ctype-5.5.14-15.1 php5-ctype-debuginfo-5.5.14-15.1 php5-curl-5.5.14-15.1 php5-curl-debuginfo-5.5.14-15.1 php5-dba-5.5.14-15.1 php5-dba-debuginfo-5.5.14-15.1 php5-debuginfo-5.5.14-15.1 php5-debugsource-5.5.14-15.1 php5-dom-5.5.14-15.1 php5-dom-debuginfo-5.5.14-15.1 php5-enchant-5.5.14-15.1 php5-enchant-debuginfo-5.5.14-15.1 php5-exif-5.5.14-15.1 php5-exif-debuginfo-5.5.14-15.1 php5-fastcgi-5.5.14-15.1 php5-fastcgi-debuginfo-5.5.14-15.1 php5-fileinfo-5.5.14-15.1 php5-fileinfo-debuginfo-5.5.14-15.1 php5-fpm-5.5.14-15.1 php5-fpm-debuginfo-5.5.14-15.1 php5-ftp-5.5.14-15.1 php5-ftp-debuginfo-5.5.14-15.1 php5-gd-5.5.14-15.1 php5-gd-debuginfo-5.5.14-15.1 php5-gettext-5.5.14-15.1 php5-gettext-debuginfo-5.5.14-15.1 php5-gmp-5.5.14-15.1 php5-gmp-debuginfo-5.5.14-15.1 php5-iconv-5.5.14-15.1 php5-iconv-debuginfo-5.5.14-15.1 php5-intl-5.5.14-15.1 php5-intl-debuginfo-5.5.14-15.1 php5-json-5.5.14-15.1 php5-json-debuginfo-5.5.14-15.1 php5-ldap-5.5.14-15.1 php5-ldap-debuginfo-5.5.14-15.1 php5-mbstring-5.5.14-15.1 php5-mbstring-debuginfo-5.5.14-15.1 php5-mcrypt-5.5.14-15.1 php5-mcrypt-debuginfo-5.5.14-15.1 php5-mysql-5.5.14-15.1 php5-mysql-debuginfo-5.5.14-15.1 php5-odbc-5.5.14-15.1 php5-odbc-debuginfo-5.5.14-15.1 php5-openssl-5.5.14-15.1 php5-openssl-debuginfo-5.5.14-15.1 php5-pcntl-5.5.14-15.1 php5-pcntl-debuginfo-5.5.14-15.1 php5-pdo-5.5.14-15.1 php5-pdo-debuginfo-5.5.14-15.1 php5-pgsql-5.5.14-15.1 php5-pgsql-debuginfo-5.5.14-15.1 php5-pspell-5.5.14-15.1 php5-pspell-debuginfo-5.5.14-15.1 php5-shmop-5.5.14-15.1 php5-shmop-debuginfo-5.5.14-15.1 php5-snmp-5.5.14-15.1 php5-snmp-debuginfo-5.5.14-15.1 php5-soap-5.5.14-15.1 php5-soap-debuginfo-5.5.14-15.1 php5-sockets-5.5.14-15.1 php5-sockets-debuginfo-5.5.14-15.1 php5-sqlite-5.5.14-15.1 php5-sqlite-debuginfo-5.5.14-15.1 php5-suhosin-5.5.14-15.1 php5-suhosin-debuginfo-5.5.14-15.1 php5-sysvmsg-5.5.14-15.1 php5-sysvmsg-debuginfo-5.5.14-15.1 php5-sysvsem-5.5.14-15.1 php5-sysvsem-debuginfo-5.5.14-15.1 php5-sysvshm-5.5.14-15.1 php5-sysvshm-debuginfo-5.5.14-15.1 php5-tokenizer-5.5.14-15.1 php5-tokenizer-debuginfo-5.5.14-15.1 php5-wddx-5.5.14-15.1 php5-wddx-debuginfo-5.5.14-15.1 php5-xmlreader-5.5.14-15.1 php5-xmlreader-debuginfo-5.5.14-15.1 php5-xmlrpc-5.5.14-15.1 php5-xmlrpc-debuginfo-5.5.14-15.1 php5-xmlwriter-5.5.14-15.1 php5-xmlwriter-debuginfo-5.5.14-15.1 php5-xsl-5.5.14-15.1 php5-xsl-debuginfo-5.5.14-15.1 php5-zip-5.5.14-15.1 php5-zip-debuginfo-5.5.14-15.1 php5-zlib-5.5.14-15.1 php5-zlib-debuginfo-5.5.14-15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-15.1 References: http://support.novell.com/security/cve/CVE-2014-9652.html http://support.novell.com/security/cve/CVE-2015-0273.html https://bugzilla.suse.com/917150 https://bugzilla.suse.com/918768 From sle-updates at lists.suse.com Wed Mar 4 17:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 01:04:59 +0100 (CET) Subject: SUSE-SU-2015:0426-1: moderate: Security update for wireshark Message-ID: <20150305000459.7E47A3235C@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0426-1 Rating: moderate References: #912365 #912368 #912369 #912370 #912372 Cross-References: CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: wireshark has been updated to version 1.10.12 to fix six security issues: * CVE-2015-0559, CVE-2015-0560: The WCCP dissector could crash (bnc#912365) * CVE-2015-0561: The LPP dissector could crash (bnc#912368) * CVE-2015-0562: The DEC DNA Routing Protocol dissector could crash (bnc#912369) * CVE-2015-0563: The SMTP dissector could crash (bnc#912370) * CVE-2015-0564: Wireshark could crash while decypting TLS/SSL sessions (bnc#912372) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html Security Issues: * CVE-2015-0559 * CVE-2015-0560 * CVE-2015-0561 * CVE-2015-0562 * CVE-2015-0563 * CVE-2015-0564 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark=10279 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark=10279 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark=10279 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark=10279 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.10.12]: wireshark-devel-1.10.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.10.12]: wireshark-1.10.12-0.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.10.12]: wireshark-1.10.12-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.10.12]: wireshark-1.10.12-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.10.12]: wireshark-1.10.12-0.2.1 References: http://support.novell.com/security/cve/CVE-2015-0559.html http://support.novell.com/security/cve/CVE-2015-0560.html http://support.novell.com/security/cve/CVE-2015-0561.html http://support.novell.com/security/cve/CVE-2015-0562.html http://support.novell.com/security/cve/CVE-2015-0563.html http://support.novell.com/security/cve/CVE-2015-0564.html https://bugzilla.suse.com/912365 https://bugzilla.suse.com/912368 https://bugzilla.suse.com/912369 https://bugzilla.suse.com/912370 https://bugzilla.suse.com/912372 http://download.suse.com/patch/finder/?keywords=2dc28996fd34dffa07fcc0ab1f847693 From sle-updates at lists.suse.com Wed Mar 4 17:05:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 01:05:57 +0100 (CET) Subject: SUSE-SU-2015:0427-1: moderate: Security update for xorg-x11-Xvnc Message-ID: <20150305000557.4606832369@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-Xvnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0427-1 Rating: moderate References: #883051 #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: xorg-x11-server has been updated to fix one security issue: * CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) This non-security issue has been fixed: * Option '-showopts' now works with all drivers (bnc#883051) Security Issues: * CVE-2015-0255 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-Xvnc=10298 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-Xvnc=10298 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-Xvnc=10298 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-Xvnc=10298 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.103.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.103.1 xorg-x11-server-7.4-27.103.1 xorg-x11-server-extra-7.4-27.103.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.103.1 xorg-x11-server-7.4-27.103.1 xorg-x11-server-extra-7.4-27.103.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.103.1 xorg-x11-server-7.4-27.103.1 xorg-x11-server-extra-7.4-27.103.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/883051 https://bugzilla.suse.com/915810 http://download.suse.com/patch/finder/?keywords=a4c1e1aca4a9b4bcb04fc250cf330822 From sle-updates at lists.suse.com Thu Mar 5 03:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 11:04:57 +0100 (CET) Subject: SUSE-RU-2015:0430-1: Recommended update for parted Message-ID: <20150305100457.9E14A32357@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0430-1 Rating: low References: #833409 #847580 #904118 #912246 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for parted provides the following fixes: * Do not crash when reading corrupt GPT partition tables. (bsc#904118) * Tell the kernel to forget about any partitions on devices that have no recognizable partition table. (bsc#912246) * Make pc98 probe depend on signatures, preventing false-positive detection on MSDOS labeled disks. (bsc#833409) * Fix partition device names on MMC devices. (bsc#847580) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-parted=10266 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-parted=10266 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-parted=10266 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-parted=10266 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): parted-devel-2.3-10.40.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): parted-2.3-10.40.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): parted-32bit-2.3-10.40.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): parted-2.3-10.40.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): parted-32bit-2.3-10.40.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): parted-x86-2.3-10.40.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): parted-2.3-10.40.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): parted-32bit-2.3-10.40.2 References: https://bugzilla.suse.com/833409 https://bugzilla.suse.com/847580 https://bugzilla.suse.com/904118 https://bugzilla.suse.com/912246 http://download.suse.com/patch/finder/?keywords=fda9245247cc59f1f8e19f5de5e52064 From sle-updates at lists.suse.com Thu Mar 5 11:04:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 19:04:58 +0100 (CET) Subject: SUSE-SU-2015:0434-1: moderate: Security update for elfutils Message-ID: <20150305180458.73ACF32357@maintenance.suse.de> SUSE Security Update: Security update for elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0434-1 Rating: moderate References: #911662 Cross-References: CVE-2014-9447 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: elfutils has been updated to fix one security issue: * CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allowed remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (bnc#911662). Security Issues: * CVE-2014-9447 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-elfutils=10328 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-elfutils=10328 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-elfutils=10328 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-elfutils=10328 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libasm-devel-0.152-4.9.17 libdw-devel-0.152-4.9.17 libebl-devel-0.152-4.9.17 libelf-devel-0.152-4.9.17 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libelf1-32bit-0.152-4.9.17 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): elfutils-0.152-4.9.17 libasm1-0.152-4.9.17 libdw1-0.152-4.9.17 libebl1-0.152-4.9.17 libelf1-0.152-4.9.17 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libasm1-32bit-0.152-4.9.17 libdw1-32bit-0.152-4.9.17 libebl1-32bit-0.152-4.9.17 libelf1-32bit-0.152-4.9.17 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): elfutils-0.152-4.9.17 libasm1-0.152-4.9.17 libdw1-0.152-4.9.17 libebl1-0.152-4.9.17 libelf1-0.152-4.9.17 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libasm1-32bit-0.152-4.9.17 libdw1-32bit-0.152-4.9.17 libebl1-32bit-0.152-4.9.17 libelf1-32bit-0.152-4.9.17 - SUSE Linux Enterprise Server 11 SP3 (ia64): libdw1-x86-0.152-4.9.17 libebl1-x86-0.152-4.9.17 libelf1-x86-0.152-4.9.17 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): elfutils-0.152-4.9.17 libasm1-0.152-4.9.17 libdw1-0.152-4.9.17 libebl1-0.152-4.9.17 libelf1-0.152-4.9.17 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libdw1-32bit-0.152-4.9.17 libebl1-32bit-0.152-4.9.17 libelf1-32bit-0.152-4.9.17 References: http://support.novell.com/security/cve/CVE-2014-9447.html https://bugzilla.suse.com/911662 http://download.suse.com/patch/finder/?keywords=5917735137bccf43b36b187166bb4d3b From sle-updates at lists.suse.com Thu Mar 5 12:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 20:04:51 +0100 (CET) Subject: SUSE-RU-2015:0435-1: Recommended update for yast2-iscsi-client Message-ID: <20150305190451.6C4883235C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-iscsi-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0435-1 Rating: low References: #856494 #886796 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for yast2-iscsi-client provides the following fixes: * Don't change startup mode for already connected targets when using the 'Add' button on 'Connected Targets' tab. (bsc#886796) * Fix detection of persistent portal. (bsc#856494) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-iscsi-client=10210 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-iscsi-client=10210 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-iscsi-client=10210 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.17.38]: yast2-iscsi-client-2.17.38-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.17.38]: yast2-iscsi-client-2.17.38-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2.17.38]: yast2-iscsi-client-2.17.38-0.7.2 References: https://bugzilla.suse.com/856494 https://bugzilla.suse.com/886796 http://download.suse.com/patch/finder/?keywords=a708a1094621028e5f5693da53634db8 From sle-updates at lists.suse.com Thu Mar 5 13:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 21:04:55 +0100 (CET) Subject: SUSE-SU-2015:0436-1: important: Security update for PHP 5.3 Message-ID: <20150305200455.83A9C3235C@maintenance.suse.de> SUSE Security Update: Security update for PHP 5.3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0436-1 Rating: important References: #917150 #918768 Cross-References: CVE-2013-6501 CVE-2014-9652 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: php5 has been updated to fix two security issues: * CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150). * CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768). Security Issues: * CVE-2014-9652 * CVE-2013-6501 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53=10370 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53=10370 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53=10370 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.35.2 php53-imap-5.3.17-0.35.2 php53-posix-5.3.17-0.35.2 php53-readline-5.3.17-0.35.2 php53-sockets-5.3.17-0.35.2 php53-sqlite-5.3.17-0.35.2 php53-tidy-5.3.17-0.35.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.35.2 php53-5.3.17-0.35.2 php53-bcmath-5.3.17-0.35.2 php53-bz2-5.3.17-0.35.2 php53-calendar-5.3.17-0.35.2 php53-ctype-5.3.17-0.35.2 php53-curl-5.3.17-0.35.2 php53-dba-5.3.17-0.35.2 php53-dom-5.3.17-0.35.2 php53-exif-5.3.17-0.35.2 php53-fastcgi-5.3.17-0.35.2 php53-fileinfo-5.3.17-0.35.2 php53-ftp-5.3.17-0.35.2 php53-gd-5.3.17-0.35.2 php53-gettext-5.3.17-0.35.2 php53-gmp-5.3.17-0.35.2 php53-iconv-5.3.17-0.35.2 php53-intl-5.3.17-0.35.2 php53-json-5.3.17-0.35.2 php53-ldap-5.3.17-0.35.2 php53-mbstring-5.3.17-0.35.2 php53-mcrypt-5.3.17-0.35.2 php53-mysql-5.3.17-0.35.2 php53-odbc-5.3.17-0.35.2 php53-openssl-5.3.17-0.35.2 php53-pcntl-5.3.17-0.35.2 php53-pdo-5.3.17-0.35.2 php53-pear-5.3.17-0.35.2 php53-pgsql-5.3.17-0.35.2 php53-pspell-5.3.17-0.35.2 php53-shmop-5.3.17-0.35.2 php53-snmp-5.3.17-0.35.2 php53-soap-5.3.17-0.35.2 php53-suhosin-5.3.17-0.35.2 php53-sysvmsg-5.3.17-0.35.2 php53-sysvsem-5.3.17-0.35.2 php53-sysvshm-5.3.17-0.35.2 php53-tokenizer-5.3.17-0.35.2 php53-wddx-5.3.17-0.35.2 php53-xmlreader-5.3.17-0.35.2 php53-xmlrpc-5.3.17-0.35.2 php53-xmlwriter-5.3.17-0.35.2 php53-xsl-5.3.17-0.35.2 php53-zip-5.3.17-0.35.2 php53-zlib-5.3.17-0.35.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.35.2 php53-5.3.17-0.35.2 php53-bcmath-5.3.17-0.35.2 php53-bz2-5.3.17-0.35.2 php53-calendar-5.3.17-0.35.2 php53-ctype-5.3.17-0.35.2 php53-curl-5.3.17-0.35.2 php53-dba-5.3.17-0.35.2 php53-dom-5.3.17-0.35.2 php53-exif-5.3.17-0.35.2 php53-fastcgi-5.3.17-0.35.2 php53-fileinfo-5.3.17-0.35.2 php53-ftp-5.3.17-0.35.2 php53-gd-5.3.17-0.35.2 php53-gettext-5.3.17-0.35.2 php53-gmp-5.3.17-0.35.2 php53-iconv-5.3.17-0.35.2 php53-intl-5.3.17-0.35.2 php53-json-5.3.17-0.35.2 php53-ldap-5.3.17-0.35.2 php53-mbstring-5.3.17-0.35.2 php53-mcrypt-5.3.17-0.35.2 php53-mysql-5.3.17-0.35.2 php53-odbc-5.3.17-0.35.2 php53-openssl-5.3.17-0.35.2 php53-pcntl-5.3.17-0.35.2 php53-pdo-5.3.17-0.35.2 php53-pear-5.3.17-0.35.2 php53-pgsql-5.3.17-0.35.2 php53-pspell-5.3.17-0.35.2 php53-shmop-5.3.17-0.35.2 php53-snmp-5.3.17-0.35.2 php53-soap-5.3.17-0.35.2 php53-suhosin-5.3.17-0.35.2 php53-sysvmsg-5.3.17-0.35.2 php53-sysvsem-5.3.17-0.35.2 php53-sysvshm-5.3.17-0.35.2 php53-tokenizer-5.3.17-0.35.2 php53-wddx-5.3.17-0.35.2 php53-xmlreader-5.3.17-0.35.2 php53-xmlrpc-5.3.17-0.35.2 php53-xmlwriter-5.3.17-0.35.2 php53-xsl-5.3.17-0.35.2 php53-zip-5.3.17-0.35.2 php53-zlib-5.3.17-0.35.2 References: http://support.novell.com/security/cve/CVE-2013-6501.html http://support.novell.com/security/cve/CVE-2014-9652.html https://bugzilla.suse.com/917150 https://bugzilla.suse.com/918768 http://download.suse.com/patch/finder/?keywords=26ebf3f2d46bdad9d869dde174567236 From sle-updates at lists.suse.com Thu Mar 5 13:05:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Mar 2015 21:05:24 +0100 (CET) Subject: SUSE-RU-2015:0437-1: Recommended update for release-notes-suse-cloud Message-ID: <20150305200524.3E72232369@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0437-1 Rating: low References: #919436 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: The product release notes has been updated to inform users that the XML format for OpenStack APIs is now deprecated and unsupported. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-release-notes-suse-cloud=10375 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (noarch) [New Version: 5.0.4]: release-notes-suse-cloud-5.0.4-0.9.1 References: https://bugzilla.suse.com/919436 http://download.suse.com/patch/finder/?keywords=70615bf40b2ec49de43af5c8aa775907 From sle-updates at lists.suse.com Thu Mar 5 19:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Mar 2015 03:04:57 +0100 (CET) Subject: SUSE-SU-2015:0439-1: moderate: Security update for glibc Message-ID: <20150306020457.840F932361@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0439-1 Rating: moderate References: #904461 #906371 #915526 #916222 #917072 Cross-References: CVE-2013-7423 CVE-2014-7817 CVE-2014-9402 CVE-2015-1472 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: glibc has ben updated to fix three security issues: * CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371) * CVE-2013-7423: Fixed invalid file descriptor reuse while sending DNS query (bsc#915526) * CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222) These non-security issues have been fixed: * Remove inaccurate assembler implementations of ceill, floorl, nearbyintl, roundl, truncl for PowerPC64 (bsc#917072) * Don't return IPv4 addresses when looking for IPv6 addresses only (bsc#904461) Security Issues: * CVE-2015-1472 * CVE-2013-7423 * CVE-2014-7817 * CVE-2014-9402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc=10357 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc=10357 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc=10357 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc=10357 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.82.11 glibc-info-2.11.3-17.82.11 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.82.11 glibc-devel-2.11.3-17.82.11 glibc-html-2.11.3-17.82.11 glibc-i18ndata-2.11.3-17.82.11 glibc-info-2.11.3-17.82.11 glibc-locale-2.11.3-17.82.11 glibc-profile-2.11.3-17.82.11 nscd-2.11.3-17.82.11 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.82.11 glibc-devel-32bit-2.11.3-17.82.11 glibc-locale-32bit-2.11.3-17.82.11 glibc-profile-32bit-2.11.3-17.82.11 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.82.11 glibc-devel-2.11.3-17.82.11 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.82.11 glibc-i18ndata-2.11.3-17.82.11 glibc-info-2.11.3-17.82.11 glibc-locale-2.11.3-17.82.11 glibc-profile-2.11.3-17.82.11 nscd-2.11.3-17.82.11 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.82.11 glibc-devel-32bit-2.11.3-17.82.11 glibc-locale-32bit-2.11.3-17.82.11 glibc-profile-32bit-2.11.3-17.82.11 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.82.11 glibc-profile-x86-2.11.3-17.82.11 glibc-x86-2.11.3-17.82.11 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.82.11 glibc-devel-2.11.3-17.82.11 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.82.11 glibc-locale-2.11.3-17.82.11 nscd-2.11.3-17.82.11 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.82.11 glibc-devel-32bit-2.11.3-17.82.11 glibc-locale-32bit-2.11.3-17.82.11 References: http://support.novell.com/security/cve/CVE-2013-7423.html http://support.novell.com/security/cve/CVE-2014-7817.html http://support.novell.com/security/cve/CVE-2014-9402.html http://support.novell.com/security/cve/CVE-2015-1472.html https://bugzilla.suse.com/904461 https://bugzilla.suse.com/906371 https://bugzilla.suse.com/915526 https://bugzilla.suse.com/916222 https://bugzilla.suse.com/917072 http://download.suse.com/patch/finder/?keywords=9feb5a0e37ae9da1e66b11c4b95ba3da From sle-updates at lists.suse.com Fri Mar 6 06:04:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Mar 2015 14:04:58 +0100 (CET) Subject: SUSE-RU-2015:0442-1: Recommended update for duperemove Message-ID: <20150306130458.8CAA43236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for duperemove ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0442-1 Rating: low References: #915354 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for duperemove brings many enhancements: Performance is greatly improved: - Checksum calculations are done in parallel - Extent search algorithm is better optimized. Many bugs have been fixed: - Fix leak of directory file descriptor during file scan - Fix EMFILES (too many file descriptors) error during dedupe - Fix corner case with dedupe leaving a file open and not-queued for dedupe - Fix hardlink detection on btrfs. Usability improvements implemented: - Prints file number status during csum phase - Prints a status bar during extent seearch - The 'show-shared-extents' program was added to help users examine file state before or after dedupe - Hashes can now be read/written from a file - Support '-x' (one file system) option. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-107=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-107=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): duperemove-0.09-4.1 duperemove-debuginfo-0.09-4.1 duperemove-debugsource-0.09-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): duperemove-0.09-4.1 duperemove-debuginfo-0.09-4.1 duperemove-debugsource-0.09-4.1 References: https://bugzilla.suse.com/915354 From sle-updates at lists.suse.com Fri Mar 6 08:05:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Mar 2015 16:05:19 +0100 (CET) Subject: SUSE-OU-2015:0444-1: Optional update for libgsm1-32bit, p11-kit-32bit Message-ID: <20150306150519.B77173236F@maintenance.suse.de> SUSE Optional Update: Optional update for libgsm1-32bit, p11-kit-32bit ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0444-1 Rating: low References: #904890 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update delivers a 32bit versions of p11-kit and libgsm1. These libraries are required by some 3rd-party applications. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-108=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-108=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-108=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): p11-kit-0.20.3-4.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgsm1-32bit-1.0.13-27.1 libgsm1-debuginfo-32bit-1.0.13-27.1 p11-kit-32bit-0.20.3-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgsm1-32bit-1.0.13-27.1 libgsm1-debuginfo-32bit-1.0.13-27.1 p11-kit-0.20.3-4.1 p11-kit-32bit-0.20.3-4.1 References: https://bugzilla.suse.com/904890 From sle-updates at lists.suse.com Fri Mar 6 11:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Mar 2015 19:04:54 +0100 (CET) Subject: SUSE-OU-2015:0445-1: Optional update for openstack-keystone-doc, openstack-nova-doc, openstack-swift-doc Message-ID: <20150306180454.0C3D93236F@maintenance.suse.de> SUSE Optional Update: Optional update for openstack-keystone-doc, openstack-nova-doc, openstack-swift-doc ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0445-1 Rating: low References: #919465 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides documentation for three OpenStack components: * OpenStack Identity Service (Keystone) * OpenStack Compute (Nova) * OpenStack Storage (Swift) Indications: Any user can install these packages. Contraindications: Indications: Any user can install these packages. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-openstack-docs-201502=10376 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (noarch): openstack-keystone-doc-2014.2.3.dev10-0.9.1 openstack-nova-doc-2014.2.3.dev5-0.9.1 openstack-swift-doc-2.1.0-0.9.1 References: https://bugzilla.suse.com/919465 http://download.suse.com/patch/finder/?keywords=93657efc3b2ec337be897c8d92528a5c From sle-updates at lists.suse.com Fri Mar 6 16:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Mar 2015 00:04:55 +0100 (CET) Subject: SUSE-SU-2015:0446-1: important: Security update for Mozilla Firefox Message-ID: <20150306230455.571D232390@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0446-1 Rating: important References: #916196 #917100 #917300 #917597 Cross-References: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: MozillaFirefox has been updated to version 31.5.0 ESR to fix five security issues. These security issues have been fixed: * CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597). * CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597). * CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597). These non-security issues have been fixed: * Reverted desktop file name back to MozillaFirefox.desktop (bnc#916196, bnc#917100) * Obsolete subpackages of firefox-gcc47 from SLE11-SP1/2, that caused problems when upgrading to SLE11-SP3 (bnc#917300) Security Issues: * CVE-2015-0822 * CVE-2015-0827 * CVE-2015-0831 * CVE-2015-0836 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-MozillaFirefox=10373 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-MozillaFirefox=10373 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-MozillaFirefox=10373 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-MozillaFirefox=10373 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.5.0esr-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.7.1 MozillaFirefox-translations-31.5.0esr-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.7.1 MozillaFirefox-translations-31.5.0esr-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.7.1 MozillaFirefox-translations-31.5.0esr-0.7.1 References: http://support.novell.com/security/cve/CVE-2015-0822.html http://support.novell.com/security/cve/CVE-2015-0827.html http://support.novell.com/security/cve/CVE-2015-0831.html http://support.novell.com/security/cve/CVE-2015-0836.html https://bugzilla.suse.com/916196 https://bugzilla.suse.com/917100 https://bugzilla.suse.com/917300 https://bugzilla.suse.com/917597 http://download.suse.com/patch/finder/?keywords=5ed6e5e46ca21418d12fa2790eb8d6b2 From sle-updates at lists.suse.com Fri Mar 6 17:05:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Mar 2015 01:05:03 +0100 (CET) Subject: SUSE-SU-2015:0447-1: important: Security update for Mozilla Firefox Message-ID: <20150307000503.80DD432361@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0447-1 Rating: important References: #917597 Cross-References: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: MozillaFirefox has been updated to version 31.5.0 ESR to fix five security issues. These security issues have been fixed: * CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597). * CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597). * CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597). Security Issues: * CVE-2015-0822 * CVE-2015-0827 * CVE-2015-0831 * CVE-2015-0836 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-MozillaFirefox=10377 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-MozillaFirefox=10368 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.4.2.1 MozillaFirefox-translations-31.5.0esr-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.4.2.1 MozillaFirefox-translations-31.5.0esr-0.4.2.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-31.5.0esr-0.5.1 MozillaFirefox-translations-31.5.0esr-0.5.1 References: http://support.novell.com/security/cve/CVE-2015-0822.html http://support.novell.com/security/cve/CVE-2015-0827.html http://support.novell.com/security/cve/CVE-2015-0831.html http://support.novell.com/security/cve/CVE-2015-0836.html https://bugzilla.suse.com/917597 http://download.suse.com/patch/finder/?keywords=05f52c1e0f407db47eeda7f443c74a59 http://download.suse.com/patch/finder/?keywords=620f31f396ab13eab1f112060f474aba http://download.suse.com/patch/finder/?keywords=a337580683ba9ef729d391b0364a996a From sle-updates at lists.suse.com Mon Mar 9 06:05:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Mar 2015 13:05:00 +0100 (CET) Subject: SUSE-RU-2015:0452-1: moderate: Recommended update for iprutils Message-ID: <20150309120500.732873238F@maintenance.suse.de> SUSE Recommended Update: Recommended update for iprutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0452-1 Rating: moderate References: #908952 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iprutils fixes the following issue: - Physical location of enclosures and disks are not displayed when using iprconfig. (bsc#908952) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-109=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le x86_64): iprutils-2.4.1-11.1 iprutils-debuginfo-2.4.1-11.1 iprutils-debugsource-2.4.1-11.1 References: https://bugzilla.suse.com/908952 From sle-updates at lists.suse.com Tue Mar 10 08:05:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 15:05:40 +0100 (CET) Subject: SUSE-SU-2015:0455-1: moderate: Security update for freetype2 Message-ID: <20150310140540.ED24B2800C@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0455-1 Rating: moderate References: #916847 #916856 #916857 #916858 #916859 #916860 #916861 #916862 #916863 #916864 #916865 #916867 #916868 #916870 #916871 #916872 #916873 #916874 #916879 #916881 Cross-References: CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: freetype2 was updated to fix 20 security issues. These security issues were fixed: - CVE-2014-9663: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (bnc#916865). - CVE-2014-9662: cff/cf2ft.c in FreeType before 2.5.4 did not validate the return values of point-allocation functions, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (bnc#916860). - CVE-2014-9661: type42/t42parse.c in FreeType before 2.5.4 did not consider that scanning can be incomplete without triggering an error, which allowed remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (bnc#916859). - CVE-2014-9660: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 did not properly handle a missing ENDCHAR record, which allowed remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (bnc#916858). - CVE-2014-9667: sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allowed remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (bnc#916861). - CVE-2014-9666: The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allowed remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (bnc#916862). - CVE-2014-9665: The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 did not restrict the rows and pitch values of PNG data, which allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file (bnc#916863). - CVE-2014-9664: FreeType before 2.5.4 did not check for the end of the data during certain parsing actions, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (bnc#916864). - CVE-2014-9669: Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allowed remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (bnc#916870). - CVE-2014-9668: The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file (bnc#916868). - CVE-2014-9656: The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 did not properly check for an integer overflow, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (bnc#916847). - CVE-2014-9658: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (bnc#916857). - CVE-2014-9659: cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240 (bnc#916867). - CVE-2014-9674: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (bnc#916879). - CVE-2014-9675: bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allowed remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (bnc#916881). - CVE-2014-9657: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 did not establish a minimum record size, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (bnc#916856). - CVE-2014-9670: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allowed remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (bnc#916871). - CVE-2014-9671: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (bnc#916872). - CVE-2014-9672: Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allowed remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (bnc#916873). - CVE-2014-9673: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (bnc#916874). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-111=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-111=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-111=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): freetype2-debugsource-2.5.3-5.1 freetype2-devel-2.5.3-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): freetype2-debugsource-2.5.3-5.1 ft2demos-2.5.3-5.1 libfreetype6-2.5.3-5.1 libfreetype6-debuginfo-2.5.3-5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreetype6-32bit-2.5.3-5.1 libfreetype6-debuginfo-32bit-2.5.3-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): freetype2-debugsource-2.5.3-5.1 ft2demos-2.5.3-5.1 libfreetype6-2.5.3-5.1 libfreetype6-32bit-2.5.3-5.1 libfreetype6-debuginfo-2.5.3-5.1 libfreetype6-debuginfo-32bit-2.5.3-5.1 References: http://support.novell.com/security/cve/CVE-2014-2240.html http://support.novell.com/security/cve/CVE-2014-9656.html http://support.novell.com/security/cve/CVE-2014-9657.html http://support.novell.com/security/cve/CVE-2014-9658.html http://support.novell.com/security/cve/CVE-2014-9659.html http://support.novell.com/security/cve/CVE-2014-9660.html http://support.novell.com/security/cve/CVE-2014-9661.html http://support.novell.com/security/cve/CVE-2014-9662.html http://support.novell.com/security/cve/CVE-2014-9663.html http://support.novell.com/security/cve/CVE-2014-9664.html http://support.novell.com/security/cve/CVE-2014-9665.html http://support.novell.com/security/cve/CVE-2014-9666.html http://support.novell.com/security/cve/CVE-2014-9667.html http://support.novell.com/security/cve/CVE-2014-9668.html http://support.novell.com/security/cve/CVE-2014-9669.html http://support.novell.com/security/cve/CVE-2014-9670.html http://support.novell.com/security/cve/CVE-2014-9671.html http://support.novell.com/security/cve/CVE-2014-9672.html http://support.novell.com/security/cve/CVE-2014-9673.html http://support.novell.com/security/cve/CVE-2014-9674.html http://support.novell.com/security/cve/CVE-2014-9675.html https://bugzilla.suse.com/916847 https://bugzilla.suse.com/916856 https://bugzilla.suse.com/916857 https://bugzilla.suse.com/916858 https://bugzilla.suse.com/916859 https://bugzilla.suse.com/916860 https://bugzilla.suse.com/916861 https://bugzilla.suse.com/916862 https://bugzilla.suse.com/916863 https://bugzilla.suse.com/916864 https://bugzilla.suse.com/916865 https://bugzilla.suse.com/916867 https://bugzilla.suse.com/916868 https://bugzilla.suse.com/916870 https://bugzilla.suse.com/916871 https://bugzilla.suse.com/916872 https://bugzilla.suse.com/916873 https://bugzilla.suse.com/916874 https://bugzilla.suse.com/916879 https://bugzilla.suse.com/916881 From sle-updates at lists.suse.com Tue Mar 10 08:09:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 15:09:20 +0100 (CET) Subject: SUSE-RU-2015:0456-1: Recommended update for yast2-packager Message-ID: <20150310140920.BE6442800C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0456-1 Rating: low References: #899482 #909399 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-packager fixes a crash when using custom licenses in the firstboot workflow. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-114=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-114=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-114=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): yast2-packager-devel-doc-3.1.52-6.11 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): yast2-packager-3.1.52-6.11 - SUSE Linux Enterprise Desktop 12 (x86_64): yast2-packager-3.1.52-6.11 References: https://bugzilla.suse.com/899482 https://bugzilla.suse.com/909399 From sle-updates at lists.suse.com Tue Mar 10 08:09:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 15:09:54 +0100 (CET) Subject: SUSE-SU-2015:0457-1: moderate: Security update for dbus-1 Message-ID: <20150310140954.068A02800C@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0457-1 Rating: moderate References: #916343 #916785 Cross-References: CVE-2015-0245 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: dbus-1 was updated to version 1.8.16 to fix one security issue. This update fixes the following security issue: - CVE-2015-0245: Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of service (bnc#916343). These additional security hardenings are included: - Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment. - Do not allow calls to UpdateActivationEnvironment or the Stats interface on object paths other than /org/freedesktop/DBus. Some system services install unsafe security policy rules that allow arbitrary method calls to any destination, method and interface with a specified object path. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-112=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-112=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-112=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dbus-1-debugsource-1.8.16-14.1 dbus-1-devel-1.8.16-14.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): dbus-1-devel-doc-1.8.16-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dbus-1-1.8.16-14.1 dbus-1-debuginfo-1.8.16-14.1 dbus-1-debugsource-1.8.16-14.1 dbus-1-x11-1.8.16-14.1 dbus-1-x11-debuginfo-1.8.16-14.1 dbus-1-x11-debugsource-1.8.16-14.1 libdbus-1-3-1.8.16-14.1 libdbus-1-3-debuginfo-1.8.16-14.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdbus-1-3-32bit-1.8.16-14.1 libdbus-1-3-debuginfo-32bit-1.8.16-14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dbus-1-1.8.16-14.1 dbus-1-debuginfo-1.8.16-14.1 dbus-1-debugsource-1.8.16-14.1 dbus-1-x11-1.8.16-14.1 dbus-1-x11-debuginfo-1.8.16-14.1 dbus-1-x11-debugsource-1.8.16-14.1 libdbus-1-3-1.8.16-14.1 libdbus-1-3-32bit-1.8.16-14.1 libdbus-1-3-debuginfo-1.8.16-14.1 libdbus-1-3-debuginfo-32bit-1.8.16-14.1 References: http://support.novell.com/security/cve/CVE-2015-0245.html https://bugzilla.suse.com/916343 https://bugzilla.suse.com/916785 From sle-updates at lists.suse.com Tue Mar 10 08:10:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 15:10:27 +0100 (CET) Subject: SUSE-SU-2015:0458-1: moderate: Security update for icu Message-ID: <20150310141027.6FBF92800C@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0458-1 Rating: moderate References: #917129 Cross-References: CVE-2014-9654 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bnc#917129). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-110=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-110=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-110=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-110=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): icu-52.1-7.1 icu-debuginfo-52.1-7.1 icu-debugsource-52.1-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): icu-debuginfo-52.1-7.1 icu-debugsource-52.1-7.1 libicu-devel-52.1-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): icu-debuginfo-52.1-7.1 icu-debugsource-52.1-7.1 libicu-doc-52.1-7.1 libicu52_1-52.1-7.1 libicu52_1-data-52.1-7.1 libicu52_1-debuginfo-52.1-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libicu52_1-32bit-52.1-7.1 libicu52_1-debuginfo-32bit-52.1-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): icu-52.1-7.1 icu-debuginfo-52.1-7.1 icu-debugsource-52.1-7.1 libicu52_1-32bit-52.1-7.1 libicu52_1-52.1-7.1 libicu52_1-data-52.1-7.1 libicu52_1-debuginfo-32bit-52.1-7.1 libicu52_1-debuginfo-52.1-7.1 References: http://support.novell.com/security/cve/CVE-2014-9654.html https://bugzilla.suse.com/917129 From sle-updates at lists.suse.com Tue Mar 10 08:10:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 15:10:48 +0100 (CET) Subject: SUSE-RU-2015:0459-1: moderate: Recommended update for lttng-modules Message-ID: <20150310141048.5EF7D2800C@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0459-1 Rating: moderate References: #916842 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The LTTNG kernel modules were rebuilt to meet KVM specific kABI changes. (bsc#916842) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-113=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): lttng-modules-2.4.1-15.1 lttng-modules-debugsource-2.4.1-15.1 lttng-modules-kmp-default-2.4.1_k3.12.36_38-15.1 lttng-modules-kmp-default-debuginfo-2.4.1_k3.12.36_38-15.1 References: https://bugzilla.suse.com/916842 From sle-updates at lists.suse.com Tue Mar 10 11:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 18:04:52 +0100 (CET) Subject: SUSE-RU-2015:0460-1: moderate: Recommended update for docker Message-ID: <20150310170452.6983C32269@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0460-1 Rating: moderate References: #917647 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Docker was updated to 1.5.0 (2015-02-10) [bnc#917647] bringing new features and bugfixes: * Builder: - Dockerfile to use for a given `docker build` can be specified with the `-f` flag - Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache - ADD and COPY instructions accept relative paths - Dockerfile `FROM scratch` instruction is now interpreted as a no-base specifier - Improve performance when exposing a large number of ports * Hack: - Allow client-side only integration tests for Windows - Include docker-py integration tests against Docker daemon as part of our test suites * Packaging: - Support for the new version of the registry HTTP API - Speed up `docker push` for images with a majority of already existing layers - Fixed contacting a private registry through a proxy * Remote API: - A new endpoint will stream live container resource metrics and can be accessed with the `docker stats` command - Containers can be renamed using the new `rename` endpoint and the associated `docker rename` command - Container `inspect` endpoint show the ID of `exec` commands running in this container - Container `inspect` endpoint show the number of times Docker auto-restarted the container - New types of event can be streamed by the `events` endpoint: ???OOM??? (container died with out of memory), ???exec_create???, and ???exec_start' - Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes * Runtime: - Docker daemon has full IPv6 support - The `docker run` command can take the `--pid=host` flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools - The `docker run` command can take the `--read-only` flag to make the container???s root filesystem mounted as readonly, which can be used in combination with volumes to force a container???s processes to only write to locations that will be persisted - Container total memory usage can be limited for `docker run` using the `???memory-swap` flag - Major stability improvements for devicemapper storage driver - Better integration with host system: containers will reflect changes to the host's `/etc/resolv.conf` file when restarted - Better integration with host system: per-container iptable rules are moved to the DOCKER chain - Fixed container exiting on out of memory to return an invalid exit code * Other: - The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are properly taken into account by the client when connecting to the Docker daemon Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-115=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): docker-1.5.0-20.1 docker-debuginfo-1.5.0-20.1 docker-debugsource-1.5.0-20.1 References: https://bugzilla.suse.com/917647 From sle-updates at lists.suse.com Tue Mar 10 13:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Mar 2015 20:04:54 +0100 (CET) Subject: SUSE-RU-2015:0461-1: Recommended update for autoconf Message-ID: <20150310190454.77E343236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0461-1 Rating: low References: #857251 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Autoconf has been updated to filter out compiler options that could have lead to errors with some Fortran compilers. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-autoconf=10227 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-autoconf=10227 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-autoconf=10227 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): autoconf-2.63-1.160.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): autoconf-2.63-1.160.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): autoconf-2.63-1.160.2 References: https://bugzilla.suse.com/857251 http://download.suse.com/patch/finder/?keywords=c6e992d63d0710b0a6e3be715d602dd7 From sle-updates at lists.suse.com Tue Mar 10 17:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 00:04:56 +0100 (CET) Subject: SUSE-RU-2015:0462-1: Recommended update for crowbar-barclamp-nova_dashboard Message-ID: <20150310230456.5901A320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova_dashboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0462-1 Rating: low References: #907044 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-nova_dashboard provides stability fixes from the upstream OpenStack project: * Fix redirection from non-ssl to ssl when using HA (bnc#907044) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-nova_dashboard=10179 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-nova_dashboard-1.8+git.1417530705.39a3690-0.7.3 References: https://bugzilla.suse.com/907044 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=717bc009d2c3ecf5ffed424f5f5ba641 From sle-updates at lists.suse.com Tue Mar 10 19:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 02:04:55 +0100 (CET) Subject: SUSE-SU-2015:0463-1: moderate: Security update for freetype2 Message-ID: <20150311010455.6D828320B1@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0463-1 Rating: moderate References: #916856 #916857 #916858 #916859 #916861 #916863 #916864 #916865 #916870 #916871 #916872 #916873 #916874 #916879 #916881 Cross-References: CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: The font rendering library freetype2 has been updated to fix various security issues. Security Issues: * CVE-2014-9656 * CVE-2014-9657 * CVE-2014-9658 * CVE-2014-9660 * CVE-2014-9661 * CVE-2014-9662 * CVE-2014-9667 * CVE-2014-9666 * CVE-2014-9665 * CVE-2014-9664 * CVE-2014-9663 * CVE-2014-9659 * CVE-2014-9668 * CVE-2014-9669 * CVE-2014-9670 * CVE-2014-9671 * CVE-2014-9672 * CVE-2014-9673 * CVE-2014-9674 * CVE-2014-9675 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-freetype2-201503=10386 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-freetype2-201503=10386 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-freetype2-201503=10386 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-freetype2-201503=10386 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): freetype2-devel-2.3.7-25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): freetype2-devel-32bit-2.3.7-25.34.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): freetype2-2.3.7-25.34.1 ft2demos-2.3.7-25.34.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): freetype2-32bit-2.3.7-25.34.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): freetype2-2.3.7-25.34.1 ft2demos-2.3.7-25.34.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): freetype2-32bit-2.3.7-25.34.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): freetype2-x86-2.3.7-25.34.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): freetype2-2.3.7-25.34.1 ft2demos-2.3.7-25.34.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): freetype2-32bit-2.3.7-25.34.1 References: http://support.novell.com/security/cve/CVE-2014-9656.html http://support.novell.com/security/cve/CVE-2014-9657.html http://support.novell.com/security/cve/CVE-2014-9658.html http://support.novell.com/security/cve/CVE-2014-9659.html http://support.novell.com/security/cve/CVE-2014-9660.html http://support.novell.com/security/cve/CVE-2014-9661.html http://support.novell.com/security/cve/CVE-2014-9662.html http://support.novell.com/security/cve/CVE-2014-9663.html http://support.novell.com/security/cve/CVE-2014-9664.html http://support.novell.com/security/cve/CVE-2014-9665.html http://support.novell.com/security/cve/CVE-2014-9666.html http://support.novell.com/security/cve/CVE-2014-9667.html http://support.novell.com/security/cve/CVE-2014-9668.html http://support.novell.com/security/cve/CVE-2014-9669.html http://support.novell.com/security/cve/CVE-2014-9670.html http://support.novell.com/security/cve/CVE-2014-9671.html http://support.novell.com/security/cve/CVE-2014-9672.html http://support.novell.com/security/cve/CVE-2014-9673.html http://support.novell.com/security/cve/CVE-2014-9674.html http://support.novell.com/security/cve/CVE-2014-9675.html https://bugzilla.suse.com/916856 https://bugzilla.suse.com/916857 https://bugzilla.suse.com/916858 https://bugzilla.suse.com/916859 https://bugzilla.suse.com/916861 https://bugzilla.suse.com/916863 https://bugzilla.suse.com/916864 https://bugzilla.suse.com/916865 https://bugzilla.suse.com/916870 https://bugzilla.suse.com/916871 https://bugzilla.suse.com/916872 https://bugzilla.suse.com/916873 https://bugzilla.suse.com/916874 https://bugzilla.suse.com/916879 https://bugzilla.suse.com/916881 http://download.suse.com/patch/finder/?keywords=8ff7d5aec940c311b66cdebb04cb66ea From sle-updates at lists.suse.com Tue Mar 10 21:05:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 04:05:42 +0100 (CET) Subject: SUSE-RU-2015:0464-1: Recommended update for open-iscsi Message-ID: <20150311030542.8F4CD320B1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0464-1 Rating: low References: #885566 #901441 #913255 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-iscsi provides the following fixes: * Speed up session search by sorting current session to top of list. (bsc#901441) * Allow support of multiple boot devices. (bsc#885566) * Fix backwards check for 'rcopen-iscsi status'. (bsc#913255) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-open-iscsi=10219 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-open-iscsi=10219 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-open-iscsi=10219 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): open-iscsi-2.0.873-0.26.27.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): open-iscsi-2.0.873-0.26.27.3 - SUSE Linux Enterprise Server 11 SP3 (ia64): open-iscsi-2.0.873-0.26.27.6 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): open-iscsi-2.0.873-0.26.27.3 References: https://bugzilla.suse.com/885566 https://bugzilla.suse.com/901441 https://bugzilla.suse.com/913255 http://download.suse.com/patch/finder/?keywords=af9dcbedc33772085d009dbf3de9bf75 From sle-updates at lists.suse.com Wed Mar 11 04:05:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 11:05:08 +0100 (CET) Subject: SUSE-SU-2015:0465-1: moderate: Security update for cups, cups154 Message-ID: <20150311100508.67ED2321A5@maintenance.suse.de> SUSE Security Update: Security update for cups, cups154 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0465-1 Rating: moderate References: #917799 Cross-References: CVE-2014-9679 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: cups, cups154 was updated to fix one security issue. This security issue was fixed: - CVE-2014-9679: A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels (bnc#917799). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-116=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-116=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-116=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-116=1 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-116=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): cups-debuginfo-1.7.5-5.1 cups-debugsource-1.7.5-5.1 cups-devel-1.7.5-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cups-1.7.5-5.1 cups-client-1.7.5-5.1 cups-client-debuginfo-1.7.5-5.1 cups-debuginfo-1.7.5-5.1 cups-debugsource-1.7.5-5.1 cups-libs-1.7.5-5.1 cups-libs-debuginfo-1.7.5-5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): cups-libs-32bit-1.7.5-5.1 cups-libs-debuginfo-32bit-1.7.5-5.1 - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): cups154-1.5.4-5.1 cups154-client-1.5.4-5.1 cups154-client-debuginfo-1.5.4-5.1 cups154-debuginfo-1.5.4-5.1 cups154-debugsource-1.5.4-5.1 cups154-filters-1.5.4-5.1 cups154-filters-debuginfo-1.5.4-5.1 cups154-libs-1.5.4-5.1 cups154-libs-debuginfo-1.5.4-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cups-1.7.5-5.1 cups-client-1.7.5-5.1 cups-client-debuginfo-1.7.5-5.1 cups-debuginfo-1.7.5-5.1 cups-debugsource-1.7.5-5.1 cups-libs-1.7.5-5.1 cups-libs-32bit-1.7.5-5.1 cups-libs-debuginfo-1.7.5-5.1 cups-libs-debuginfo-32bit-1.7.5-5.1 - SUSE Linux Enterprise Build System Kit 12 (s390x x86_64): cups-ddk-1.7.5-5.1 cups-ddk-debuginfo-1.7.5-5.1 cups-debuginfo-1.7.5-5.1 cups-debugsource-1.7.5-5.1 References: http://support.novell.com/security/cve/CVE-2014-9679.html https://bugzilla.suse.com/917799 From sle-updates at lists.suse.com Wed Mar 11 05:06:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 12:06:21 +0100 (CET) Subject: SUSE-SU-2015:0465-2: moderate: Security update for cups, cups154 Message-ID: <20150311110621.A8A4A3236F@maintenance.suse.de> SUSE Security Update: Security update for cups, cups154 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0465-2 Rating: moderate References: #917799 Cross-References: CVE-2014-9679 Affected Products: SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: cups, cups154 was updated to fix one security issue. This security issue was fixed: - CVE-2014-9679: A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels (bnc#917799). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-116=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Build System Kit 12 (ppc64le): cups-ddk-1.7.5-5.1 cups-ddk-debuginfo-1.7.5-5.1 cups-debuginfo-1.7.5-5.1 cups-debugsource-1.7.5-5.1 References: http://support.novell.com/security/cve/CVE-2014-9679.html https://bugzilla.suse.com/917799 From sle-updates at lists.suse.com Wed Mar 11 09:05:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 16:05:28 +0100 (CET) Subject: SUSE-OU-2015:0477-1: Optional update for boost Message-ID: <20150311150528.512A0320B1@maintenance.suse.de> SUSE Optional Update: Optional update for boost ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0477-1 Rating: low References: #918723 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This updated adds two Boost libraries to SUSE Linux Enterprise Server 12 (libboost_date_time and libboost_iostreams) and one to SUSE Linux Enterprise Desktop (libboost_atomic). Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-117=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-117=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-117=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-117=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libboost_date_time1_54_0-1.54.0-13.1 libboost_date_time1_54_0-debuginfo-1.54.0-13.1 libboost_iostreams1_54_0-1.54.0-13.1 libboost_iostreams1_54_0-debuginfo-1.54.0-13.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libboost_date_time1_54_0-1.54.0-13.1 libboost_date_time1_54_0-debuginfo-1.54.0-13.1 libboost_iostreams1_54_0-1.54.0-13.1 libboost_iostreams1_54_0-debuginfo-1.54.0-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libboost_atomic1_54_0-1.54.0-13.1 libboost_atomic1_54_0-debuginfo-1.54.0-13.1 libboost_date_time1_54_0-1.54.0-13.1 libboost_date_time1_54_0-debuginfo-1.54.0-13.1 libboost_iostreams1_54_0-1.54.0-13.1 libboost_iostreams1_54_0-debuginfo-1.54.0-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libboost_atomic1_54_0-1.54.0-13.1 libboost_atomic1_54_0-debuginfo-1.54.0-13.1 libboost_date_time1_54_0-1.54.0-13.1 libboost_date_time1_54_0-debuginfo-1.54.0-13.1 libboost_iostreams1_54_0-1.54.0-13.1 libboost_iostreams1_54_0-debuginfo-1.54.0-13.1 References: https://bugzilla.suse.com/918723 From sle-updates at lists.suse.com Wed Mar 11 09:05:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 16:05:50 +0100 (CET) Subject: SUSE-SU-2015:0478-1: moderate: Security update for postgresql93 Message-ID: <20150311150550.CEA57320B7@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0478-1 Rating: moderate References: #888564 #916953 Cross-References: CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed: - CVE-2015-0241: Fix buffer overruns in to_char() (bnc#916953). - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto (bnc#916953). - CVE-2015-0244: Fix possible loss of frontend/backend protocol synchronization after an error (bnc#916953). - CVE-2014-8161: Fix information leak via constraint-violation error messages (bnc#916953). This non-security issue was fixed: - Move the server socket from /tmp to /var/run to avoid problems with clients that use PrivateTmp (bnc#888564). More information is available at http://www.postgresql.org/docs/9.3/static/release-9-3-6.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-118=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-118=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-118=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql93-devel-9.3.6-5.1 postgresql93-devel-debuginfo-9.3.6-5.1 postgresql93-libs-debugsource-9.3.6-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libecpg6-9.3.6-5.1 libecpg6-debuginfo-9.3.6-5.1 libpq5-9.3.6-5.1 libpq5-debuginfo-9.3.6-5.1 postgresql93-9.3.6-5.2 postgresql93-contrib-9.3.6-5.2 postgresql93-contrib-debuginfo-9.3.6-5.2 postgresql93-debuginfo-9.3.6-5.2 postgresql93-debugsource-9.3.6-5.2 postgresql93-libs-debugsource-9.3.6-5.1 postgresql93-server-9.3.6-5.2 postgresql93-server-debuginfo-9.3.6-5.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpq5-32bit-9.3.6-5.1 libpq5-debuginfo-32bit-9.3.6-5.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql93-docs-9.3.6-5.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libecpg6-9.3.6-5.1 libecpg6-debuginfo-9.3.6-5.1 libpq5-32bit-9.3.6-5.1 libpq5-9.3.6-5.1 libpq5-debuginfo-32bit-9.3.6-5.1 libpq5-debuginfo-9.3.6-5.1 postgresql93-9.3.6-5.2 postgresql93-debuginfo-9.3.6-5.2 postgresql93-debugsource-9.3.6-5.2 postgresql93-libs-debugsource-9.3.6-5.1 References: http://support.novell.com/security/cve/CVE-2014-8161.html http://support.novell.com/security/cve/CVE-2015-0241.html http://support.novell.com/security/cve/CVE-2015-0243.html http://support.novell.com/security/cve/CVE-2015-0244.html https://bugzilla.suse.com/888564 https://bugzilla.suse.com/916953 From sle-updates at lists.suse.com Wed Mar 11 13:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 20:04:56 +0100 (CET) Subject: SUSE-SU-2015:0480-1: important: Security update for bind Message-ID: <20150311190456.1A9843236F@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0480-1 Rating: important References: #743758 #858639 #908994 Cross-References: CVE-2014-0591 CVE-2014-8500 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. It includes one version update. Description: This bind updated fixes the following two security issues: * A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500, bnc#908994). The recursion depth limit is configured via the "max-recursion-depth" option, and the query limit via the "max-recursion-queries" option. * A flaw when handling malformed NSEC3-signed zones could lead named to a crash. (CVE-2014-0591, bnc#858639) Additionally, a non-security bug has been fixed: * Fix handling of TXT records in ldapdump (bnc#743758). Security Issues: * CVE-2014-8500 * CVE-2014-0591 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-bind=10200 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11W1]: bind-9.6ESVR11W1-0.2.1 bind-chrootenv-9.6ESVR11W1-0.2.1 bind-doc-9.6ESVR11W1-0.2.1 bind-libs-9.6ESVR11W1-0.2.1 bind-utils-9.6ESVR11W1-0.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 9.6ESVR11W1]: bind-libs-32bit-9.6ESVR11W1-0.2.1 References: http://support.novell.com/security/cve/CVE-2014-0591.html http://support.novell.com/security/cve/CVE-2014-8500.html https://bugzilla.suse.com/743758 https://bugzilla.suse.com/858639 https://bugzilla.suse.com/908994 http://download.suse.com/patch/finder/?keywords=b8f4d960338b2e26cbb436ddc301333c From sle-updates at lists.suse.com Wed Mar 11 13:05:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Mar 2015 20:05:42 +0100 (CET) Subject: SUSE-SU-2015:0481-1: important: Security update for Linux kernel Message-ID: <20150311190542.0C5473236F@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0481-1 Rating: important References: #771619 #779488 #833588 #835839 #847652 #857643 #864049 #865442 #867531 #867723 #870161 #875051 #876633 #880892 #883096 #883948 #887082 #892490 #892782 #895680 #896382 #896390 #896391 #896392 #897995 #898693 #899192 #901885 #902232 #902346 #902349 #902351 #902675 #903640 #904013 #904700 #905100 #905312 #905799 #906586 #907189 #907338 #907396 #909078 #912654 #912705 #915335 Cross-References: CVE-2012-4398 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-2929 CVE-2013-7263 CVE-2014-0131 CVE-2014-0181 CVE-2014-2309 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-4608 CVE-2014-4943 CVE-2014-5471 CVE-2014-5472 CVE-2014-7826 CVE-2014-7841 CVE-2014-7842 CVE-2014-8134 CVE-2014-8369 CVE-2014-8559 CVE-2014-8709 CVE-2014-9584 CVE-2014-9585 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 34 vulnerabilities and has 13 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). * CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). * CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). * CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). * CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). * CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The following non-security bugs have been fixed: * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588, bnc#905799). * HID: add usage_index in struct hid_usage (bnc#835839). * Revert PM / reboot: call syscore_shutdown() after disable_nonboot_cpus() Reduce time to shutdown large machines (bnc#865442 bnc#907396). * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart() Reduce time to shutdown large machines (bnc#865442 bnc#907396). * dm-mpath: fix panic on deleting sg device (bnc#870161). * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix bnc#880892). * handle more than just WS2008 in heartbeat negotiation (bnc#901885). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm: fix BUG in __split_huge_page_pmd (bnc#906586). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680, bnc#907189). * s390/3215: fix hanging console issue (bnc#898693, bnc#897995, LTC#115466). * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693, LTC#104168). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * target/rd: Refactor rd_build_device_space + rd_release_device_space. * timekeeping: Avoid possible deadlock from clock_was_set_delayed (bnc#771619, bnc#915335). * xfs: recheck buffer pinned status after push trylock failure (bnc#907338). * xfs: remove log force from xfs_buf_trylock() (bnc#907338). Security Issues: * CVE-2012-4398 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-2929 * CVE-2013-7263 * CVE-2014-0131 * CVE-2014-0181 * CVE-2014-2309 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-3673 * CVE-2014-3687 * CVE-2014-3688 * CVE-2014-3690 * CVE-2014-4608 * CVE-2014-4943 * CVE-2014-5471 * CVE-2014-5472 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-7842 * CVE-2014-8134 * CVE-2014-8369 * CVE-2014-8559 * CVE-2014-8709 * CVE-2014-9584 * CVE-2014-9585 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-kernel=10239 slessp2-kernel=10245 slessp2-kernel=10246 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.29.1 kernel-default-base-3.0.101-0.7.29.1 kernel-default-devel-3.0.101-0.7.29.1 kernel-source-3.0.101-0.7.29.1 kernel-syms-3.0.101-0.7.29.1 kernel-trace-3.0.101-0.7.29.1 kernel-trace-base-3.0.101-0.7.29.1 kernel-trace-devel-3.0.101-0.7.29.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.29.1 kernel-ec2-base-3.0.101-0.7.29.1 kernel-ec2-devel-3.0.101-0.7.29.1 kernel-xen-3.0.101-0.7.29.1 kernel-xen-base-3.0.101-0.7.29.1 kernel-xen-devel-3.0.101-0.7.29.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.5.19 xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.5.19 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.29.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.29.1 kernel-pae-base-3.0.101-0.7.29.1 kernel-pae-devel-3.0.101-0.7.29.1 xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.5.19 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.29-0.14.142 ext4-writeable-kmp-trace-0_3.0.101_0.7.29-0.14.142 kernel-default-extra-3.0.101-0.7.29.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.7.29-0.14.142 kernel-xen-extra-3.0.101-0.7.29.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.7.29-0.14.142 kernel-pae-extra-3.0.101-0.7.29.1 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-2929.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-0131.html http://support.novell.com/security/cve/CVE-2014-0181.html http://support.novell.com/security/cve/CVE-2014-2309.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-3687.html http://support.novell.com/security/cve/CVE-2014-3688.html http://support.novell.com/security/cve/CVE-2014-3690.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-4943.html http://support.novell.com/security/cve/CVE-2014-5471.html http://support.novell.com/security/cve/CVE-2014-5472.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-7842.html http://support.novell.com/security/cve/CVE-2014-8134.html http://support.novell.com/security/cve/CVE-2014-8369.html http://support.novell.com/security/cve/CVE-2014-8559.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-9584.html http://support.novell.com/security/cve/CVE-2014-9585.html https://bugzilla.suse.com/771619 https://bugzilla.suse.com/779488 https://bugzilla.suse.com/833588 https://bugzilla.suse.com/835839 https://bugzilla.suse.com/847652 https://bugzilla.suse.com/857643 https://bugzilla.suse.com/864049 https://bugzilla.suse.com/865442 https://bugzilla.suse.com/867531 https://bugzilla.suse.com/867723 https://bugzilla.suse.com/870161 https://bugzilla.suse.com/875051 https://bugzilla.suse.com/876633 https://bugzilla.suse.com/880892 https://bugzilla.suse.com/883096 https://bugzilla.suse.com/883948 https://bugzilla.suse.com/887082 https://bugzilla.suse.com/892490 https://bugzilla.suse.com/892782 https://bugzilla.suse.com/895680 https://bugzilla.suse.com/896382 https://bugzilla.suse.com/896390 https://bugzilla.suse.com/896391 https://bugzilla.suse.com/896392 https://bugzilla.suse.com/897995 https://bugzilla.suse.com/898693 https://bugzilla.suse.com/899192 https://bugzilla.suse.com/901885 https://bugzilla.suse.com/902232 https://bugzilla.suse.com/902346 https://bugzilla.suse.com/902349 https://bugzilla.suse.com/902351 https://bugzilla.suse.com/902675 https://bugzilla.suse.com/903640 https://bugzilla.suse.com/904013 https://bugzilla.suse.com/904700 https://bugzilla.suse.com/905100 https://bugzilla.suse.com/905312 https://bugzilla.suse.com/905799 https://bugzilla.suse.com/906586 https://bugzilla.suse.com/907189 https://bugzilla.suse.com/907338 https://bugzilla.suse.com/907396 https://bugzilla.suse.com/909078 https://bugzilla.suse.com/912654 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/915335 http://download.suse.com/patch/finder/?keywords=1aca006b7fb12ba06b40aba057729bf1 http://download.suse.com/patch/finder/?keywords=276c3f04008f2b450bc62f6bb64d06fc http://download.suse.com/patch/finder/?keywords=450d3910ce461844d33188377a397db4 http://download.suse.com/patch/finder/?keywords=55fa96c03a923b1679e1f132d850294c http://download.suse.com/patch/finder/?keywords=9462f7a25fba741ea356e4bc7df2eff7 http://download.suse.com/patch/finder/?keywords=9d8f78866ba011d27c2f208e892fe2d8 From sle-updates at lists.suse.com Thu Mar 12 14:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Mar 2015 21:04:53 +0100 (CET) Subject: SUSE-RU-2015:0485-1: Recommended update for gnu-efi Message-ID: <20150312200453.DF3933236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-efi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0485-1 Rating: low References: #916349 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: In SUSE-SU-2014:1619-1 gnu-efi was updated to version 3.0u on x86_64, however the package is also present on i586 and ia64. This update releases version 3.0u for these architectures. Indications: Any user can install this package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gnu-efi=10271 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gnu-efi=10271 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gnu-efi=10271 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586) [New Version: 3.0u]: gnu-efi-3.0u-0.7.24 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0u]: gnu-efi-3.0u-0.7.24 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64) [New Version: 3.0u]: gnu-efi-3.0u-0.7.24 References: https://bugzilla.suse.com/916349 http://download.suse.com/patch/finder/?keywords=ff341249c946d3c04ca45305699bc7f8 From sle-updates at lists.suse.com Thu Mar 12 14:05:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Mar 2015 21:05:25 +0100 (CET) Subject: SUSE-SU-2015:0487-1: important: Security update for osc Message-ID: <20150312200525.4C5203238F@maintenance.suse.de> SUSE Security Update: Security update for osc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0487-1 Rating: important References: #901643 Cross-References: CVE-2015-0778 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: * fixed shell command injection via crafted _service files CVE-2015-0778 boo#901643 The following non-security bugs were fixed: * fix times when data comes from OBS backend * support updateing the link in target package for submit requests * various minor bugfixes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-119=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): osc-0.151.0-8.1 References: http://support.novell.com/security/cve/CVE-2015-0778.html https://bugzilla.suse.com/901643 From sle-updates at lists.suse.com Thu Mar 12 16:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Mar 2015 23:04:54 +0100 (CET) Subject: SUSE-SU-2015:0488-1: important: Security update for bind Message-ID: <20150312220454.16DFE3236F@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0488-1 Rating: important References: #908994 Cross-References: CVE-2014-8500 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This bind update to version 9.6-ESV-R11-W1 fixes the following security issue: * A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500, bnc#908994). The recursion depth limit is configured via the "max-recursion-depth" option, and the query limit via the "max-recursion-queries" option. Security Issues: * CVE-2014-8500 Indications: Everybody should update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11P1]: bind-9.6ESVR11P1-0.10.1 bind-chrootenv-9.6ESVR11P1-0.10.1 bind-devel-9.6ESVR11P1-0.10.1 bind-doc-9.6ESVR11P1-0.10.1 bind-libs-9.6ESVR11P1-0.10.1 bind-utils-9.6ESVR11P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 9.6ESVR11P1]: bind-libs-32bit-9.6ESVR11P1-0.10.1 References: http://support.novell.com/security/cve/CVE-2014-8500.html https://bugzilla.suse.com/908994 http://download.suse.com/patch/finder/?keywords=13586bdce180bbb68a1aee89f5a4dbe2 From sle-updates at lists.suse.com Fri Mar 13 05:05:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Mar 2015 12:05:09 +0100 (CET) Subject: SUSE-SU-2015:0491-1: critical: Security update for flash-player Message-ID: <20150313110509.D318F3238F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0491-1 Rating: critical References: #922033 Cross-References: CVE-2015-0333 CVE-2015-0334 CVE-2015-0335 CVE-2015-0336 CVE-2015-0337 CVE-2015-0338 CVE-2015-0339 CVE-2015-0340 CVE-2015-0341 CVE-2015-0342 CVE-2016-0332 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.451 (bsc#922033). These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution (CVE-2016-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336). - A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337). - A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340). - An integer overflow vulnerability that could lead to code execution (CVE-2015-0338). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-120=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-120=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.451-72.1 flash-player-gnome-11.2.202.451-72.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.451-72.1 flash-player-gnome-11.2.202.451-72.1 References: http://support.novell.com/security/cve/CVE-2015-0333.html http://support.novell.com/security/cve/CVE-2015-0334.html http://support.novell.com/security/cve/CVE-2015-0335.html http://support.novell.com/security/cve/CVE-2015-0336.html http://support.novell.com/security/cve/CVE-2015-0337.html http://support.novell.com/security/cve/CVE-2015-0338.html http://support.novell.com/security/cve/CVE-2015-0339.html http://support.novell.com/security/cve/CVE-2015-0340.html http://support.novell.com/security/cve/CVE-2015-0341.html http://support.novell.com/security/cve/CVE-2015-0342.html http://support.novell.com/security/cve/CVE-2016-0332.html https://bugzilla.suse.com/922033 From sle-updates at lists.suse.com Fri Mar 13 11:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Mar 2015 18:04:50 +0100 (CET) Subject: SUSE-SU-2015:0493-1: critical: Security update for flash-player Message-ID: <20150313170450.117163236F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0493-1 Rating: critical References: #922033 Cross-References: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334 CVE-2015-0335 CVE-2015-0336 CVE-2015-0337 CVE-2015-0338 CVE-2015-0339 CVE-2015-0340 CVE-2015-0341 CVE-2015-0342 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes one version update. Description: flash-player has been updated to fix eleven security vulnerabilities: * Memory corruption vulnerabilities that could have lead to code execution (CVE-2016-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). * Type confusion vulnerabilities that could have lead to code execution (CVE-2015-0334, CVE-2015-0336). * A vulnerability that could have lead to a cross-domain policy bypass (CVE-2015-0337). * A vulnerability that could have lead to a file upload restriction bypass (CVE-2015-0340). * An integer overflow vulnerability that could have lead to code execution (CVE-2015-0338). * Use-after-free vulnerabilities that could have lead to code execution (CVE-2015-0341, CVE-2015-0342). Security Issues: * CVE-2015-0332 * CVE-2015-0333 * CVE-2015-0334 * CVE-2015-0335 * CVE-2015-0336 * CVE-2015-0337 * CVE-2015-0338 * CVE-2015-0339 * CVE-2015-0340 * CVE-2015-0341 * CVE-2015-0342 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player=10458 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.451]: flash-player-11.2.202.451-0.3.1 flash-player-gnome-11.2.202.451-0.3.1 flash-player-kde4-11.2.202.451-0.3.1 References: http://support.novell.com/security/cve/CVE-2015-0332.html http://support.novell.com/security/cve/CVE-2015-0333.html http://support.novell.com/security/cve/CVE-2015-0334.html http://support.novell.com/security/cve/CVE-2015-0335.html http://support.novell.com/security/cve/CVE-2015-0336.html http://support.novell.com/security/cve/CVE-2015-0337.html http://support.novell.com/security/cve/CVE-2015-0338.html http://support.novell.com/security/cve/CVE-2015-0339.html http://support.novell.com/security/cve/CVE-2015-0340.html http://support.novell.com/security/cve/CVE-2015-0341.html http://support.novell.com/security/cve/CVE-2015-0342.html https://bugzilla.suse.com/922033 http://download.suse.com/patch/finder/?keywords=fbb467a958f816fafdae5a6e214f41e9 From sle-updates at lists.suse.com Fri Mar 13 12:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Mar 2015 19:04:57 +0100 (CET) Subject: SUSE-RU-2015:0494-1: moderate: Recommended update for grub2 Message-ID: <20150313180457.A2B673236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0494-1 Rating: moderate References: #910245 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 prevents a potential crash when booting SLE 12 paravirtualized guests with more than 2 GB of memory on a SLES 11-SP3 Xen virtualization host. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-grub2=10333 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-grub2=10333 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-grub2=10333 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): grub2-x86_64-efi-2.00-0.47.1 grub2-x86_64-xen-2.00-0.47.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): grub2-x86_64-efi-2.00-0.47.1 grub2-x86_64-xen-2.00-0.47.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): grub2-x86_64-efi-2.00-0.47.1 grub2-x86_64-xen-2.00-0.47.1 References: https://bugzilla.suse.com/910245 http://download.suse.com/patch/finder/?keywords=2b1f180e98f36f09b21f745bf9341442 From sle-updates at lists.suse.com Fri Mar 13 12:05:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Mar 2015 19:05:18 +0100 (CET) Subject: SUSE-RU-2015:0495-1: Recommended update for pam Message-ID: <20150313180518.EF6EE3238F@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0495-1 Rating: low References: #912922 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes updating of NIS passwords. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-121=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-121=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-121=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): pam-debuginfo-1.1.8-14.1 pam-debugsource-1.1.8-14.1 pam-devel-1.1.8-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): pam-1.1.8-14.1 pam-debuginfo-1.1.8-14.1 pam-debugsource-1.1.8-14.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): pam-32bit-1.1.8-14.1 pam-debuginfo-32bit-1.1.8-14.1 - SUSE Linux Enterprise Server 12 (noarch): pam-doc-1.1.8-14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): pam-1.1.8-14.1 pam-32bit-1.1.8-14.1 pam-debuginfo-1.1.8-14.1 pam-debuginfo-32bit-1.1.8-14.1 pam-debugsource-1.1.8-14.1 - SUSE Linux Enterprise Desktop 12 (noarch): pam-doc-1.1.8-14.1 References: https://bugzilla.suse.com/912922 From sle-updates at lists.suse.com Sat Mar 14 05:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Mar 2015 12:04:54 +0100 (CET) Subject: SUSE-SU-2015:0498-1: moderate: Security update for oracle-update Message-ID: <20150314110454.0D5763236F@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0498-1 Rating: moderate References: #914702 Cross-References: CVE-2015-0370 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: oracle-update has been updated to fix one security issue: * CVE-2015-0370: Unspecified vulnerability in the Core RDBMS component of Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 could allow remote authenticated users to affect integrity via unknown vectors (bnc#914702). Security Issues: * CVE-2015-0370 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-oracle-update=10274 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): oracle-update-1.7-0.29.1 References: http://support.novell.com/security/cve/CVE-2015-0370.html https://bugzilla.suse.com/914702 http://download.suse.com/patch/finder/?keywords=b0b54609f32dc9e39c2d24f09bf1f14b From sle-updates at lists.suse.com Mon Mar 16 05:05:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Mar 2015 12:05:46 +0100 (CET) Subject: SUSE-SU-2015:0503-1: important: Security update for java-1_7_0-openjdk Message-ID: <20150316110546.7DE693238F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0503-1 Rating: important References: #901223 #914041 Cross-References: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update fixes 13 security issues. These security issues were fixed: - CVE-2015-0395: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#914041). - CVE-2015-0400: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#914041). - CVE-2015-0383: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allowed local users to affect integrity and availability via unknown vectors related to Hotspot (bnc#914041). - CVE-2015-0412: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS (bnc#914041). - CVE-2015-0407: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#914041). - CVE-2015-0408: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bnc#914041). - CVE-2014-6585: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591 (bnc#914041). - CVE-2014-6587: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#914041). - CVE-2014-6591: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585 (bnc#914041). - CVE-2014-6593: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allowed remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#914041). - CVE-2014-6601: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#914041). - CVE-2015-0410: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allowed remote attackers to affect availability via unknown vectors related to Security (bnc#914041). - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, used nondeterministic CBC padding, which made it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). These non-security issues were fixed: - Update protocol support (S8046656). - Fewer escapes from escape analysis (S8047130). - Better GC validation (S8049253). - TLAB stability (S8055479). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-122=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-122=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.75-11.3 java-1_7_0-openjdk-debuginfo-1.7.0.75-11.3 java-1_7_0-openjdk-debugsource-1.7.0.75-11.3 java-1_7_0-openjdk-demo-1.7.0.75-11.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.75-11.3 java-1_7_0-openjdk-devel-1.7.0.75-11.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.75-11.3 java-1_7_0-openjdk-headless-1.7.0.75-11.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.75-11.3 - SUSE Linux Enterprise Desktop 12 (x86_64): java-1_7_0-openjdk-1.7.0.75-11.3 java-1_7_0-openjdk-debuginfo-1.7.0.75-11.3 java-1_7_0-openjdk-debugsource-1.7.0.75-11.3 java-1_7_0-openjdk-headless-1.7.0.75-11.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.75-11.3 References: http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-6585.html http://support.novell.com/security/cve/CVE-2014-6587.html http://support.novell.com/security/cve/CVE-2014-6591.html http://support.novell.com/security/cve/CVE-2014-6593.html http://support.novell.com/security/cve/CVE-2014-6601.html http://support.novell.com/security/cve/CVE-2015-0383.html http://support.novell.com/security/cve/CVE-2015-0395.html http://support.novell.com/security/cve/CVE-2015-0400.html http://support.novell.com/security/cve/CVE-2015-0407.html http://support.novell.com/security/cve/CVE-2015-0408.html http://support.novell.com/security/cve/CVE-2015-0410.html http://support.novell.com/security/cve/CVE-2015-0412.html https://bugzilla.suse.com/901223 https://bugzilla.suse.com/914041 From sle-updates at lists.suse.com Mon Mar 16 10:05:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Mar 2015 17:05:02 +0100 (CET) Subject: SUSE-SU-2015:0506-1: moderate: Security update for libmspack Message-ID: <20150316160502.8232B3238F@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0506-1 Rating: moderate References: #912214 Cross-References: CVE-2014-9556 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libmspack was updated to fix one security issue. This security issue was fixed: - Possible DoS by infinite loop (bnc#912214, CVE-2014-9556) The previous fix was not fully fixing this problem. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-123=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-123=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-123=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmspack-debugsource-0.4-10.1 libmspack-devel-0.4-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmspack-debugsource-0.4-10.1 libmspack0-0.4-10.1 libmspack0-debuginfo-0.4-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmspack-debugsource-0.4-10.1 libmspack0-0.4-10.1 libmspack0-debuginfo-0.4-10.1 References: http://support.novell.com/security/cve/CVE-2014-9556.html https://bugzilla.suse.com/912214 From sle-updates at lists.suse.com Mon Mar 16 11:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Mar 2015 18:04:53 +0100 (CET) Subject: SUSE-RU-2015:0507-1: moderate: Recommended update for multipath-tools Message-ID: <20150316170453.B72243236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0507-1 Rating: moderate References: #889927 #898427 #900758 #901465 #901809 #901891 #907483 #908915 #909742 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Skip uninitialized devices during reconfiguration (bsc#908915) - Fix memory overflow when printing help text (bsc#909742) - Trigger all devices on multipathd startup (bsc#901465) - Fall back to SG_IO if no UID could be assigned (bsc#908915) - Assign local priority for NAA VPD descriptor (bsc#907483) - Fix dev_loss_tmo setting (bsc#889927) - Do not use 'sscanf' for parsing integers (bsc#889927) - Do not flush I/O for DM_DEVICE_CREATE (bsc#901809) - Fix kpartx to handle more than 256 loop devices (bsc#898427) - Fix multipathd locking in uev_remove_map() (bsc#901891) - Use global variable for uxsock timeout (bsc#900758) - Add %service calls for multipathd.socket. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-124=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-124=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): multipath-tools-debuginfo-0.5.0-33.1 multipath-tools-debugsource-0.5.0-33.1 multipath-tools-devel-0.5.0-33.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kpartx-0.5.0-33.1 kpartx-debuginfo-0.5.0-33.1 multipath-tools-0.5.0-33.1 multipath-tools-debuginfo-0.5.0-33.1 multipath-tools-debugsource-0.5.0-33.1 References: https://bugzilla.suse.com/889927 https://bugzilla.suse.com/898427 https://bugzilla.suse.com/900758 https://bugzilla.suse.com/901465 https://bugzilla.suse.com/901809 https://bugzilla.suse.com/901891 https://bugzilla.suse.com/907483 https://bugzilla.suse.com/908915 https://bugzilla.suse.com/909742 From sle-updates at lists.suse.com Mon Mar 16 12:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Mar 2015 19:04:51 +0100 (CET) Subject: SUSE-RU-2015:0507-2: moderate: Recommended update for multipath-tools Message-ID: <20150316180451.86F5F3236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0507-2 Rating: moderate References: #889927 #898427 #900758 #901465 #901809 #901891 #907483 #908915 #909742 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Skip uninitialized devices during reconfiguration (bsc#908915) - Fix memory overflow when printing help text (bsc#909742) - Trigger all devices on multipathd startup (bsc#901465) - Fall back to SG_IO if no UID could be assigned (bsc#908915) - Assign local priority for NAA VPD descriptor (bsc#907483) - Fix dev_loss_tmo setting (bsc#889927) - Do not use 'sscanf' for parsing integers (bsc#889927) - Do not flush I/O for DM_DEVICE_CREATE (bsc#901809) - Fix kpartx to handle more than 256 loop devices (bsc#898427) - Fix multipathd locking in uev_remove_map() (bsc#901891) - Use global variable for uxsock timeout (bsc#900758) - Add %service calls for multipathd.socket. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-124=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): kpartx-0.5.0-33.1 kpartx-debuginfo-0.5.0-33.1 multipath-tools-0.5.0-33.1 multipath-tools-debuginfo-0.5.0-33.1 multipath-tools-debugsource-0.5.0-33.1 References: https://bugzilla.suse.com/889927 https://bugzilla.suse.com/898427 https://bugzilla.suse.com/900758 https://bugzilla.suse.com/901465 https://bugzilla.suse.com/901809 https://bugzilla.suse.com/901891 https://bugzilla.suse.com/907483 https://bugzilla.suse.com/908915 https://bugzilla.suse.com/909742 From sle-updates at lists.suse.com Tue Mar 17 04:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Mar 2015 11:04:49 +0100 (CET) Subject: SUSE-SU-2015:0508-1: moderate: Security update for libmspack Message-ID: <20150317100449.E54FA32369@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0508-1 Rating: moderate References: #912214 Cross-References: CVE-2014-9556 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2014-9556: An integer overflow in the function qtmd_decompress() could have been exploited causing a denial of service (endless loop) (bnc##912214) Security Issues: * CVE-2014-9556 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmspack=10402 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmspack=10402 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmspack=10402 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmspack=10402 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libmspack-devel-0.0.20060920alpha-74.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libmspack0-0.0.20060920alpha-74.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libmspack0-0.0.20060920alpha-74.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libmspack0-0.0.20060920alpha-74.5.1 References: http://support.novell.com/security/cve/CVE-2014-9556.html https://bugzilla.suse.com/912214 http://download.suse.com/patch/finder/?keywords=c04009f6ded67307d3806d85085e7456 From sle-updates at lists.suse.com Tue Mar 17 05:05:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Mar 2015 12:05:00 +0100 (CET) Subject: SUSE-SU-2015:0498-2: moderate: Security update for oracle-update Message-ID: <20150317110500.93A0C32369@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0498-2 Rating: moderate References: #914702 Cross-References: CVE-2015-0370 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: oracle-update has been updated to fix one security issue: * CVE-2015-0370: Unspecified vulnerability in the Core RDBMS component of Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 could allow remote authenticated users to affect integrity via unknown vectors (bnc#914702). Security Issues: * CVE-2015-0370 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-oracle-update=10275 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64): oracle-update-1.7-0.29.1 References: http://support.novell.com/security/cve/CVE-2015-0370.html https://bugzilla.suse.com/914702 http://download.suse.com/patch/finder/?keywords=894ac11839a3200dd52b9f6c704adc10 From sle-updates at lists.suse.com Tue Mar 17 05:05:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Mar 2015 12:05:21 +0100 (CET) Subject: SUSE-RU-2015:0509-1: moderate: Recommended update for vm-install Message-ID: <20150317110521.284D63238F@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0509-1 Rating: moderate References: #842453 #857916 #885052 #887993 #888265 #913744 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This update for vm-install provides fixes for the following issues: * DomU upgrade from SLES 11 SP3 to SLES 12 using installation source doesn't give you the option to upgrade. (bsc#913744) * vm-install and virt-install cannot install SLES12 s390x systems. (bsc#885052) * vm-install fail to umount the temporary file as the loop media. (bsc#888265) * vm-install calculates available memory incorrectly. (bsc#887993) * keymap option not passed to xen vm. (bsc#857916) * Incorrect translation in language file. (bsc#842453) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vm-install=10233 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-vm-install=10233 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 0.6.36]: vm-install-0.6.36-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.6.36]: vm-install-0.6.36-0.7.2 References: https://bugzilla.suse.com/842453 https://bugzilla.suse.com/857916 https://bugzilla.suse.com/885052 https://bugzilla.suse.com/887993 https://bugzilla.suse.com/888265 https://bugzilla.suse.com/913744 http://download.suse.com/patch/finder/?keywords=a0cead4b869d0fddc11a1670c0ed2658 From sle-updates at lists.suse.com Tue Mar 17 16:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Mar 2015 23:04:50 +0100 (CET) Subject: SUSE-SU-2015:0512-1: moderate: Security update for kdebase4-runtime Message-ID: <20150317220450.7C9643236F@maintenance.suse.de> SUSE Security Update: Security update for kdebase4-runtime ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0512-1 Rating: moderate References: #857200 Cross-References: CVE-2013-7252 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: kdebase4-runtime has been updated to fix one security issue: * CVE-2013-7252: Added gpg based encryption support to kwallet (bnc#857200). Security Issues: * CVE-2013-7252 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-kde4-l10n=10404 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kde4-l10n=10404 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kde4-l10n=10404 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kde4-l10n=10404 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): kde4-l10n-de-data-4.3.5-0.3.1 kde4-l10n-de-doc-4.3.5-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kdebase4-runtime-4.3.5-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): kde4-l10n-ar-4.3.5-0.3.1 kde4-l10n-bg-4.3.5-0.3.1 kde4-l10n-ca-4.3.5-0.3.1 kde4-l10n-cs-4.3.5-0.3.1 kde4-l10n-csb-4.3.5-0.3.1 kde4-l10n-da-4.3.5-0.3.1 kde4-l10n-de-4.3.5-0.3.1 kde4-l10n-el-4.3.5-0.3.1 kde4-l10n-en_GB-4.3.5-0.3.1 kde4-l10n-es-4.3.5-0.3.1 kde4-l10n-et-4.3.5-0.3.1 kde4-l10n-eu-4.3.5-0.3.1 kde4-l10n-fi-4.3.5-0.3.1 kde4-l10n-fr-4.3.5-0.3.1 kde4-l10n-ga-4.3.5-0.3.1 kde4-l10n-gl-4.3.5-0.3.1 kde4-l10n-hi-4.3.5-0.3.1 kde4-l10n-hu-4.3.5-0.3.1 kde4-l10n-is-4.3.5-0.3.1 kde4-l10n-it-4.3.5-0.3.1 kde4-l10n-ja-4.3.5-0.3.1 kde4-l10n-kk-4.3.5-0.3.1 kde4-l10n-km-4.3.5-0.3.1 kde4-l10n-ko-4.3.5-0.3.1 kde4-l10n-ku-4.3.5-0.3.1 kde4-l10n-lt-4.3.5-0.3.1 kde4-l10n-lv-4.3.5-0.3.1 kde4-l10n-mk-4.3.5-0.3.1 kde4-l10n-ml-4.3.5-0.3.1 kde4-l10n-nb-4.3.5-0.3.1 kde4-l10n-nds-4.3.5-0.3.1 kde4-l10n-nl-4.3.5-0.3.1 kde4-l10n-nn-4.3.5-0.3.1 kde4-l10n-pa-4.3.5-0.3.1 kde4-l10n-pl-4.3.5-0.3.1 kde4-l10n-pt-4.3.5-0.3.1 kde4-l10n-pt_BR-4.3.5-0.3.1 kde4-l10n-ro-4.3.5-0.3.1 kde4-l10n-ru-4.3.5-0.3.1 kde4-l10n-sl-4.3.5-0.3.1 kde4-l10n-sv-4.3.5-0.3.1 kde4-l10n-th-4.3.5-0.3.1 kde4-l10n-tr-4.3.5-0.3.1 kde4-l10n-uk-4.3.5-0.3.1 kde4-l10n-wa-4.3.5-0.3.1 kde4-l10n-zh_CN-4.3.5-0.3.1 kde4-l10n-zh_TW-4.3.5-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kdebase4-runtime-4.3.5-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): kde4-l10n-ar-4.3.5-0.3.1 kde4-l10n-bg-4.3.5-0.3.1 kde4-l10n-ca-4.3.5-0.3.1 kde4-l10n-cs-4.3.5-0.3.1 kde4-l10n-csb-4.3.5-0.3.1 kde4-l10n-da-4.3.5-0.3.1 kde4-l10n-de-4.3.5-0.3.1 kde4-l10n-el-4.3.5-0.3.1 kde4-l10n-en_GB-4.3.5-0.3.1 kde4-l10n-es-4.3.5-0.3.1 kde4-l10n-et-4.3.5-0.3.1 kde4-l10n-eu-4.3.5-0.3.1 kde4-l10n-fi-4.3.5-0.3.1 kde4-l10n-fr-4.3.5-0.3.1 kde4-l10n-ga-4.3.5-0.3.1 kde4-l10n-gl-4.3.5-0.3.1 kde4-l10n-hi-4.3.5-0.3.1 kde4-l10n-hu-4.3.5-0.3.1 kde4-l10n-is-4.3.5-0.3.1 kde4-l10n-it-4.3.5-0.3.1 kde4-l10n-ja-4.3.5-0.3.1 kde4-l10n-kk-4.3.5-0.3.1 kde4-l10n-km-4.3.5-0.3.1 kde4-l10n-ko-4.3.5-0.3.1 kde4-l10n-ku-4.3.5-0.3.1 kde4-l10n-lt-4.3.5-0.3.1 kde4-l10n-lv-4.3.5-0.3.1 kde4-l10n-mk-4.3.5-0.3.1 kde4-l10n-ml-4.3.5-0.3.1 kde4-l10n-nb-4.3.5-0.3.1 kde4-l10n-nds-4.3.5-0.3.1 kde4-l10n-nl-4.3.5-0.3.1 kde4-l10n-nn-4.3.5-0.3.1 kde4-l10n-pa-4.3.5-0.3.1 kde4-l10n-pl-4.3.5-0.3.1 kde4-l10n-pt-4.3.5-0.3.1 kde4-l10n-pt_BR-4.3.5-0.3.1 kde4-l10n-ro-4.3.5-0.3.1 kde4-l10n-ru-4.3.5-0.3.1 kde4-l10n-sl-4.3.5-0.3.1 kde4-l10n-sv-4.3.5-0.3.1 kde4-l10n-th-4.3.5-0.3.1 kde4-l10n-tr-4.3.5-0.3.1 kde4-l10n-uk-4.3.5-0.3.1 kde4-l10n-wa-4.3.5-0.3.1 kde4-l10n-zh_CN-4.3.5-0.3.1 kde4-l10n-zh_TW-4.3.5-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kdebase4-runtime-4.3.5-0.3.1 kdebase4-runtime-xine-4.3.5-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): kde4-l10n-ar-4.3.5-0.3.1 kde4-l10n-cs-4.3.5-0.3.1 kde4-l10n-da-4.3.5-0.3.1 kde4-l10n-da-data-4.3.5-0.3.1 kde4-l10n-da-doc-4.3.5-0.3.1 kde4-l10n-de-4.3.5-0.3.1 kde4-l10n-de-data-4.3.5-0.3.1 kde4-l10n-de-doc-4.3.5-0.3.1 kde4-l10n-en_GB-4.3.5-0.3.1 kde4-l10n-es-4.3.5-0.3.1 kde4-l10n-es-data-4.3.5-0.3.1 kde4-l10n-es-doc-4.3.5-0.3.1 kde4-l10n-fr-4.3.5-0.3.1 kde4-l10n-fr-data-4.3.5-0.3.1 kde4-l10n-fr-doc-4.3.5-0.3.1 kde4-l10n-hu-4.3.5-0.3.1 kde4-l10n-it-4.3.5-0.3.1 kde4-l10n-it-data-4.3.5-0.3.1 kde4-l10n-it-doc-4.3.5-0.3.1 kde4-l10n-ja-4.3.5-0.3.1 kde4-l10n-ko-4.3.5-0.3.1 kde4-l10n-nb-4.3.5-0.3.1 kde4-l10n-nl-4.3.5-0.3.1 kde4-l10n-nl-data-4.3.5-0.3.1 kde4-l10n-nl-doc-4.3.5-0.3.1 kde4-l10n-pl-4.3.5-0.3.1 kde4-l10n-pl-data-4.3.5-0.3.1 kde4-l10n-pl-doc-4.3.5-0.3.1 kde4-l10n-pt-4.3.5-0.3.1 kde4-l10n-pt_BR-4.3.5-0.3.1 kde4-l10n-pt_BR-data-4.3.5-0.3.1 kde4-l10n-pt_BR-doc-4.3.5-0.3.1 kde4-l10n-ru-4.3.5-0.3.1 kde4-l10n-ru-data-4.3.5-0.3.1 kde4-l10n-ru-doc-4.3.5-0.3.1 kde4-l10n-sv-4.3.5-0.3.1 kde4-l10n-sv-data-4.3.5-0.3.1 kde4-l10n-sv-doc-4.3.5-0.3.1 kde4-l10n-zh_CN-4.3.5-0.3.1 kde4-l10n-zh_TW-4.3.5-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-7252.html https://bugzilla.suse.com/857200 http://download.suse.com/patch/finder/?keywords=b6d66df968a7f4e625110c146d0147a6 From sle-updates at lists.suse.com Tue Mar 17 16:05:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Mar 2015 23:05:09 +0100 (CET) Subject: SUSE-RU-2015:0513-1: Recommended update for suse-cloud-upgrade Message-ID: <20150317220509.120D43238F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-cloud-upgrade ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0513-1 Rating: low References: #892503 #913692 #914093 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suse-cloud-upgrade provides the following stability fixes: * Clarify variable names * Remove duplicated agents in neutron db before doing migration (bnc#892503) * Fix re-installing optional barclamps * Use the correct config files for neutron-db-manage (bnc#914093) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-ceilometer-mongodb-0115=10216 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): suse-cloud-upgrade-4+git.1421934285.579d46f-0.7.1 References: https://bugzilla.suse.com/892503 https://bugzilla.suse.com/913692 https://bugzilla.suse.com/914093 http://download.suse.com/patch/finder/?keywords=2523dfbf4b3aa7263f9c2c37bb1eac6c From sle-updates at lists.suse.com Tue Mar 17 17:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 00:04:44 +0100 (CET) Subject: SUSE-RU-2015:0514-1: Recommended update for High Availability Extension Message-ID: <20150317230444.5E7993236F@maintenance.suse.de> SUSE Recommended Update: Recommended update for High Availability Extension ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0514-1 Rating: low References: #847005 #881160 #883011 #883076 #883729 #884442 #886479 #888586 #890400 #892755 #893011 #896483 #899175 #899324 #899403 #901543 #904698 #904815 #910497 #911354 #916981 #918071 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has 22 recommended fixes can now be installed. It includes three new package versions. Description: This collective update for the High Availability Extension 11 SP3 provides many fixes and enhancements. (bsc#911354) corosync: * Fix incorrect locking which could result in a segmentation fault (bsc#916981). crmsh: * xmlutil: Use idmgmt when creating new elements (bsc#901543, bsc#904815) * xmlutil: Treat node type=member as normal (bsc#904698) * term: Handle $ in input when rendering (bsc#893011) * parse: Don't elide node type if set (bsc#884442). ipvsadm: * Fix wrong error message when using ipvsadm with option "--ops" (bsc#847005). openais: * init script: Allow delaying start of post-sbd units (bsc#883011). pacemaker: * crmd: Prevent crmd from shutting down itself when update of node state timed out (bsc#883076) * pengine: Fix the behaviours of multi-state resources with asymmetrical ordering (bsc#899403) * cib: Improved tracing of callbacks (bsc#883076) * pe: Allow unrelated resources with a common collocation target to remain promoted (bsc#899175) * ping: Correct metadata for attempts parameter (bsc#899324) * ping: Pass extra options to fping (bsc#899324) * ping: Remove incorrectly advertised migrate_to|migrate_from (bsc#899324) * ping: Add use_fping parameter (bsc#899324) * ping: Correctly advertise multiplier default (bsc#899324) * crm_resource: Print a clear message if the attribute is not found for the resource (bsc#890400) * services: Remove cancelled recurring ops from internal lists as early as possible (bsc#888586) * services: Remove file descriptors from mainloop as soon as we have drained them (bsc#888586) * crm_verify: Perform a full set of calculations whenever the status section is present (bsc#886479) * pe: Correctly warn when resources require fencing but fencing is disabled (bsc#886479) * controld: Return OCF_ERR_INSTALLED instead of OCF_NOT_INSTALLED (bsc#883729) * pengine: Handle ordering between stateful and migratable resources (bsc#881160). pacemaker-mgmt: * mgmtd: Display resource operations and fail counts for anonymous clones (bsc#896483). resource-agents: * ldirectord: Get correct user for sending email (bsc#910497) * findif.sh: Use the most specific matching route (bsc#892755) * Correct package's description in the spec file (bnc#918071). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-slehae-201501=10441 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.1.11,1.2.6 and 1.4.7]: corosync-1.4.7-0.21.3 crmsh-1.2.6-0.38.1.17 ipvsadm-1.26-5.11.2 ldirectord-3.9.5-0.37.38.19 libcorosync-devel-1.4.7-0.21.3 libcorosync4-1.4.7-0.21.3 libopenais-devel-1.1.4-5.22.1.7 libopenais3-1.1.4-5.22.1.7 libpacemaker-devel-1.1.11-0.8.11.70 libpacemaker3-1.1.11-0.8.11.70 nagios-plugins-metadata-3.9.5-0.37.38.19 openais-1.1.4-5.22.1.7 pacemaker-1.1.11-0.8.11.70 pacemaker-mgmt-2.1.2-0.16.17.29 pacemaker-mgmt-client-2.1.2-0.16.17.29 pacemaker-mgmt-devel-2.1.2-0.16.17.29 resource-agents-3.9.5-0.37.38.19 References: https://bugzilla.suse.com/847005 https://bugzilla.suse.com/881160 https://bugzilla.suse.com/883011 https://bugzilla.suse.com/883076 https://bugzilla.suse.com/883729 https://bugzilla.suse.com/884442 https://bugzilla.suse.com/886479 https://bugzilla.suse.com/888586 https://bugzilla.suse.com/890400 https://bugzilla.suse.com/892755 https://bugzilla.suse.com/893011 https://bugzilla.suse.com/896483 https://bugzilla.suse.com/899175 https://bugzilla.suse.com/899324 https://bugzilla.suse.com/899403 https://bugzilla.suse.com/901543 https://bugzilla.suse.com/904698 https://bugzilla.suse.com/904815 https://bugzilla.suse.com/910497 https://bugzilla.suse.com/911354 https://bugzilla.suse.com/916981 https://bugzilla.suse.com/918071 http://download.suse.com/patch/finder/?keywords=b6df40d7328aa621c913074748ecedb9 From sle-updates at lists.suse.com Wed Mar 18 01:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 08:04:57 +0100 (CET) Subject: SUSE-SU-2015:0515-1: moderate: Security update for gnome-settings-daemon Message-ID: <20150318070458.02F173236F@maintenance.suse.de> SUSE Security Update: Security update for gnome-settings-daemon ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0515-1 Rating: moderate References: #900031 #905158 Cross-References: CVE-2014-7300 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: gnome-settings-daemon was updated to fix a bug and a security issue: Security issue fixed: - CVE-2014-7300: The lockscreen can be bypassed with the Print Screen button. Bug fixed: - Do not hide the cursor while there was no mutter running (bsc#905158). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-126=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-126=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-126=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnome-settings-daemon-debuginfo-3.10.2-20.1 gnome-settings-daemon-debugsource-3.10.2-20.1 gnome-settings-daemon-devel-3.10.2-20.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-settings-daemon-3.10.2-20.1 gnome-settings-daemon-debuginfo-3.10.2-20.1 gnome-settings-daemon-debugsource-3.10.2-20.1 - SUSE Linux Enterprise Server 12 (noarch): gnome-settings-daemon-lang-3.10.2-20.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-settings-daemon-3.10.2-20.1 gnome-settings-daemon-debuginfo-3.10.2-20.1 gnome-settings-daemon-debugsource-3.10.2-20.1 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-settings-daemon-lang-3.10.2-20.1 References: http://support.novell.com/security/cve/CVE-2014-7300.html https://bugzilla.suse.com/900031 https://bugzilla.suse.com/905158 From sle-updates at lists.suse.com Wed Mar 18 04:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 11:04:55 +0100 (CET) Subject: SUSE-SU-2015:0516-1: Security update for vsftpd Message-ID: <20150318100455.5AE763236F@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0516-1 Rating: low References: #900326 #915522 Cross-References: CVE-2015-1419 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: vsftpd was updated to fix one security issue. This security issue was fixed: - CVE-2015-1419: vsftpd config option deny_file was not handled correctly (bnc#915522). Note: deny_file shouldn't be used to restrict access, as stated in the documentation. Please use more reliable methods. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-127=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vsftpd-3.0.2-18.1 vsftpd-debuginfo-3.0.2-18.1 vsftpd-debugsource-3.0.2-18.1 References: http://support.novell.com/security/cve/CVE-2015-1419.html https://bugzilla.suse.com/900326 https://bugzilla.suse.com/915522 From sle-updates at lists.suse.com Wed Mar 18 10:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 17:04:54 +0100 (CET) Subject: SUSE-RU-2015:0524-1: moderate: Recommended update for haveged Message-ID: <20150318160454.624B83238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for haveged ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0524-1 Rating: moderate References: #898669 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: haveged has been added to the initial ramdisk to generate randomness earlier during bootup. Also it was changed to be active longer during shutdown phases. This helps when randomness is lacking during bootup which can regular happen during Virtual Machine scenarios. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-128=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-128=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-128=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): haveged-debuginfo-1.9.1-8.1 haveged-debugsource-1.9.1-8.1 haveged-devel-1.9.1-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): haveged-1.9.1-8.1 haveged-debuginfo-1.9.1-8.1 haveged-debugsource-1.9.1-8.1 libhavege1-1.9.1-8.1 libhavege1-debuginfo-1.9.1-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): haveged-1.9.1-8.1 haveged-debuginfo-1.9.1-8.1 haveged-debugsource-1.9.1-8.1 libhavege1-1.9.1-8.1 libhavege1-debuginfo-1.9.1-8.1 References: https://bugzilla.suse.com/898669 From sle-updates at lists.suse.com Wed Mar 18 11:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 18:04:55 +0100 (CET) Subject: SUSE-RU-2015:0525-1: Recommended update for crowbar-barclamp-neutron and openstack-neutron Message-ID: <20150318170455.B99B73238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-neutron and openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0525-1 Rating: low References: #912647 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes two new package versions. Description: This update for openstack- and crowbar-barclamp-neutron provides stability fixes from the upstream OpenStack project: * openstack-neutron o Backport additional SSL settings for nova-notification from Juno (bnc#912647) o Add nova_api_insecure-flag to neutron o Add nova_ca_certificates_file-option to neutron o Race for l2pop when ports go up/down on same host o NSX: sync thread catches wrong exceptions on not found o Notifier: Catch NotFound error from nova o Fix enable_metadata_network flag o Fix hostname validation for nameservers o BSN: Set inconsistency record on delete failure o Optimize query in _select_dhcp_ips_for_network_ids * crowbar-barclamp-neutron o Add "insecure" and ca cert options to nova notification (bnc#912647) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-neutron-0115=10189 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev75]: openstack-neutron-2014.1.4.dev75-0.7.1 openstack-neutron-dhcp-agent-2014.1.4.dev75-0.7.1 openstack-neutron-ha-tool-2014.1.4.dev75-0.7.1 openstack-neutron-l3-agent-2014.1.4.dev75-0.7.1 openstack-neutron-lbaas-agent-2014.1.4.dev75-0.7.1 openstack-neutron-linuxbridge-agent-2014.1.4.dev75-0.7.1 openstack-neutron-metadata-agent-2014.1.4.dev75-0.7.1 openstack-neutron-metering-agent-2014.1.4.dev75-0.7.1 openstack-neutron-mlnx-agent-2014.1.4.dev75-0.7.1 openstack-neutron-nec-agent-2014.1.4.dev75-0.7.1 openstack-neutron-openvswitch-agent-2014.1.4.dev75-0.7.1 openstack-neutron-plugin-cisco-2014.1.4.dev75-0.7.1 openstack-neutron-ryu-agent-2014.1.4.dev75-0.7.1 openstack-neutron-server-2014.1.4.dev75-0.7.1 openstack-neutron-vpn-agent-2014.1.4.dev75-0.7.1 python-neutron-2014.1.4.dev75-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev75]: crowbar-barclamp-neutron-1.8+git.1421316516.2cd366b-0.7.2 openstack-neutron-doc-2014.1.4.dev75-0.7.1 References: https://bugzilla.suse.com/912647 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=0282c9331fe15cc165ed3ebf32324451 From sle-updates at lists.suse.com Wed Mar 18 11:05:34 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 18:05:34 +0100 (CET) Subject: SUSE-SU-2015:0526-1: moderate: Security update for glibc Message-ID: <20150318170534.6F69232395@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0526-1 Rating: moderate References: #864081 #905313 #906371 #909053 #910599 #915526 #915985 #916222 Cross-References: CVE-2013-7423 CVE-2014-7817 CVE-2014-9402 CVE-2015-1472 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: glibc has been updated to fix four security issues. These security issues were fixed: - CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))" (bnc#906371). - CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222). - CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599). - CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526). These non-security issues were fixed: - Fix infinite loop in check_pf (bsc#909053) - Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985). - Don't touch user-controlled stdio locks in forked child (bsc#864081) - Don't use gcc extensions for non-gcc compilers (bsc#905313) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-129=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-129=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-129=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): glibc-debuginfo-2.19-20.3 glibc-debugsource-2.19-20.3 glibc-devel-static-2.19-20.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): glibc-2.19-20.3 glibc-debuginfo-2.19-20.3 glibc-debugsource-2.19-20.3 glibc-devel-2.19-20.3 glibc-devel-debuginfo-2.19-20.3 glibc-locale-2.19-20.3 glibc-locale-debuginfo-2.19-20.3 glibc-profile-2.19-20.3 nscd-2.19-20.3 nscd-debuginfo-2.19-20.3 - SUSE Linux Enterprise Server 12 (s390x x86_64): glibc-32bit-2.19-20.3 glibc-debuginfo-32bit-2.19-20.3 glibc-devel-32bit-2.19-20.3 glibc-devel-debuginfo-32bit-2.19-20.3 glibc-locale-32bit-2.19-20.3 glibc-locale-debuginfo-32bit-2.19-20.3 glibc-profile-32bit-2.19-20.3 - SUSE Linux Enterprise Server 12 (noarch): glibc-html-2.19-20.3 glibc-i18ndata-2.19-20.3 glibc-info-2.19-20.3 - SUSE Linux Enterprise Desktop 12 (x86_64): glibc-2.19-20.3 glibc-32bit-2.19-20.3 glibc-debuginfo-2.19-20.3 glibc-debuginfo-32bit-2.19-20.3 glibc-debugsource-2.19-20.3 glibc-devel-2.19-20.3 glibc-devel-32bit-2.19-20.3 glibc-devel-debuginfo-2.19-20.3 glibc-devel-debuginfo-32bit-2.19-20.3 glibc-locale-2.19-20.3 glibc-locale-32bit-2.19-20.3 glibc-locale-debuginfo-2.19-20.3 glibc-locale-debuginfo-32bit-2.19-20.3 nscd-2.19-20.3 nscd-debuginfo-2.19-20.3 - SUSE Linux Enterprise Desktop 12 (noarch): glibc-i18ndata-2.19-20.3 References: http://support.novell.com/security/cve/CVE-2013-7423.html http://support.novell.com/security/cve/CVE-2014-7817.html http://support.novell.com/security/cve/CVE-2014-9402.html http://support.novell.com/security/cve/CVE-2015-1472.html https://bugzilla.suse.com/864081 https://bugzilla.suse.com/905313 https://bugzilla.suse.com/906371 https://bugzilla.suse.com/909053 https://bugzilla.suse.com/910599 https://bugzilla.suse.com/915526 https://bugzilla.suse.com/915985 https://bugzilla.suse.com/916222 From sle-updates at lists.suse.com Wed Mar 18 15:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Mar 2015 22:04:54 +0100 (CET) Subject: SUSE-SU-2015:0529-1: important: Security update for the Linux Kernel Message-ID: <20150318210454.F1B183238C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0529-1 Rating: important References: #799216 #800255 #860346 #875220 #877456 #884407 #895805 #896484 #897736 #898687 #900270 #902286 #902346 #902349 #903640 #904177 #904883 #904899 #904901 #905100 #905304 #905329 #905482 #905783 #906196 #907069 #908069 #908322 #908825 #908904 #909829 #910322 #911326 #912202 #912654 #912705 #913059 #914112 #914126 #914254 #914291 #914294 #914300 #914457 #914464 #914726 #915188 #915322 #915335 #915425 #915454 #915456 #915550 #915660 #916107 #916513 #916646 #917089 #917128 #918161 #918255 Cross-References: CVE-2014-3673 CVE-2014-3687 CVE-2014-7822 CVE-2014-7841 CVE-2014-8160 CVE-2014-8559 CVE-2014-9419 CVE-2014-9584 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 53 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive various security and bugfixes. This update contains the following feature enablements: - The remote block device (rbd) and ceph drivers have been enabled and are now supported. (FATE#318350) These can be used e.g. for accessing the SUSE Enterprise Storage product services. - Support for Intel Select Bay trail CPUs has been added. (FATE#316038) Following security issues were fixed: - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 did not ensure that Thread Local Storage (TLS) descriptors were loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (bnc#911326). - CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. - CVE-2014-8160: The connection tracking module could be bypassed if a specific protocol module was not loaded, e.g. allowing SCTP traffic while the firewall should have filtered it. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). The following non-security bugs were fixed: - audit: Allow login in non-init namespaces (bnc#916107). - btrfs: avoid unnecessary switch of path locks to blocking mode. - btrfs: fix directory inconsistency after fsync log replay (bnc#915425). - btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bnc#915425). - btrfs: fix fsync race leading to ordered extent memory leaks (bnc#917128). - btrfs: fix fsync when extend references are added to an inode (bnc#915425). - btrfs: fix missing error handler if submiting re-read bio fails. - btrfs: fix race between transaction commit and empty block group removal (bnc#915550). - btrfs: fix scrub race leading to use-after-free (bnc#915456). - btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454). - btrfs: improve free space cache management and space allocation. - btrfs: make btrfs_search_forward return with nodes unlocked. - btrfs: scrub, fix sleep in atomic context (bnc#915456). - btrfs: unlock nodes earlier when inserting items in a btree. - drm/i915: On G45 enable cursor plane briefly after enabling the display plane (bnc#918161). - Fix Module.supported handling for external modules (bnc#905304). - keys: close race between key lookup and freeing (bnc#912202). - msi: also reject resource with flags all clear. - pci: Add ACS quirk for Emulex NICs (bug#917089). - pci: Add ACS quirk for Intel 10G NICs (bug#917089). - pci: Add ACS quirk for Solarflare SFC9120 & SFC9140 (bug#917089). - Refresh other Xen patches (bsc#909829). - Update patches.suse/btrfs-8177-improve-free-space-cache-management-and-space-.patc h (bnc#895805). - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (bug#908322). - be2net: refactor code that checks flash file compatibility (bug#908322). - ceph: Add necessary clean up if invalid reply received in handle_reply() (bsc#918255). - crush: CHOOSE_LEAF -> CHOOSELEAF throughout (bsc#918255). - crush: add SET_CHOOSE_TRIES rule step (bsc#918255). - crush: add note about r in recursive choose (bsc#918255). - crush: add set_choose_local_[fallback_]tries steps (bsc#918255). - crush: apply chooseleaf_tries to firstn mode too (bsc#918255). - crush: attempts -> tries (bsc#918255). - crush: clarify numrep vs endpos (bsc#918255). - crush: eliminate CRUSH_MAX_SET result size limitation (bsc#918255). - crush: factor out (trivial) crush_destroy_rule() (bsc#918255). - crush: fix crush_choose_firstn comment (bsc#918255). - crush: fix some comments (bsc#918255). - crush: generalize descend_once (bsc#918255). - crush: new SET_CHOOSE_LEAF_TRIES command (bsc#918255). - crush: pass parent r value for indep call (bsc#918255). - crush: pass weight vector size to map function (bsc#918255). - crush: reduce scope of some local variables (bsc#918255). - crush: return CRUSH_ITEM_UNDEF for failed placements with indep (bsc#918255). - crush: strip firstn conditionals out of crush_choose, rename (bsc#918255). - crush: use breadth-first search for indep mode (bsc#918255). - crypto: drbg - panic on continuous self test error (bsc#905482). - dasd: List corruption in error recovery (bnc#914291, LTC#120865). - epoll: optimize setting task running after blocking (epoll-performance). - fips: We need to activate gcm(aes) in FIPS mode, RFCs 4106 and 4543 (bsc#914126,bsc#914457). - fips: __driver-gcm-aes-aesni needs to be listed explicitly inside the testmgr.c file (bsc#914457). - flow_dissector: add tipc support (bnc#916513). - hotplug, powerpc, x86: Remove cpu_hotplug_driver_lock() (bsc#907069). - hyperv: Add support for vNIC hot removal. - kernel: incorrect clock_gettime result (bnc#914291, LTC#121184). - kvm: iommu: Add cond_resched to legacy device assignment code (bsc#898687). - libceph: CEPH_OSD_FLAG_* enum update (bsc#918255). - libceph: add ceph_kv{malloc,free}() and switch to them (bsc#918255). - libceph: add ceph_pg_pool_by_id() (bsc#918255). - libceph: all features fields must be u64 (bsc#918255). - libceph: dout() is missing a newline (bsc#918255). - libceph: factor out logic from ceph_osdc_start_request() (bsc#918255). - libceph: fix error handling in ceph_osdc_init() (bsc#918255). - libceph: follow redirect replies from osds (bsc#918255). - libceph: follow {read,write}_tier fields on osd request submission (bsc#918255). - libceph: introduce and start using oid abstraction (bsc#918255). - libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN (bsc#918255). - libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid} (bsc#918255). - libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg() (bsc#918255). - libceph: start using oloc abstraction (bsc#918255). - libceph: take map_sem for read in handle_reply() (bsc#918255). - libceph: update ceph_features.h (bsc#918255). - libceph: use CEPH_MON_PORT when the specified port is 0 (bsc#918255). - locking/mutex: Explicitly mark task as running after wakeup (mutex scalability). - locking/osq: No need for load/acquire when acquire-polling (mutex scalability). - locking/rtmutex: Optimize setting task running after being blocked (mutex scalability). - mm/compaction: fix wrong order check in compact_finished() (VM Performance, bnc#904177). - mm/compaction: stop the isolation when we isolate enough freepage (VM Performance, bnc#904177). - mm: fix negative nr_isolated counts (VM Performance). - mutex-debug: Always clear owner field upon mutex_unlock() (mutex bugfix). - net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes (bsc#918255). - net: allow macvlans to move to net namespace (bnc#915660). - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr struct from userland (bnc#900270). - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484). - ocfs2: remove filesize checks for sync I/O journal commit (bnc#800255). Update references. - powerpc/xmon: Fix another endiannes issue in RTAS call from xmon (bsc#915188). - pvscsi: support suspend/resume (bsc#902286). - random: account for entropy loss due to overwrites (bsc#904883,bsc#904901). - random: allow fractional bits to be tracked (bsc#904883,bsc#904901). - random: statically compute poolbitshift, poolbytes, poolbits (bsc#904883,bsc#904901). - rbd: add "^A" sysfs rbd device attribute (bsc#918255). - rbd: add support for single-major device number allocation scheme (bsc#918255). - rbd: enable extended devt in single-major mode (bsc#918255). - rbd: introduce rbd_dev_header_unwatch_sync() and switch to it (bsc#918255). - rbd: rbd_device::dev_id is an int, format it as such (bsc#918255). - rbd: refactor rbd_init() a bit (bsc#918255). - rbd: switch to ida for rbd id assignments (bsc#918255). - rbd: tear down watch request if rbd_dev_device_setup() fails (bsc#918255). - rbd: tweak "loaded" message and module description (bsc#918255). - rbd: wire up is_visible() sysfs callback for rbd bus (bsc#918255). - rpm/kernel-binary.spec.in: Own the modules directory in the devel package (bnc#910322) - s390/dasd: fix infinite loop during format (bnc#914291, LTC#120608). - s390/dasd: remove unused code (bnc#914291, LTC#120608). - sched/Documentation: Remove unneeded word (mutex scalability). - sched/completion: Add lock-free checking of the blocking case (scheduler scalability). - scsifront: avoid acquiring same lock twice if ring is full. - scsifront: do not use bitfields for indicators modified under different locks. - swiotlb: Warn on allocation failure in swiotlb_alloc_coherent (bsc#905783). - uas: Add NO_ATA_1X for VIA VL711 devices (bnc#914254). - uas: Add US_FL_NO_ATA_1X for 2 more Seagate disk enclosures (bnc#914254). - uas: Add US_FL_NO_ATA_1X for Seagate devices with usb-id 0bc2:a013 (bnc#914254). - uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model (bnc#914254). - uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models (bnc#914254). - uas: Add US_FL_NO_ATA_1X quirk for Seagate (0bc2:ab20) drives (bnc#914254). - uas: Add a quirk for rejecting ATA_12 and ATA_16 commands (bnc#914254). - uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check (bnc#914294). - uas: Add no-report-opcodes quirk (bnc#914254). - uas: Disable uas on ASM1051 devices (bnc#914294). - uas: Do not blacklist ASM1153 disk enclosures (bnc#914294). - uas: Use streams on upcoming 10Gbps / 3.1 USB (bnc#914464). - uas: disable UAS on Apricorn SATA dongles (bnc#914300). - usb-storage: support for more than 8 LUNs (bsc#906196). - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783). - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783). - x86, swiotlb: Try coherent allocations with __GFP_NOWARN (bsc#905783). - x86/hpet: Make boot_hpet_disable extern (bnc#916646). - x86/intel: Add quirk to disable HPET for the Baytrail platform (bnc#916646). - x86: irq: Check for valid irq descriptor incheck_irq_vectors_for_cpu_disable (bnc#914726). - x86: irq: Check for valid irq descriptor in check_irq_vectors_for_cpu_disable (bnc#914726). - xhci: Add broken-streams quirk for Fresco Logic FL1000G xhci controllers (bnc#914112). - zcrypt: Number of supported ap domains is not retrievable (bnc#914291, LTC#120788). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-130=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-130=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-130=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-130=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-130=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-130=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.38-44.1 kernel-default-debugsource-3.12.38-44.1 kernel-default-extra-3.12.38-44.1 kernel-default-extra-debuginfo-3.12.38-44.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.38-44.1 kernel-obs-build-debugsource-3.12.38-44.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.38-44.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.38-44.1 kernel-default-base-3.12.38-44.1 kernel-default-base-debuginfo-3.12.38-44.1 kernel-default-debuginfo-3.12.38-44.1 kernel-default-debugsource-3.12.38-44.1 kernel-default-devel-3.12.38-44.1 kernel-syms-3.12.38-44.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.38-44.1 kernel-xen-base-3.12.38-44.1 kernel-xen-base-debuginfo-3.12.38-44.1 kernel-xen-debuginfo-3.12.38-44.1 kernel-xen-debugsource-3.12.38-44.1 kernel-xen-devel-3.12.38-44.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.38-44.1 kernel-macros-3.12.38-44.1 kernel-source-3.12.38-44.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.38-44.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.38-44.1 kernel-ec2-debuginfo-3.12.38-44.1 kernel-ec2-debugsource-3.12.38-44.1 kernel-ec2-devel-3.12.38-44.1 kernel-ec2-extra-3.12.38-44.1 kernel-ec2-extra-debuginfo-3.12.38-44.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_38-44-default-1-2.2 kgraft-patch-3_12_38-44-xen-1-2.2 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.38-44.1 kernel-default-debuginfo-3.12.38-44.1 kernel-default-debugsource-3.12.38-44.1 kernel-default-devel-3.12.38-44.1 kernel-default-extra-3.12.38-44.1 kernel-default-extra-debuginfo-3.12.38-44.1 kernel-syms-3.12.38-44.1 kernel-xen-3.12.38-44.1 kernel-xen-debuginfo-3.12.38-44.1 kernel-xen-debugsource-3.12.38-44.1 kernel-xen-devel-3.12.38-44.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.38-44.1 kernel-macros-3.12.38-44.1 kernel-source-3.12.38-44.1 References: http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-3687.html http://support.novell.com/security/cve/CVE-2014-7822.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8160.html http://support.novell.com/security/cve/CVE-2014-8559.html http://support.novell.com/security/cve/CVE-2014-9419.html http://support.novell.com/security/cve/CVE-2014-9584.html https://bugzilla.suse.com/799216 https://bugzilla.suse.com/800255 https://bugzilla.suse.com/860346 https://bugzilla.suse.com/875220 https://bugzilla.suse.com/877456 https://bugzilla.suse.com/884407 https://bugzilla.suse.com/895805 https://bugzilla.suse.com/896484 https://bugzilla.suse.com/897736 https://bugzilla.suse.com/898687 https://bugzilla.suse.com/900270 https://bugzilla.suse.com/902286 https://bugzilla.suse.com/902346 https://bugzilla.suse.com/902349 https://bugzilla.suse.com/903640 https://bugzilla.suse.com/904177 https://bugzilla.suse.com/904883 https://bugzilla.suse.com/904899 https://bugzilla.suse.com/904901 https://bugzilla.suse.com/905100 https://bugzilla.suse.com/905304 https://bugzilla.suse.com/905329 https://bugzilla.suse.com/905482 https://bugzilla.suse.com/905783 https://bugzilla.suse.com/906196 https://bugzilla.suse.com/907069 https://bugzilla.suse.com/908069 https://bugzilla.suse.com/908322 https://bugzilla.suse.com/908825 https://bugzilla.suse.com/908904 https://bugzilla.suse.com/909829 https://bugzilla.suse.com/910322 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/912202 https://bugzilla.suse.com/912654 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/913059 https://bugzilla.suse.com/914112 https://bugzilla.suse.com/914126 https://bugzilla.suse.com/914254 https://bugzilla.suse.com/914291 https://bugzilla.suse.com/914294 https://bugzilla.suse.com/914300 https://bugzilla.suse.com/914457 https://bugzilla.suse.com/914464 https://bugzilla.suse.com/914726 https://bugzilla.suse.com/915188 https://bugzilla.suse.com/915322 https://bugzilla.suse.com/915335 https://bugzilla.suse.com/915425 https://bugzilla.suse.com/915454 https://bugzilla.suse.com/915456 https://bugzilla.suse.com/915550 https://bugzilla.suse.com/915660 https://bugzilla.suse.com/916107 https://bugzilla.suse.com/916513 https://bugzilla.suse.com/916646 https://bugzilla.suse.com/917089 https://bugzilla.suse.com/917128 https://bugzilla.suse.com/918161 https://bugzilla.suse.com/918255 From sle-updates at lists.suse.com Wed Mar 18 17:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 00:04:44 +0100 (CET) Subject: SUSE-RU-2015:0530-1: moderate: Recommended update for sed Message-ID: <20150318230444.D4D983238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for sed ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0530-1 Rating: moderate References: #880817 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sed fixes a segmentation fault caused by an attempt do close a file twice. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-sed=10355 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-sed=10355 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sed=10355 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): sed-4.1.5-85.24.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): sed-4.1.5-85.24.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): sed-4.1.5-85.24.1 References: https://bugzilla.suse.com/880817 http://download.suse.com/patch/finder/?keywords=6f87f6b134534be22245fa7f6f99ced0 From sle-updates at lists.suse.com Wed Mar 18 17:05:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 00:05:04 +0100 (CET) Subject: SUSE-RU-2015:0531-1: Recommended update for procinfo Message-ID: <20150318230504.84A5D3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for procinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0531-1 Rating: low References: #900125 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a segmentation fault in procinfo(8) when running on systems with more than 32 character devices listed in /proc/devices. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-procinfo=10447 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-procinfo=10447 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-procinfo=10447 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): procinfo-18-198.16.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): procinfo-18-198.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): procinfo-18-198.16.1 References: https://bugzilla.suse.com/900125 http://download.suse.com/patch/finder/?keywords=5a165d7707248ba907ca78260daf25b3 From sle-updates at lists.suse.com Wed Mar 18 17:05:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 00:05:23 +0100 (CET) Subject: SUSE-RU-2015:0532-1: Recommended update for microcode_ctl Message-ID: <20150318230523.2CB6D32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0532-1 Rating: low References: #891765 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for microcode_ctl adds post-installation dependencies which were missing. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-microcode_ctl=10478 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-microcode_ctl=10478 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-microcode_ctl=10478 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): microcode_ctl-1.17-102.76.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.76.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.76.1 References: https://bugzilla.suse.com/891765 http://download.suse.com/patch/finder/?keywords=c56418f7944a06dfa4ff3c6bfff03334 From sle-updates at lists.suse.com Wed Mar 18 19:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 02:04:52 +0100 (CET) Subject: SUSE-RU-2015:0533-1: Recommended update for python-rtslib Message-ID: <20150319010452.784303235C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rtslib ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0533-1 Rating: low References: #856490 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rtslib fixes the following issues: * When running as root, mount configFS under /sys/kernel/config if it's not yet mounted. (bsc#856490) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-rtslib=10485 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-rtslib=10485 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-rtslib-2.1.fb27-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-rtslib-2.1.fb27-0.11.1 References: https://bugzilla.suse.com/856490 http://download.suse.com/patch/finder/?keywords=1a1b198af41c59c646313394e3546e73 From sle-updates at lists.suse.com Thu Mar 19 03:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 10:04:51 +0100 (CET) Subject: SUSE-RU-2015:0535-1: moderate: Recommended update for Machinery Message-ID: <20150319090451.8030A3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for Machinery ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0535-1 Rating: moderate References: #914712 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Machinery has been updated to version 1.5.0, bringing the following enhancements and fixes: - Fixed issue with changes of managed files on RHEL - Improved error output for system descriptions which have outdated formats - Added `--short` option to list command for showing a short list of all descriptions - Added `--skip-files` option to `inspect` command for unmanaged files - Added support for inspecting System z and POWER LE systems - Added support to run Machinery on System z and POWER LE - Handle system description errors as warnings - Added `machinery upgrade-format --force` command - Support inspection of Red Hat Enterprise Linux 6 systems - Introduce system description format version 3 (see https://github.com/SUSE/machinery/wiki/System-Description-Format#version-3) - Usability improvements of the HTML view - Speed up `machinery list` command. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2015-131=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): machinery-1.5.0-20.1 machinery-debuginfo-1.5.0-20.1 machinery-debugsource-1.5.0-20.1 References: https://bugzilla.suse.com/914712 From sle-updates at lists.suse.com Thu Mar 19 09:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 16:04:53 +0100 (CET) Subject: SUSE-RU-2015:0539-1: Recommended update for freeradius-server Message-ID: <20150319150453.6274A3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0539-1 Rating: low References: #912941 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides a set of back-end plug-ins for freeradius-server, allowing users to store the Radius databases on MySQL, PostgreSQL and SQLite, and query authentication data from LDAP and Kerberos. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-132=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-132=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-10.1 freeradius-server-debugsource-3.0.3-10.1 freeradius-server-devel-3.0.3-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): freeradius-server-3.0.3-10.1 freeradius-server-debuginfo-3.0.3-10.1 freeradius-server-debugsource-3.0.3-10.1 freeradius-server-doc-3.0.3-10.1 freeradius-server-krb5-3.0.3-10.1 freeradius-server-krb5-debuginfo-3.0.3-10.1 freeradius-server-ldap-3.0.3-10.1 freeradius-server-ldap-debuginfo-3.0.3-10.1 freeradius-server-libs-3.0.3-10.1 freeradius-server-libs-debuginfo-3.0.3-10.1 freeradius-server-mysql-3.0.3-10.1 freeradius-server-mysql-debuginfo-3.0.3-10.1 freeradius-server-perl-3.0.3-10.1 freeradius-server-perl-debuginfo-3.0.3-10.1 freeradius-server-postgresql-3.0.3-10.1 freeradius-server-postgresql-debuginfo-3.0.3-10.1 freeradius-server-python-3.0.3-10.1 freeradius-server-python-debuginfo-3.0.3-10.1 freeradius-server-sqlite-3.0.3-10.1 freeradius-server-sqlite-debuginfo-3.0.3-10.1 freeradius-server-utils-3.0.3-10.1 freeradius-server-utils-debuginfo-3.0.3-10.1 References: https://bugzilla.suse.com/912941 From sle-updates at lists.suse.com Thu Mar 19 12:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 19:04:53 +0100 (CET) Subject: SUSE-SU-2015:0541-1: important: Security update for openssl Message-ID: <20150319180453.28A053238C@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0541-1 Rating: important References: #919648 #920236 #922488 #922496 #922499 #922500 Cross-References: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-133=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-133=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-133=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-20.1 openssl-debuginfo-1.0.1i-20.1 openssl-debugsource-1.0.1i-20.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-20.1 libopenssl1_0_0-debuginfo-1.0.1i-20.1 libopenssl1_0_0-hmac-1.0.1i-20.1 openssl-1.0.1i-20.1 openssl-debuginfo-1.0.1i-20.1 openssl-debugsource-1.0.1i-20.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-20.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-20.1 libopenssl1_0_0-hmac-32bit-1.0.1i-20.1 - SUSE Linux Enterprise Server 12 (noarch): openssl-doc-1.0.1i-20.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libopenssl1_0_0-1.0.1i-20.1 libopenssl1_0_0-32bit-1.0.1i-20.1 libopenssl1_0_0-debuginfo-1.0.1i-20.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-20.1 openssl-1.0.1i-20.1 openssl-debuginfo-1.0.1i-20.1 openssl-debugsource-1.0.1i-20.1 References: http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 From sle-updates at lists.suse.com Thu Mar 19 14:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 21:04:49 +0100 (CET) Subject: SUSE-SU-2015:0543-1: moderate: Security update for compat-openssl097g Message-ID: <20150319200449.8441032395@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0543-1 Rating: moderate References: #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Security Issues: * CVE-2015-0286 * CVE-2015-0287 * CVE-2015-0288 * CVE-2015-0289 * CVE-2015-0292 * CVE-2015-0293 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g=10471 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.29.1 compat-openssl097g-32bit-0.9.7g-146.22.29.1 References: http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=cbb862a783aa369999aa847660873457 From sle-updates at lists.suse.com Thu Mar 19 14:06:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 21:06:01 +0100 (CET) Subject: SUSE-RU-2015:0544-1: moderate: Recommended update for vm-install Message-ID: <20150319200601.A943232395@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0544-1 Rating: moderate References: #857916 #886623 #906248 #913744 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for vm-install provides fixes for the following issues: - DomU upgrade from SLES 11 SP3 to SLES 12 using installation source doesn't give the user the option to upgrade. (bsc#913744) - keymap option not passed to Xen vm. (bsc#857916) - openSUSE 13.2 i586 not installable as Xen PV-guest. (bsc#906248) - GtkWarning/assertion error in vm-install. (bsc#886623) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-134=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-134=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vm-install-0.8.37-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): vm-install-0.8.37-4.1 References: https://bugzilla.suse.com/857916 https://bugzilla.suse.com/886623 https://bugzilla.suse.com/906248 https://bugzilla.suse.com/913744 From sle-updates at lists.suse.com Thu Mar 19 16:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 23:04:50 +0100 (CET) Subject: SUSE-SU-2015:0545-1: moderate: Security update for OpenSSL Message-ID: <20150319220450.7D4833238C@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0545-1 Rating: moderate References: #915976 #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2009-5146 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes one version update. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. * CVE-2009-5146: A memory leak in the TLS hostname extension was fixed, which could be used by remote attackers to run SSL services out of memory. Security Issues: * CVE-2009-5146 * CVE-2015-0209 * CVE-2015-0286 * CVE-2015-0287 * CVE-2015-0288 * CVE-2015-0289 * CVE-2015-0292 * CVE-2015-0293 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libopenssl-devel=10482 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libopenssl-devel=10483 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.70.1 libopenssl0_9_8-0.9.8j-0.70.1 libopenssl0_9_8-hmac-0.9.8j-0.70.1 openssl-0.9.8j-0.70.1 openssl-doc-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.70.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.70.1 libopenssl0_9_8-0.9.8j-0.70.1 libopenssl0_9_8-hmac-0.9.8j-0.70.1 openssl-0.9.8j-0.70.1 openssl-doc-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.70.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.70.1 References: http://support.novell.com/security/cve/CVE-2009-5146.html http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/915976 https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=18f56d6c348878663b255f479a9e1a4c http://download.suse.com/patch/finder/?keywords=2b1c96bf02dfd4668ae970ed96712b39 From sle-updates at lists.suse.com Thu Mar 19 16:06:16 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 23:06:16 +0100 (CET) Subject: SUSE-SU-2015:0546-1: moderate: Security update for OpenSSL Message-ID: <20150319220616.EFA4B3238C@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0546-1 Rating: moderate References: #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Security Issues: * CVE-2015-0209 * CVE-2015-0286 * CVE-2015-0287 * CVE-2015-0288 * CVE-2015-0289 * CVE-2015-0292 * CVE-2015-0293 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel=10484 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.26.1 libopenssl1_0_0-1.0.1g-0.26.1 openssl1-1.0.1g-0.26.1 openssl1-doc-1.0.1g-0.26.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.26.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.26.1 References: http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=8f106335c8c2085854a211b37a1707cd From sle-updates at lists.suse.com Thu Mar 19 16:07:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 23:07:35 +0100 (CET) Subject: SUSE-SU-2015:0547-1: moderate: Security update for OpenSSL Message-ID: <20150319220735.713AA32395@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0547-1 Rating: moderate References: #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SLES for SAP Applications ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Security Issues: * CVE-2015-0286 * CVE-2015-0287 * CVE-2015-0288 * CVE-2015-0289 * CVE-2015-0292 * CVE-2015-0293 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-openssl097g=10470 - SLES for SAP Applications: zypper in -t patch slesappsp3-compat-openssl097g=10470 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.29.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.29.1 - SLES for SAP Applications (x86_64): compat-openssl097g-0.9.7g-146.22.29.1 compat-openssl097g-32bit-0.9.7g-146.22.29.1 References: http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=a5079ad46fc68ec57153437dfe356825 From sle-updates at lists.suse.com Thu Mar 19 16:08:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 23:08:36 +0100 (CET) Subject: SUSE-SU-2015:0548-1: moderate: Security update for compat-openssl097g Message-ID: <20150319220836.B63F032395@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0548-1 Rating: moderate References: #922488 #922496 #922499 #922500 #922501 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): compat-openssl097g-0.9.7g-13.29.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): compat-openssl097g-32bit-0.9.7g-13.29.1 References: https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=3f17161da9396c0b8ebe105d38ad90d0 From sle-updates at lists.suse.com Thu Mar 19 16:09:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Mar 2015 23:09:35 +0100 (CET) Subject: SUSE-SU-2015:0549-1: moderate: Security update for OpenSSL Message-ID: <20150319220935.0A56B32395@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0549-1 Rating: moderate References: #919648 #920236 #922488 #922496 #922499 #922500 #922501 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.90.1 openssl-devel-0.9.8a-18.90.1 openssl-doc-0.9.8a-18.90.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.90.1 openssl-devel-32bit-0.9.8a-18.90.1 References: https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=eec1ae898b7841dccefa6d941018057e From sle-updates at lists.suse.com Thu Mar 19 17:05:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 00:05:02 +0100 (CET) Subject: SUSE-SU-2015:0550-1: moderate: Security update for glibc Message-ID: <20150319230502.2BBD732395@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0550-1 Rating: moderate References: #887022 #906371 #910599 #916222 #918233 Cross-References: CVE-2013-7423 CVE-2014-7817 CVE-2014-9402 CVE-2015-1472 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: glibc has been updated to fix four security issues: * CVE-2014-0475: Directory traversal in locale environment handling (bnc#887022) * CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371) * CVE-2014-9402: Avoid infinite loop in nss_dns getnetbyname (bsc#910599) * CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222) This non-security issue has been fixed: * Fix missing zero termination (bnc#918233) Security Issues: * CVE-2015-1472 * CVE-2013-7423 * CVE-2014-7817 * CVE-2014-9402 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 i686 s390x x86_64): glibc-2.4-31.117.1 glibc-devel-2.4-31.117.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): glibc-html-2.4-31.117.1 glibc-i18ndata-2.4-31.117.1 glibc-info-2.4-31.117.1 glibc-locale-2.4-31.117.1 glibc-profile-2.4-31.117.1 nscd-2.4-31.117.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): glibc-32bit-2.4-31.117.1 glibc-devel-32bit-2.4-31.117.1 glibc-locale-32bit-2.4-31.117.1 glibc-profile-32bit-2.4-31.117.1 References: http://support.novell.com/security/cve/CVE-2013-7423.html http://support.novell.com/security/cve/CVE-2014-7817.html http://support.novell.com/security/cve/CVE-2014-9402.html http://support.novell.com/security/cve/CVE-2015-1472.html https://bugzilla.suse.com/887022 https://bugzilla.suse.com/906371 https://bugzilla.suse.com/910599 https://bugzilla.suse.com/916222 https://bugzilla.suse.com/918233 http://download.suse.com/patch/finder/?keywords=ddad3e23b15c5919bf5e29a0fcedc637 From sle-updates at lists.suse.com Thu Mar 19 17:06:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 00:06:12 +0100 (CET) Subject: SUSE-SU-2015:0551-1: moderate: Security update for glibc Message-ID: <20150319230612.CF3CA3238C@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0551-1 Rating: moderate References: #887022 #906371 #910599 #915526 #916222 #918233 Cross-References: CVE-2013-7423 CVE-2014-7817 CVE-2014-9402 CVE-2015-1472 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: glibc has been updated to fix four security issues: * CVE-2014-0475: Directory traversal in locale environment handling (bnc#887022) * CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371) * CVE-2014-9402: Avoid infinite loop in nss_dns getnetbyname (bsc#910599) * CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222) * CVE-2013-7423: getaddrinfo() wrote DNS queries to random file descriptors under high load. (bnc#915526) This non-security issue was fixed: * Fix missing zero termination (bnc#918233) Security Issues: * CVE-2015-1472 * CVE-2013-7423 * CVE-2014-7817 * CVE-2014-9402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-glibc=10401 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-glibc=10382 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.45.59.1 glibc-devel-2.11.3-17.45.59.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.45.59.1 glibc-i18ndata-2.11.3-17.45.59.1 glibc-info-2.11.3-17.45.59.1 glibc-locale-2.11.3-17.45.59.1 glibc-profile-2.11.3-17.45.59.1 nscd-2.11.3-17.45.59.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): glibc-32bit-2.11.3-17.45.59.1 glibc-devel-32bit-2.11.3-17.45.59.1 glibc-locale-32bit-2.11.3-17.45.59.1 glibc-profile-32bit-2.11.3-17.45.59.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 i686 s390x x86_64): glibc-2.11.1-0.64.1 glibc-devel-2.11.1-0.64.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): glibc-html-2.11.1-0.64.1 glibc-i18ndata-2.11.1-0.64.1 glibc-info-2.11.1-0.64.1 glibc-locale-2.11.1-0.64.1 glibc-profile-2.11.1-0.64.1 nscd-2.11.1-0.64.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): glibc-32bit-2.11.1-0.64.1 glibc-devel-32bit-2.11.1-0.64.1 glibc-locale-32bit-2.11.1-0.64.1 glibc-profile-32bit-2.11.1-0.64.1 References: http://support.novell.com/security/cve/CVE-2013-7423.html http://support.novell.com/security/cve/CVE-2014-7817.html http://support.novell.com/security/cve/CVE-2014-9402.html http://support.novell.com/security/cve/CVE-2015-1472.html https://bugzilla.suse.com/887022 https://bugzilla.suse.com/906371 https://bugzilla.suse.com/910599 https://bugzilla.suse.com/915526 https://bugzilla.suse.com/916222 https://bugzilla.suse.com/918233 http://download.suse.com/patch/finder/?keywords=59aada66a6181e4fc79f7233887b7f74 http://download.suse.com/patch/finder/?keywords=68a9641d4061f4e1326d0bdc84774515 From sle-updates at lists.suse.com Thu Mar 19 19:05:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 02:05:01 +0100 (CET) Subject: SUSE-RU-2015:0552-1: Recommended update for man-pages Message-ID: <20150320010501.EF97B32361@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0552-1 Rating: low References: #910082 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for man-pages clarifies the difference in adjtimex()'s return codes between 2.x and 3.x kernels. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-man-pages=10492 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-man-pages=10492 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-man-pages=10492 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): man-pages-3.15-2.29.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): man-pages-3.15-2.29.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): man-pages-3.15-2.29.1 References: https://bugzilla.suse.com/910082 http://download.suse.com/patch/finder/?keywords=26a358cb9dbd6ad812826ce7af1e94d4 From sle-updates at lists.suse.com Fri Mar 20 05:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 12:04:53 +0100 (CET) Subject: SUSE-SU-2015:0553-1: important: Security update for compat-openssl098 Message-ID: <20150320110453.F0BE33238C@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0553-1 Rating: important References: #915976 #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2009-5146 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. - CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. - CVE-2009-5146: A memory leak in the TLS hostname extension was fixed, which could be used by remote attackers to run SSL services out of memory. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-135=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-73.2 libopenssl0_9_8-0.9.8j-73.2 libopenssl0_9_8-32bit-0.9.8j-73.2 libopenssl0_9_8-debuginfo-0.9.8j-73.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-73.2 References: http://support.novell.com/security/cve/CVE-2009-5146.html http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/915976 https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 From sle-updates at lists.suse.com Fri Mar 20 06:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 13:04:50 +0100 (CET) Subject: SUSE-SU-2015:0553-2: important: Security update for compat-openssl098 Message-ID: <20150320120450.0CDCA3238C@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0553-2 Rating: important References: #915976 #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2009-5146 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. - CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. - CVE-2009-5146: A memory leak in the TLS hostname extension was fixed, which could be used by remote attackers to run SSL services out of memory. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-135=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): compat-openssl098-debugsource-0.9.8j-73.2 libopenssl0_9_8-0.9.8j-73.2 libopenssl0_9_8-32bit-0.9.8j-73.2 libopenssl0_9_8-debuginfo-0.9.8j-73.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-73.2 References: http://support.novell.com/security/cve/CVE-2009-5146.html http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/915976 https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 From sle-updates at lists.suse.com Fri Mar 20 12:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 19:04:53 +0100 (CET) Subject: SUSE-RU-2015:0556-1: Recommended update for python-swiftclient Message-ID: <20150320180453.CC9963238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-swiftclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0556-1 Rating: low References: #914910 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes python-swiftclient to require python-setuptools. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-137=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-swiftclient-2.0.3-10.1 References: https://bugzilla.suse.com/914910 From sle-updates at lists.suse.com Fri Mar 20 12:05:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 19:05:12 +0100 (CET) Subject: SUSE-RU-2015:0557-1: Recommended update for python-docker-py, google-cloud-sdk Message-ID: <20150320180512.8535132395@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-docker-py, google-cloud-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0557-1 Rating: low References: #915479 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-docker-py 0.5.3, fixing the following issues: * Fixed attaching when connecting to the daemon over a UNIX socket. * Fixed a bug where sockets were closed immediately when attaching over TLS. * Added a `assert_hostname` option to `TLSConfig` which can be used to disable verification of hostnames. * Fixed SSL not working due to an incorrect version comparison * Added support for adding and dropping capabilities * Added support for restart policy * Fixed timeout behavior in `Client.stop`. The tools to work with Google Cloud Services (google-cloud-sdk) have been updated to version 0.9.44, bringing several fixes and enhancements. Please refer to the package's change log for a comprehensive list of changes. Finally, this update also adds packages python-gcs-oauth2-boto-plugin and python-gcemetadata to the Public Cloud Module for SLES 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-cloud-sdk-0.9.44-6.1 python-docker-py-0.5.3-4.1 python-gcemetadata-0.2.0-4.1 python-gcs-oauth2-boto-plugin-1.8-2.1 References: https://bugzilla.suse.com/915479 From sle-updates at lists.suse.com Fri Mar 20 12:05:33 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 19:05:33 +0100 (CET) Subject: SUSE-RU-2015:0558-1: moderate: Recommended update for gcimagebundle, google-daemon, google-startup-scripts Message-ID: <20150320180533.B89B332395@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcimagebundle, google-daemon, google-startup-scripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0558-1 Rating: moderate References: #905571 #905573 #905611 #921732 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This collective update for the Public Cloud Module provides the following fixes and enhancements: gcimagebundle (update toversion 1.2.4): - Support XFS as root filesystem. - Support CentOS 7. google-daemon (update to version 1.2.4): - Reduced SSH key-related console logging. - Generalize SSH host key regeneration to handle all types which are already present in the image. - Never add SSH keys for system accounts with /sbin/nologin as shell. - Fix .suse init script, remove run level 4 setting to avoid warning. - Add rc* links for newer versions of the distribution. google-startup-scripts (update to version 1.2.4): - Check for a connection to the metadata server before startup script retrieval. - Block startup scripts until a connection to the metadata server exists. - Added logging for network connectivity issues. - Added retry logic in startup scripts for metadata requests. - Improved performance on local SSD. - Fix a bug which could cause instances to take 2 minutes to shut down. - Miscellaneous documentation and diagnostic updates. - Ensured that shutdown script feature will run before docker and kubelet. - Added a logging file for the shutdown script feature. - Improvements allowing the startup scripts to work as intended on RHEL 7 and CentOS 7. - Improved first-boot SSH host key regeneration. - Improvements to shutdown script feature. - Fix for first-boot script which was failing to run fully. - Improve ordering on systemd systems. - Fix .suse init script, remove run level 4 setting to avoid warning. - Add rc* links for newer versions of the distribution. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-136=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): gcimagebundle-1.2.4-6.1 google-daemon-1.2.4-6.1 google-startup-scripts-1.2.4-6.1 References: https://bugzilla.suse.com/905571 https://bugzilla.suse.com/905573 https://bugzilla.suse.com/905611 https://bugzilla.suse.com/921732 From sle-updates at lists.suse.com Fri Mar 20 12:06:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 19:06:21 +0100 (CET) Subject: SUSE-RU-2015:0559-1: moderate: Recommended update for cloud-init Message-ID: <20150320180621.E1F7F32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0559-1 Rating: moderate References: #914920 #918952 #919305 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-init provides the following fixes: - Properly handle persistent network device names for OpenNebula - Properly set up network mode if interface config file - Require e2fsprogs for filesystem resizing - Fixed syntax error in dmidecode on ppc64 patch. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-138=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): cloud-init-0.7.5-11.1 References: https://bugzilla.suse.com/914920 https://bugzilla.suse.com/918952 https://bugzilla.suse.com/919305 From sle-updates at lists.suse.com Fri Mar 20 12:07:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 19:07:03 +0100 (CET) Subject: SUSE-RU-2015:0560-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20150320180703.ACA7C32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0560-1 Rating: moderate References: #912979 #917450 #917453 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides cloud-regionsrv-client version 6.3.11: - Fix boot order for Azure, force waagent to run after registration. - Properly handle exception if network connection fails. - Retry network connection 3 times before giving up. - Fix the ordering in the boot phase. - Source from new upstream location. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-140=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.3.11-10.1 cloud-regionsrv-client-generic-config-1.0.0-10.1 cloud-regionsrv-client-plugin-gce-1.0.0-10.1 References: https://bugzilla.suse.com/912979 https://bugzilla.suse.com/917450 https://bugzilla.suse.com/917453 From sle-updates at lists.suse.com Fri Mar 20 15:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 22:04:48 +0100 (CET) Subject: SUSE-RU-2015:0561-1: Recommended update for sax2 Message-ID: <20150320210448.BF16E3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for sax2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0561-1 Rating: low References: #848165 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update removes "sax2" from "sax2-ident" requirements list. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-sax2=10498 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-sax2=10498 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-sax2=10498 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sax2=10498 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 x86_64): sax2-libsax-devel-8.1-561.584.5 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): sax2-libsax-python-8.1-561.584.5 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): sax2-libsax-devel-8.1-561.584.6 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): sax2-8.1-561.584.5 sax2-gui-8.1-561.584.5 sax2-ident-8.1-561.584.5 sax2-libsax-8.1-561.584.5 sax2-libsax-perl-8.1-561.584.5 sax2-libsax-python-8.1-561.584.5 sax2-tools-8.1-561.584.5 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 x86_64): sax2-8.1-561.584.5 sax2-gui-8.1-561.584.5 sax2-ident-8.1-561.584.5 sax2-libsax-8.1-561.584.5 sax2-libsax-perl-8.1-561.584.5 sax2-libsax-python-8.1-561.584.5 sax2-tools-8.1-561.584.5 - SUSE Linux Enterprise Server 11 SP3 (ia64): sax2-8.1-561.584.6 sax2-gui-8.1-561.584.6 sax2-ident-8.1-561.584.6 sax2-libsax-8.1-561.584.6 sax2-libsax-perl-8.1-561.584.6 sax2-libsax-python-8.1-561.584.6 sax2-tools-8.1-561.584.6 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): sax2-8.1-561.584.5 sax2-gui-8.1-561.584.5 sax2-ident-8.1-561.584.5 sax2-libsax-8.1-561.584.5 sax2-libsax-perl-8.1-561.584.5 sax2-tools-8.1-561.584.5 References: https://bugzilla.suse.com/848165 http://download.suse.com/patch/finder/?keywords=dadea3af2f33acedabb9915422cf168a From sle-updates at lists.suse.com Fri Mar 20 16:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 23:04:49 +0100 (CET) Subject: SUSE-SU-2015:0546-2: moderate: Security update for OpenSSL Message-ID: <20150320220449.347453238C@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0546-2 Rating: moderate References: #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Security Issues: * CVE-2015-0209 * CVE-2015-0286 * CVE-2015-0287 * CVE-2015-0288 * CVE-2015-0289 * CVE-2015-0292 * CVE-2015-0293 Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): openssl-0.9.8a-18.90.1 openssl-32bit-0.9.8a-18.90.1 - SLE CLIENT TOOLS 10 for s390x (s390x): openssl-0.9.8a-18.90.1 openssl-32bit-0.9.8a-18.90.1 - SLE CLIENT TOOLS 10 (i586): openssl-0.9.8a-18.90.1 References: http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=0effe8f0d4ee6362b9b65b488cb41dd5 From sle-updates at lists.suse.com Fri Mar 20 16:06:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Mar 2015 23:06:07 +0100 (CET) Subject: SUSE-RU-2015:0562-1: moderate: Recommended update for Perl Message-ID: <20150320220607.94CF832395@maintenance.suse.de> SUSE Recommended Update: Recommended update for Perl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0562-1 Rating: moderate References: #900455 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Perl fixes a bug that could lead to an interpreter panic when an incorrect offset was passed to sprintf(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-perl=10502 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-perl=10502 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-perl=10502 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-perl=10502 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): perl-base-32bit-5.10.0-64.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): perl-5.10.0-64.72.1 perl-Module-Build-0.2808.01-0.72.1 perl-Test-Simple-0.72-0.72.1 perl-base-5.10.0-64.72.1 perl-doc-5.10.0-64.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): perl-32bit-5.10.0-64.72.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): perl-5.10.0-64.72.1 perl-Module-Build-0.2808.01-0.72.1 perl-Test-Simple-0.72-0.72.1 perl-base-5.10.0-64.72.1 perl-doc-5.10.0-64.72.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): perl-32bit-5.10.0-64.72.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): perl-x86-5.10.0-64.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): perl-5.10.0-64.72.1 perl-Module-Build-0.2808.01-0.72.1 perl-Test-Simple-0.72-0.72.1 perl-base-5.10.0-64.72.1 perl-doc-5.10.0-64.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): perl-32bit-5.10.0-64.72.1 References: https://bugzilla.suse.com/900455 http://download.suse.com/patch/finder/?keywords=812f894068349abd4ed06bf93da64322 From sle-updates at lists.suse.com Fri Mar 20 17:04:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Mar 2015 00:04:46 +0100 (CET) Subject: SUSE-SU-2015:0545-2: moderate: Security update for OpenSSL Message-ID: <20150320230446.2BD563238C@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0545-2 Rating: moderate References: #915976 #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2009-5146 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 1.7 for SLE 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: OpenSSL has been updated to fix various security issues: * CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. * CVE-2009-5146: A memory leak in the TLS hostname extension was fixed, which could be used by remote attackers to run SSL services out of memory. Security Issues: * CVE-2009-5146 * CVE-2015-0209 * CVE-2015-0286 * CVE-2015-0287 * CVE-2015-0288 * CVE-2015-0289 * CVE-2015-0292 * CVE-2015-0293 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libopenssl-devel=10480 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-libopenssl-devel=10480 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel=10481 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel=10481 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel=10481 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel=10481 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.70.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): libopenssl0_9_8-0.9.8j-0.70.1 libopenssl0_9_8-32bit-0.9.8j-0.70.1 libopenssl0_9_8-hmac-0.9.8j-0.70.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.70.1 openssl-0.9.8j-0.70.1 openssl-doc-0.9.8j-0.70.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.70.1 libopenssl0_9_8-hmac-0.9.8j-0.70.1 openssl-0.9.8j-0.70.1 openssl-doc-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.70.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.70.1 libopenssl0_9_8-hmac-0.9.8j-0.70.1 openssl-0.9.8j-0.70.1 openssl-doc-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.70.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.70.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.70.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.70.1 openssl-0.9.8j-0.70.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.70.1 References: http://support.novell.com/security/cve/CVE-2009-5146.html http://support.novell.com/security/cve/CVE-2015-0209.html http://support.novell.com/security/cve/CVE-2015-0286.html http://support.novell.com/security/cve/CVE-2015-0287.html http://support.novell.com/security/cve/CVE-2015-0288.html http://support.novell.com/security/cve/CVE-2015-0289.html http://support.novell.com/security/cve/CVE-2015-0292.html http://support.novell.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/915976 https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=42af339954699a074f255d096bac6d63 http://download.suse.com/patch/finder/?keywords=c78bebdc5b9716bb3abb02a37b723d06 From sle-updates at lists.suse.com Fri Mar 20 17:06:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Mar 2015 00:06:14 +0100 (CET) Subject: SUSE-SU-2015:0563-1: Security update for python-django Message-ID: <20150320230614.CC68C32395@maintenance.suse.de> SUSE Security Update: Security update for python-django ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0563-1 Rating: low References: #913053 #913054 #913055 #913056 #914706 Cross-References: CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. It includes one version update. Description: python-django has been updated to version 1.5.12 to fix four security issues: * CVE-2015-0219: Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allowed remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header (bnc#913053). * CVE-2015-0220: The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 did not properly handle leading whitespaces, which allowed remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL (bnc#913054). * CVE-2015-0221: The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 read files an entire line at a time, which allowed remote attackers to cause a denial of service (memory consumption) via a long line in a file (bnc#913056). * CVE-2015-0222: ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allowed remote attackers to cause a denial of service by submitting duplicate values, which triggered a large number of SQL queries (bnc#913055). These non-security issues have been fixed: * Method check_for_test_cookie is deprecated (bnc#914706) * Fixed a regression with dynamically generated inlines and allowed field references in the admin * Allowed related many-to-many fields to be referenced in the admin * Allowed inline and hidden references to admin fields Security Issues: * CVE-2015-0222 * CVE-2015-0219 * CVE-2015-0220 * CVE-2015-0221 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-python-django=10342 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 1.5.12]: python-django-1.5.12-0.7.1 References: http://support.novell.com/security/cve/CVE-2015-0219.html http://support.novell.com/security/cve/CVE-2015-0220.html http://support.novell.com/security/cve/CVE-2015-0221.html http://support.novell.com/security/cve/CVE-2015-0222.html https://bugzilla.suse.com/913053 https://bugzilla.suse.com/913054 https://bugzilla.suse.com/913055 https://bugzilla.suse.com/913056 https://bugzilla.suse.com/914706 http://download.suse.com/patch/finder/?keywords=6373fc8fc605bca1c3684a2915a66465 From sle-updates at lists.suse.com Fri Mar 20 19:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Mar 2015 02:04:51 +0100 (CET) Subject: SUSE-RU-2015:0564-1: Recommended update for kbd Message-ID: <20150321010451.AA94C32369@maintenance.suse.de> SUSE Recommended Update: Recommended update for kbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0564-1 Rating: low References: #821683 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kbd fixes mapping of the backslash ("\") key on Portuguese keyboards. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kbd=10428 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kbd=10428 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kbd=10428 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kbd-1.14.1-16.33.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kbd-1.14.1-16.33.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kbd-1.14.1-16.33.1 References: https://bugzilla.suse.com/821683 http://download.suse.com/patch/finder/?keywords=8063a9521f9603506ba8fef27078f46f From sle-updates at lists.suse.com Fri Mar 20 19:05:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Mar 2015 02:05:18 +0100 (CET) Subject: SUSE-RU-2015:0565-1: Recommended update for logwatch Message-ID: <20150321010518.73A9B3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for logwatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0565-1 Rating: low References: #826456 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for logwatch fixes support for syslog's archives created by logrotate. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-logwatch=10431 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-logwatch=10431 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): logwatch-7.3.6-65.74.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): logwatch-7.3.6-65.74.1 References: https://bugzilla.suse.com/826456 http://download.suse.com/patch/finder/?keywords=bb3bd03921bd0f552aac770d547304bf From sle-updates at lists.suse.com Mon Mar 23 11:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Mar 2015 18:04:50 +0100 (CET) Subject: SUSE-OU-2015:0572-1: Optional update for adjtimex Message-ID: <20150323170450.1B6CF32395@maintenance.suse.de> SUSE Optional Update: Optional update for adjtimex ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0572-1 Rating: low References: #923448 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This patch adds the package adjtimex to SUSE Linux Enterprise 12 (FATE#318579). Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-141=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-141=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): adjtimex-1.29-3.1 adjtimex-debuginfo-1.29-3.1 adjtimex-debugsource-1.29-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): adjtimex-1.29-3.1 adjtimex-debuginfo-1.29-3.1 adjtimex-debugsource-1.29-3.1 References: https://bugzilla.suse.com/923448 From sle-updates at lists.suse.com Mon Mar 23 15:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Mar 2015 22:04:50 +0100 (CET) Subject: SUSE-RU-2015:0574-1: Recommended update for powerpc-utils Message-ID: <20150323210450.3595A3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0574-1 Rating: low References: #901216 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes a potential LPAR crash when drmgr attempts to offline the last remaining CPU core. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-powerpc-utils=10240 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (ppc64): powerpc-utils-1.2.16-0.14.15.1 References: https://bugzilla.suse.com/901216 http://download.suse.com/patch/finder/?keywords=a3fa35e82fb858bce0ad1eb891e57e96 From sle-updates at lists.suse.com Mon Mar 23 15:05:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Mar 2015 22:05:10 +0100 (CET) Subject: SUSE-SU-2015:0575-1: moderate: Security update for cups Message-ID: <20150323210510.11DB53238C@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0575-1 Rating: moderate References: #917799 Cross-References: CVE-2014-9679 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: cups has been updated to fix one security issue: * CVE-2014-9679: A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels (bnc#917799). Security Issues: * CVE-2014-9679 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cups=10394 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cups=10394 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cups=10394 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cups=10394 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): cups-devel-1.3.9-8.46.54.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cups-1.3.9-8.46.54.2 cups-client-1.3.9-8.46.54.2 cups-libs-1.3.9-8.46.54.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): cups-libs-32bit-1.3.9-8.46.54.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): cups-1.3.9-8.46.54.2 cups-client-1.3.9-8.46.54.2 cups-libs-1.3.9-8.46.54.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.54.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): cups-libs-x86-1.3.9-8.46.54.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cups-1.3.9-8.46.54.2 cups-client-1.3.9-8.46.54.2 cups-libs-1.3.9-8.46.54.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): cups-libs-32bit-1.3.9-8.46.54.2 References: http://support.novell.com/security/cve/CVE-2014-9679.html https://bugzilla.suse.com/917799 http://download.suse.com/patch/finder/?keywords=c79eb6174b1dfe8c110824fac07592de From sle-updates at lists.suse.com Mon Mar 23 16:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Mar 2015 23:04:49 +0100 (CET) Subject: SUSE-RU-2015:0576-1: Recommended update for logrotate Message-ID: <20150323220449.A53CD3238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0576-1 Rating: low References: #871217 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes logrotate to return an error when the configuration option "nomissingok" is specified and the log path doesn't exist. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-logrotate=10430 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-logrotate=10430 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-logrotate=10430 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): logrotate-3.7.7-10.30.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): logrotate-3.7.7-10.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): logrotate-3.7.7-10.30.1 References: https://bugzilla.suse.com/871217 http://download.suse.com/patch/finder/?keywords=70e00ee9698a22153da33eabdaa619eb From sle-updates at lists.suse.com Mon Mar 23 17:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Mar 2015 00:04:48 +0100 (CET) Subject: SUSE-RU-2015:0577-1: Recommended update for less Message-ID: <20150323230448.EE8433238C@maintenance.suse.de> SUSE Recommended Update: Recommended update for less ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0577-1 Rating: low References: #842833 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for 'less' ensures that temporary files created by LESSOPEN are deleted when the process terminates. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-less=10429 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-less=10429 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-less=10429 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): less-424b-10.24.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): less-424b-10.24.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): less-424b-10.24.1 References: https://bugzilla.suse.com/842833 http://download.suse.com/patch/finder/?keywords=793b16238cd0f2205711e568a8b893a9 From sle-updates at lists.suse.com Mon Mar 23 17:05:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Mar 2015 00:05:08 +0100 (CET) Subject: SUSE-SU-2015:0578-1: important: Security update for compat-openssl097g Message-ID: <20150323230508.514CB32395@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0578-1 Rating: important References: #802184 #880891 #890764 #901223 #901277 #905106 #912014 #912015 #912018 #912293 #912296 #920236 #922488 #922496 #922499 #922500 #922501 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: OpenSSL has been updated to fix various security issues: * CVE-2014-3568: The build option no-ssl3 was incomplete. * CVE-2014-3566: Support for TLS_FALLBACK_SCSV was added. * CVE-2014-3508: An information leak in pretty printing functions was fixed. * CVE-2013-0166: A OCSP bad key DoS attack was fixed. * CVE-2013-0169: An SSL/TLS CBC plaintext recovery attack was fixed. * CVE-2014-3470: Anonymous ECDH denial of service was fixed. * CVE-2014-0224: A SSL/TLS MITM vulnerability was fixed. * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. * CVE-2014-8275: Fixed various certificate fingerprint issues. * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. * CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. * CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. * CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. * CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. * CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. * CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-compat-openssl097g=10507 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): compat-openssl097g-0.9.7g-146.22.29.1 compat-openssl097g-32bit-0.9.7g-146.22.29.1 References: https://bugzilla.suse.com/802184 https://bugzilla.suse.com/880891 https://bugzilla.suse.com/890764 https://bugzilla.suse.com/901223 https://bugzilla.suse.com/901277 https://bugzilla.suse.com/905106 https://bugzilla.suse.com/912014 https://bugzilla.suse.com/912015 https://bugzilla.suse.com/912018 https://bugzilla.suse.com/912293 https://bugzilla.suse.com/912296 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/922501 http://download.suse.com/patch/finder/?keywords=2c7184ba59decc9a1f6c8b3e30123d3a From sle-updates at lists.suse.com Mon Mar 23 21:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Mar 2015 04:04:49 +0100 (CET) Subject: SUSE-RU-2015:0579-1: moderate: Recommended update for libtirpc, nfs-client Message-ID: <20150324030449.1942932369@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc, nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0579-1 Rating: moderate References: #882973 #887379 #899576 #901628 #916069 #916932 #917616 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This collective update provides the following fixes: libtirpc: * Make non-blocking reads work reliably. (bsc#901628) * Fix race conditions in getnetconfig which could crash AutoFS. (bsc#899576, bsc#882973) nfs-utils: * Make sure mountd uses non-blocking access to sockets so that it never blocks waiting to read. (bsc#901628) * Handle external rootflags and internal rootfsopts properly to preserve mount options from fstab. (bsc#887379) * Fix sm-notify misbehaving on some filesystem types. (bsc#916932) * Fix "showmount -e" output. (bsc#917616) * Improve /etc/exports documentation. (bsc#916069) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libtirpc-nfs-201502=10392 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libtirpc-nfs-201502=10392 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libtirpc-nfs-201502=10392 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libtirpc-nfs-201502=10392 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libtirpc-devel-0.2.1-1.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libtirpc1-0.2.1-1.7.1 nfs-client-1.2.3-18.38.41.1 nfs-doc-1.2.3-18.38.41.1 nfs-kernel-server-1.2.3-18.38.41.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libtirpc1-0.2.1-1.7.1 nfs-client-1.2.3-18.38.41.1 nfs-doc-1.2.3-18.38.41.1 nfs-kernel-server-1.2.3-18.38.41.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libtirpc1-0.2.1-1.7.1 nfs-client-1.2.3-18.38.41.1 nfs-kernel-server-1.2.3-18.38.41.1 References: https://bugzilla.suse.com/882973 https://bugzilla.suse.com/887379 https://bugzilla.suse.com/899576 https://bugzilla.suse.com/901628 https://bugzilla.suse.com/916069 https://bugzilla.suse.com/916932 https://bugzilla.suse.com/917616 http://download.suse.com/patch/finder/?keywords=2d932137dfcc6f590f974ddcf7ada36c From sle-updates at lists.suse.com Mon Mar 23 23:04:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Mar 2015 06:04:46 +0100 (CET) Subject: SUSE-SU-2015:0580-1: moderate: Security update for util-linux Message-ID: <20150324050446.1079D3238C@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0580-1 Rating: moderate References: #888678 #900965 #901549 #907434 #917164 #918041 Cross-References: CVE-2014-9114 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: util-linux has been updated to fix one security issue: * CVE-2014-9114: command injection flaw in blkid (bnc#907434). Additionally, these non-security issues have been fixed: * Fix possible script hang (bnc#888678) * Enable build of libmount / findmnt (bnc#900965) * Don't stop trying filesystem when mounting fails with EACCESS (bnc#918041) * Fix possible loop in findmnt (bsc#917164) * Recognize Unisys s-Par as hypervisor (FATE#318231) * Include the utmpdump.1 manpage (bsc#901549). Security Issues: * CVE-2014-9114 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libblkid-devel=10452 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libblkid-devel=10452 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libblkid-devel=10452 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libblkid-devel=10452 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libblkid-devel-2.19.1-6.62.1 libuuid-devel-2.19.1-6.62.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libblkid-devel-32bit-2.19.1-6.62.1 libuuid-devel-32bit-2.19.1-6.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libblkid1-2.19.1-6.62.1 libuuid1-2.19.1-6.62.1 util-linux-2.19.1-6.62.1 util-linux-lang-2.19.1-6.62.1 uuid-runtime-2.19.1-6.62.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libblkid1-32bit-2.19.1-6.62.1 libuuid1-32bit-2.19.1-6.62.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libblkid1-2.19.1-6.62.1 libuuid1-2.19.1-6.62.1 util-linux-2.19.1-6.62.1 util-linux-lang-2.19.1-6.62.1 uuid-runtime-2.19.1-6.62.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libblkid1-32bit-2.19.1-6.62.1 libuuid1-32bit-2.19.1-6.62.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libblkid1-x86-2.19.1-6.62.1 libuuid1-x86-2.19.1-6.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libblkid1-2.19.1-6.62.1 libuuid-devel-2.19.1-6.62.1 libuuid1-2.19.1-6.62.1 util-linux-2.19.1-6.62.1 util-linux-lang-2.19.1-6.62.1 uuid-runtime-2.19.1-6.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libblkid1-32bit-2.19.1-6.62.1 libuuid1-32bit-2.19.1-6.62.1 References: http://support.novell.com/security/cve/CVE-2014-9114.html https://bugzilla.suse.com/888678 https://bugzilla.suse.com/900965 https://bugzilla.suse.com/901549 https://bugzilla.suse.com/907434 https://bugzilla.suse.com/917164 https://bugzilla.suse.com/918041 http://download.suse.com/patch/finder/?keywords=79334db048cd6de45fae68af7c780638 From sle-updates at lists.suse.com Tue Mar 24 00:04:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Mar 2015 07:04:46 +0100 (CET) Subject: SUSE-SU-2015:0581-1: important: Security update for the Linux Kernel Message-ID: <20150324060446.C563D32395@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0581-1 Rating: important References: #771619 #816099 #829110 #833588 #833820 #846656 #853040 #856760 #864401 #864404 #864409 #864411 #865419 #875051 #876086 #876594 #877593 #882470 #883948 #884817 #887597 #891277 #894213 #895841 #896484 #900279 #900644 #902232 #902349 #902351 #902675 #903096 #903640 #904053 #904242 #904659 #904671 #905304 #905312 #905799 #906586 #907196 #907338 #907551 #907611 #907818 #908069 #908163 #908393 #908550 #908551 #908572 #908825 #909077 #909078 #909088 #909092 #909093 #909095 #909264 #909565 #909740 #909846 #910013 #910150 #910159 #910321 #910322 #910517 #911181 #911325 #911326 #912171 #912705 #913059 #914355 #914423 #914726 #915209 #915322 #915335 #915791 #915826 #916515 #916982 #917839 #917884 #920250 Cross-References: CVE-2013-7263 CVE-2014-0181 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-4608 CVE-2014-7822 CVE-2014-7842 CVE-2014-7970 CVE-2014-8133 CVE-2014-8134 CVE-2014-8160 CVE-2014-8369 CVE-2014-8559 CVE-2014-9090 CVE-2014-9322 CVE-2014-9419 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585 CVE-2015-1593 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 67 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP3 kernel has been updated to receive various security and bugfixes. New features enabled: * The Ceph and rbd remote network block device drivers are now enabled and supported, to serve as client for SUSE Enterprise Storage 1.0. (FATE#318328) * Support to selected Bay Trail CPUs used in Point of Service Hardware was enabled. (FATE#317933) * Broadwell Legacy Audio, HDMI Audio and DisplayPort Audio support (Audio Driver: HD-A HDMI/DP Audio/HDA Analog/DSP) was enabled. (FATE#317347) The following security bugs have been fixed: * CVE-2015-1593: An integer overflow in the stack randomization on 64-bit systems lead to less effective stack ASLR on those systems. (bsc#917839) * CVE-2014-8160: iptables rules could be bypassed if the specific network protocol module was not loaded, allowing e.g. SCTP to bypass the firewall if the sctp protocol was not enabled. (bsc#913059) * CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. (bnc#915322) * CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (bnc#911326). * CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bsc#911325). * CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#907818 909077 909078). * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bsc#902675). * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). * CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). * CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). * CVE-2014-7970: The pivot_root implementation in fs/namespace.c in the Linux kernel did not properly interact with certain locations of a chroot directory, which allowed local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (bnc#900644). * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349, bnc#904899). The following non-security bugs have been fixed: * ACPI idle: permit sparse C-state sub-state numbers (bnc#908550,FATE#317933). * ALSA : hda - not use assigned converters for all unused pins (FATE#317933). * ALSA: hda - Add Device IDs for Intel Wildcat Point-LP PCH (FATE#317347). * ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets (FATE#317347). * ALSA: hda - add PCI IDs for Intel BayTrail (FATE#317347). * ALSA: hda - add PCI IDs for Intel Braswell (FATE#317347). * ALSA: hda - add codec ID for Braswell display audio codec (FATE#317933). * ALSA: hda - add codec ID for Broadwell display audio codec (FATE#317933). * ALSA: hda - add codec ID for Valleyview2 display codec (FATE#317933). * ALSA: hda - define is_haswell() to check if a display audio codec is Haswell (FATE#317933). * ALSA: hda - hdmi: Re-setup pin and infoframe on plug-in on all codecs (FATE#317933). * ALSA: hda - not choose assigned converters for unused pins of Valleyview (FATE#317933). * ALSA: hda - rename function not_share_unassigned_cvt() (FATE#317933). * ALSA: hda - unmute pin amplifier in infoframe setup for Haswell (FATE#317933). * ALSA: hda - verify pin:converter connection on unsol event for HSW and VLV (FATE#317933). * ALSA: hda - verify pin:cvt connection on preparing a stream for Intel HDMI codec (FATE#317933). * ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec (FATE#317933). * ALSA: hda/hdmi - apply all Haswell fix-ups to Broadwell display codec (FATE#317933). * ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (FATE#317347). * ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (FATE#317347). * Add support for AdvancedSilicon HID multitouch screen (2149:36b1) (FATE#317933). * Disable switching to bootsplash at oops/panic (bnc#877593). * Do not trigger congestion wait on dirty-but-not-writeout pages (VM Performance, bnc#909093, bnc#910517). * Fix HDIO_DRIVE_* ioctl() regression (bnc#833588, bnc#905799) * Fix Module.supported handling for external modules (bnc#905304). * Fix zero freq if frequency is requested too quickly in a row (bnc#908572). * Fix zero freq if frequency is requested too quickly in a row (bnc#908572). * Fixup kABI after patches.fixes/writeback-do-not-sync-data-dirtied-after-sync-start.patch (bn c#833820). * Force native backlight for HP POS machines (bnc#908551,FATE#317933). * HID: use multi input quirk for 22b9:2968 (FATE#317933). * IPoIB: Use a private hash table for path lookup in xmit path (bsc#907196). * Import kabi files from kernel 3.0.101-0.40 * KEYS: Fix stale key registration at error path (bnc#908163). * NFS: Add sequence_priviliged_ops for nfs4_proc_sequence() (bnc#864401). * NFS: do not use STABLE writes during writeback (bnc#816099). * NFSv4.1 handle DS stateid errors (bnc#864401). * NFSv4.1: Do not decode skipped layoutgets (bnc#864411). * NFSv4.1: Fix a race in the pNFS return-on-close code (bnc#864409). * NFSv4.1: Fix an ABBA locking issue with session and state serialisation (bnc#864409). * NFSv4.1: We must release the sequence id when we fail to get a session slot (bnc#864401). * NFSv4: Do not accept delegated opens when a delegation recall is in effect (bnc#864409). * NFSv4: Ensure correct locking when accessing the "^a" list (bnc#864401). * NFSv4: Fix another reboot recovery race (bnc#916982). * Preserve kabi checksum of path_is_under(). * Refresh patches.drivers/HID-multitouch-add-support-for-Atmel-212c. Fix the non-working touchsreen (bnc#909740) * Revert "drm/i915: Calculate correct stolen size for GEN7+" (bnc#908550,FATE#317933). * SUNRPC: Do not allow low priority tasks to pre-empt higher priority ones (bnc#864401). * SUNRPC: When changing the queue priority, ensure that we change the owner (bnc#864401). * Setting rbd and libceph as supported drivers (bsc#917884) * audit: efficiency fix 1: only wake up if queue shorter than backlog limit (bnc#908393). * audit: efficiency fix 2: request exclusive wait since all need same resource (bnc#908393). * audit: fix endless wait in audit_log_start() (bnc#908393). * audit: make use of remaining sleep time from wait_for_auditd (bnc#908393). * audit: refactor hold queue flush (bnc#908393). * audit: reset audit backlog wait time after error recovery (bnc#908393). * audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE (bnc#908393). * block: rbd: use NULL instead of 0 (FATE#318328 bsc#917884). * block: replace strict_strtoul() with kstrtoul() (FATE#318328 bsc#917884). * bonding: propagate LRO disabling down to slaves (bnc#829110 bnc#891277 bnc#904053). * cciss: fix broken mutex usage in ioctl (bnc#910013). * ceph: Add necessary clean up if invalid reply received in handle_reply() (FATE#318328 bsc#917884). * ceph: remove bogus extern (FATE#318328 bsc#917884). * config: Disable CONFIG_RCU_FAST_NO_HZ (bnc#884817) This option has been verified to be racy vs hotplug, and is irrelevant to SLE in any case. * coredump: ensure the fpu state is flushed for proper multi-threaded core dump (bnc#904671). * crush: CHOOSE_LEAF -> CHOOSELEAF throughout (FATE#318328 bsc#917884). * crush: add SET_CHOOSE_TRIES rule step (FATE#318328 bsc#917884). * crush: add note about r in recursive choose (FATE#318328 bsc#917884). * crush: add set_choose_local_[fallback_]tries steps (FATE#318328 bsc#917884). * crush: apply chooseleaf_tries to firstn mode too (FATE#318328 bsc#917884). * crush: attempts -> tries (FATE#318328 bsc#917884). * crush: clarify numrep vs endpos (FATE#318328 bsc#917884). * crush: eliminate CRUSH_MAX_SET result size limitation (FATE#318328 bsc#917884). * crush: factor out (trivial) crush_destroy_rule() (FATE#318328 bsc#917884). * crush: fix crush_choose_firstn comment (FATE#318328 bsc#917884). * crush: fix some comments (FATE#318328 bsc#917884). * crush: generalize descend_once (FATE#318328 bsc#917884). * crush: new SET_CHOOSE_LEAF_TRIES command (FATE#318328 bsc#917884). * crush: pass parent r value for indep call (FATE#318328 bsc#917884). * crush: pass weight vector size to map function (FATE#318328 bsc#917884). * crush: reduce scope of some local variables (FATE#318328 bsc#917884). * crush: return CRUSH_ITEM_UNDEF for failed placements with indep (FATE#318328 bsc#917884). * crush: strip firstn conditionals out of crush_choose, rename (FATE#318328 bsc#917884). * crush: use breadth-first search for indep mode (FATE#318328 bsc#917884). * crypto: add missing crypto module aliases (bsc#914423). * crypto: include crypto- module prefix in template (bsc#914423). * crypto: kernel oops at insmod of the z90crypt device driver (bnc#909088, LTC#119591). * crypto: prefix module autoloading with "crypto-" (bsc#914423). * dm raid: add region_size parameter (bnc#895841). * do not do blind d_drop() in nfs_prime_dcache() (bnc#908069 bnc#896484). * drm/cirrus: Fix cirrus drm driver for fbdev + qemu (bsc#909846,bnc#856760). * drm/i915: split PCI IDs out into i915_drm.h v4 (bnc#908550,FATE#317933). * fix dcache exit scaling (bnc#876594). * infiniband: ipoib: Sanitize neighbour handling in ipoib_main.c (bsc#907196). * iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825). * ipoib: Convert over to dev_lookup_neigh_skb() (bsc#907196). * ipoib: Need to do dst_neigh_lookup_skb() outside of priv->lock (bsc#907196). * ipv6: fix net reference leak in IPv6 conntrack reassembly (bnc#865419). * isofs: Fix unchecked printing of ER records. * kABI: protect console include in consolemap. * kabi fix (bnc#864404). * kabi, mm: prevent endless growth of anon_vma hierarchy (bnc#904242). * kernel/audit.c: avoid negative sleep durations (bnc#908393). * kernel: 3215 tty close crash (bnc#915209, LTC#120873). * kernel: incorrect clock_gettime result (bnc#915209, LTC#121184). * kvm: Do not expose MONITOR cpuid as available (bnc#887597) * kvm: iommu: Add cond_resched to legacy device assignment code (bnc#910159). * libceph: CEPH_OSD_FLAG_* enum update (FATE#318328 bsc#917884). * libceph: add ceph_kv{malloc,free}() and switch to them (FATE#318328 bsc#917884). * libceph: add ceph_pg_pool_by_id() (FATE#318328 bsc#917884). * libceph: add function to ensure notifies are complete (FATE#318328 bsc#917884). * libceph: add process_one_ticket() helper (FATE#318328 bsc#917884). * libceph: all features fields must be u64 (FATE#318328 bsc#917884). * libceph: block I/O when PAUSE or FULL osd map flags are set (FATE#318328 bsc#917884). * libceph: call r_unsafe_callback when unsafe reply is received (FATE#318328 bsc#917884). * libceph: create_singlethread_workqueue() does not return ERR_PTRs (FATE#318328 bsc#917884). * libceph: do not hard code max auth ticket len (FATE#318328 bsc#917884). * libceph: dout() is missing a newline (FATE#318328 bsc#917884). * libceph: factor out logic from ceph_osdc_start_request() (FATE#318328 bsc#917884). * libceph: fix error handling in ceph_osdc_init() (FATE#318328 bsc#917884). * libceph: fix preallocation check in get_reply() (FATE#318328 bsc#917884). * libceph: fix safe completion (FATE#318328 bsc#917884). * libceph: follow redirect replies from osds (FATE#318328 bsc#917884). * libceph: follow {read,write}_tier fields on osd request submission (FATE#318328 bsc#917884). * libceph: gracefully handle large reply messages from the mon (FATE#318328 bsc#917884). * libceph: introduce and start using oid abstraction (FATE#318328 bsc#917884). * libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN (FATE#318328 bsc#917884). * libceph: rename ceph_msg::front_max to front_alloc_len (FATE#318328 bsc#917884). * libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid} (FATE#318328 bsc#917884). * libceph: rename front to front_len in get_reply() (FATE#318328 bsc#917884). * libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg() (FATE#318328 bsc#917884). * libceph: resend all writes after the osdmap loses the full flag (FATE#318328 bsc#917884). * libceph: start using oloc abstraction (FATE#318328 bsc#917884). * libceph: take map_sem for read in handle_reply() (FATE#318328 bsc#917884). * libceph: update ceph_features.h (FATE#318328 bsc#917884). * libceph: use CEPH_MON_PORT when the specified port is 0 (FATE#318328 bsc#917884). * libiscsi: Added new boot entries in the session sysfs (FATE#316723 bsc#914355) * mei: ME hardware reset needs to be synchronized (bnc#876086). * mei: add 9 series PCH mei device ids (bnc#876086). * mei: add hw start callback (bnc#876086). * mei: cancel stall timers in mei_reset (bnc#876086). * mei: do not have to clean the state on power up (bnc#876086). * mei: limit the number of consecutive resets (bnc#876086). * mei: me: add Lynx Point Wellsburg work station device id (bnc#876086). * mei: me: clear interrupts on the resume path (bnc#876086). * mei: me: do not load the driver if the FW does not support MEI interface (bnc#876086). * mei: me: fix hardware reset flow (bnc#876086). * mei: me: read H_CSR after asserting reset (bnc#876086). * mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (VM Functionality bnc#910150). * mm: fix BUG in __split_huge_page_pmd (bnc#906586). * mm: fix corner case in anon_vma endless growing prevention (bnc#904242). * mm: prevent endless growth of anon_vma hierarchy (bnc#904242). * mm: vmscan: count only dirty pages as congested (VM Performance, bnc#910517). * net, sunrpc: suppress allocation warning in rpc_malloc() (bnc#904659). * net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes (FATE#318328 bsc#917884). * net: handle more general stacking in dev_disable_lro() (bnc#829110 bnc#891277 bnc#904053). * netfilter: do not drop packet on insert collision (bnc#907611). * nf_conntrack: avoid reference leak in __ipv6_conntrack_in() (bnc#865419). * nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484). * nfsd: fix EXDEV checking in rename (bnc#915791). * pnfs: defer release of pages in layoutget (bnc#864411). * proc_sys_revalidate: fix Oops on NULL nameidata (bnc#907551). * qlge: fix an "&&" vs "||" bug (bsc#912171). * rbd: Fix error recovery in rbd_obj_read_sync() (FATE#318328 bsc#917884). * rbd: Use min_t() to fix comparison of distinct pointer types warning (FATE#318328 bsc#917884). * rbd: add "minor" sysfs rbd device attribute (FATE#318328 bsc#917884). * rbd: add support for single-major device number allocation scheme (FATE#318328 bsc#917884). * rbd: clean up a few things in the refresh path (FATE#318328 bsc#917884). * rbd: complete notifies before cleaning up osd_client and rbd_dev (FATE#318328 bsc#917884). * rbd: do not destroy ceph_opts in rbd_add() (FATE#318328 bsc#917884). * rbd: do not hold ctl_mutex to get/put device (FATE#318328 bsc#917884). * rbd: drop an unsafe assertion (FATE#318328 bsc#917884). * rbd: drop original request earlier for existence check (FATE#318328 bsc#917884). * rbd: enable extended devt in single-major mode (FATE#318328 bsc#917884). * rbd: fetch object order before using it (FATE#318328 bsc#917884). * rbd: fix I/O error propagation for reads (FATE#318328 bsc#917884). * rbd: fix a couple warnings (FATE#318328 bsc#917884). * rbd: fix buffer size for writes to images with snapshots (FATE#318328 bsc#917884). * rbd: fix cleanup in rbd_add() (FATE#318328 bsc#917884). * rbd: fix error handling from rbd_snap_name() (FATE#318328 bsc#917884). * rbd: fix error paths in rbd_img_request_fill() (FATE#318328 bsc#917884). * rbd: fix null dereference in dout (FATE#318328 bsc#917884). * rbd: fix use-after free of rbd_dev->disk (FATE#318328 bsc#917884). * rbd: flush dcache after zeroing page data (FATE#318328 bsc#917884). * rbd: ignore unmapped snapshots that no longer exist (FATE#318328 bsc#917884). * rbd: introduce rbd_dev_header_unwatch_sync() and switch to it (FATE#318328 bsc#917884). * rbd: make rbd_obj_notify_ack() synchronous (FATE#318328 bsc#917884). * rbd: protect against concurrent unmaps (FATE#318328 bsc#917884). * rbd: protect against duplicate client creation (FATE#318328 bsc#917884). * rbd: rbd_device::dev_id is an int, format it as such (FATE#318328 bsc#917884). * rbd: refactor rbd_init() a bit (FATE#318328 bsc#917884). * rbd: send snapshot context with writes (FATE#318328 bsc#917884). * rbd: set removing flag while holding list lock (FATE#318328 bsc#917884). * rbd: switch to ida for rbd id assignments (FATE#318328 bsc#917884). * rbd: take a little credit (FATE#318328 bsc#917884). * rbd: tear down watch request if rbd_dev_device_setup() fails (FATE#318328 bsc#917884). * rbd: tweak "loaded" message and module description (FATE#318328 bsc#917884). * rbd: use reference counts for image requests (FATE#318328 bsc#917884). * rbd: use rwsem to protect header updates (FATE#318328 bsc#917884). * rbd: use the correct length for format 2 object names (FATE#318328 bsc#917884). * rpm/kernel-binary.spec.in: Own the modules directory in the devel package (bnc#910322) * scsi_dh_alua: add missing hunk in alua_set_params() (bnc#846656). * scsifront: avoid acquiring same lock twice if ring is full. * sd: medium access timeout counter fails to reset (bnc#894213). * storvsc: ring buffer failures may result in I/O freeze * swap: fix shmem swapping when more than 8 areas (bnc#903096). * timekeeping: Avoid possible deadlock from clock_was_set_delayed (bsc#771619). * tty: Fix memory leak in virtual console when enable unicode translation (bnc#916515). * udf: Check component length before reading it. * udf: Check path length when reading symlink. * udf: Verify i_size when loading inode. * udf: Verify symlink size before loading it. * udp: Add MIB counters for rcvbuferrors (bnc#909565). * usb: xhci: rework root port wake bits if controller is not allowed to wakeup (bsc#909264). * virtio_net: drop dst reference before transmitting a packet (bnc#882470). * vt: push the tty_lock down into the map handling (bnc#915826). * workqueue: Make rescuer thread process more works (bnc#900279). * x86, xsave: remove thread_has_fpu() bug check in __sanitize_i387_state() (bnc#904671). * x86-64/MCE: flip CPU and bank numbers in log message. * x86/UV: Fix NULL pointer dereference in uv_flush_tlb_others() if the "^a" boot option is used (bsc#909092). * x86/UV: Fix conditional in gru_exit() (bsc#909095). * x86/early quirk: use gen6 stolen detection for VLV (bnc#908550,FATE#317933). * x86/gpu: Print the Intel graphics stolen memory range (bnc#908550). * x86/hpet: Make boot_hpet_disable extern (bnc#908550,FATE#317933). * x86/intel: Add quirk to disable HPET for the Baytrail platform (bnc#908550,FATE#317933). * x86/uv: Fix UV2 BAU legacy mode (bsc#909092). * x86/uv: Fix the UV BAU destination timeout period (bsc#909092). * x86/uv: Implement UV BAU runtime enable and disable control via /proc/sgi_uv/ (bsc#909092). * x86/uv: Update the UV3 TLB shootdown logic (bsc#909092). * x86/uv: Work around UV2 BAU hangs (bsc#909092). * x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show (bsc#911181). * x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181). * x86: add early quirk for reserving Intel graphics stolen memory v5 (bnc#908550,FATE#317933). * x86: irq: Check for valid irq descriptor in check_irq_vectors_for_cpu_disable (bnc#914726). * xen-privcmd-hcall-preemption: Fix EFLAGS.IF access. * xfs: re-enable non-blocking behaviour in xfs_map_blocks (bnc#900279). * xfs: recheck buffer pinned status after push trylock failure (bnc#907338). * xfs: remove log force from xfs_buf_trylock() (bnc#907338). * xhci: fix incorrect type in assignment in handle_device_notification() (bsc#910321). * zcrypt: Number of supported ap domains is not retrievable (bnc#915209, LTC#120788). Security Issues: * CVE-2013-7263 * CVE-2014-0181 * CVE-2014-3687 * CVE-2014-3688 * CVE-2014-3690 * CVE-2014-4608 * CVE-2014-7822 * CVE-2014-7842 * CVE-2014-7970 * CVE-2014-8133 * CVE-2014-8134 * CVE-2014-8160 * CVE-2014-8369 * CVE-2014-8559 * CVE-2014-9090 * CVE-2014-9322 * CVE-2014-9419 * CVE-2014-9420 * CVE-2014-9584 * CVE-2014-9585 * CVE-2015-1593 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel=10412 slessp3-kernel=10416 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel=10412 slessp3-kernel=10413 slessp3-kernel=10414 slessp3-kernel=10415 slessp3-kernel=10416 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel=10412 slehasp3-kernel=10413 slehasp3-kernel=10414 slehasp3-kernel=10415 slehasp3-kernel=10416 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel=10412 sledsp3-kernel=10416 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.50.1 kernel-default-base-3.0.101-0.47.50.1 kernel-default-devel-3.0.101-0.47.50.1 kernel-source-3.0.101-0.47.50.1 kernel-syms-3.0.101-0.47.50.1 kernel-trace-3.0.101-0.47.50.1 kernel-trace-base-3.0.101-0.47.50.1 kernel-trace-devel-3.0.101-0.47.50.1 kernel-xen-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.50.1 kernel-pae-base-3.0.101-0.47.50.1 kernel-pae-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.50.1 kernel-default-base-3.0.101-0.47.50.1 kernel-default-devel-3.0.101-0.47.50.1 kernel-source-3.0.101-0.47.50.1 kernel-syms-3.0.101-0.47.50.1 kernel-trace-3.0.101-0.47.50.1 kernel-trace-base-3.0.101-0.47.50.1 kernel-trace-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.47.50.1 kernel-ec2-base-3.0.101-0.47.50.1 kernel-ec2-devel-3.0.101-0.47.50.1 kernel-xen-3.0.101-0.47.50.1 kernel-xen-base-3.0.101-0.47.50.1 kernel-xen-devel-3.0.101-0.47.50.1 xen-kmp-default-4.2.5_04_3.0.101_0.47.50-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-3.0.101-0.47.50.1 kernel-bigsmp-base-3.0.101-0.47.50.1 kernel-bigsmp-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.47.50.1 kernel-ppc64-base-3.0.101-0.47.50.1 kernel-ppc64-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.50.1 kernel-pae-base-3.0.101-0.47.50.1 kernel-pae-devel-3.0.101-0.47.50.1 xen-kmp-pae-4.2.5_04_3.0.101_0.47.50-0.7.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.47.50-2.28.1.7 cluster-network-kmp-trace-1.4_3.0.101_0.47.50-2.28.1.7 gfs2-kmp-default-2_3.0.101_0.47.50-0.17.1.7 gfs2-kmp-trace-2_3.0.101_0.47.50-0.17.1.7 ocfs2-kmp-default-1.6_3.0.101_0.47.50-0.21.1.7 ocfs2-kmp-trace-1.6_3.0.101_0.47.50-0.21.1.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.47.50-2.28.1.7 gfs2-kmp-xen-2_3.0.101_0.47.50-0.17.1.7 ocfs2-kmp-xen-1.6_3.0.101_0.47.50-0.21.1.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64): cluster-network-kmp-bigsmp-1.4_3.0.101_0.47.50-2.28.1.7 gfs2-kmp-bigsmp-2_3.0.101_0.47.50-0.17.1.7 ocfs2-kmp-bigsmp-1.6_3.0.101_0.47.50-0.21.1.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.47.50-2.28.1.7 gfs2-kmp-ppc64-2_3.0.101_0.47.50-0.17.1.7 ocfs2-kmp-ppc64-1.6_3.0.101_0.47.50-0.21.1.7 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.47.50-2.28.1.7 gfs2-kmp-pae-2_3.0.101_0.47.50-0.17.1.7 ocfs2-kmp-pae-1.6_3.0.101_0.47.50-0.21.1.7 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.50.1 kernel-default-base-3.0.101-0.47.50.1 kernel-default-devel-3.0.101-0.47.50.1 kernel-default-extra-3.0.101-0.47.50.1 kernel-source-3.0.101-0.47.50.1 kernel-syms-3.0.101-0.47.50.1 kernel-trace-devel-3.0.101-0.47.50.1 kernel-xen-3.0.101-0.47.50.1 kernel-xen-base-3.0.101-0.47.50.1 kernel-xen-devel-3.0.101-0.47.50.1 kernel-xen-extra-3.0.101-0.47.50.1 xen-kmp-default-4.2.5_04_3.0.101_0.47.50-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.50.1 kernel-pae-base-3.0.101-0.47.50.1 kernel-pae-devel-3.0.101-0.47.50.1 kernel-pae-extra-3.0.101-0.47.50.1 xen-kmp-pae-4.2.5_04_3.0.101_0.47.50-0.7.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.50.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.47.50.1 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-bigsmp-extra-3.0.101-0.47.50.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.47.50.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.47.50.1 References: http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-0181.html http://support.novell.com/security/cve/CVE-2014-3687.html http://support.novell.com/security/cve/CVE-2014-3688.html http://support.novell.com/security/cve/CVE-2014-3690.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7822.html http://support.novell.com/security/cve/CVE-2014-7842.html http://support.novell.com/security/cve/CVE-2014-7970.html http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-8134.html http://support.novell.com/security/cve/CVE-2014-8160.html http://support.novell.com/security/cve/CVE-2014-8369.html http://support.novell.com/security/cve/CVE-2014-8559.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html http://support.novell.com/security/cve/CVE-2014-9419.html http://support.novell.com/security/cve/CVE-2014-9420.html http://support.novell.com/security/cve/CVE-2014-9584.html http://support.novell.com/security/cve/CVE-2014-9585.html http://support.novell.com/security/cve/CVE-2015-1593.html https://bugzilla.suse.com/771619 https://bugzilla.suse.com/816099 https://bugzilla.suse.com/829110 https://bugzilla.suse.com/833588 https://bugzilla.suse.com/833820 https://bugzilla.suse.com/846656 https://bugzilla.suse.com/853040 https://bugzilla.suse.com/856760 https://bugzilla.suse.com/864401 https://bugzilla.suse.com/864404 https://bugzilla.suse.com/864409 https://bugzilla.suse.com/864411 https://bugzilla.suse.com/865419 https://bugzilla.suse.com/875051 https://bugzilla.suse.com/876086 https://bugzilla.suse.com/876594 https://bugzilla.suse.com/877593 https://bugzilla.suse.com/882470 https://bugzilla.suse.com/883948 https://bugzilla.suse.com/884817 https://bugzilla.suse.com/887597 https://bugzilla.suse.com/891277 https://bugzilla.suse.com/894213 https://bugzilla.suse.com/895841 https://bugzilla.suse.com/896484 https://bugzilla.suse.com/900279 https://bugzilla.suse.com/900644 https://bugzilla.suse.com/902232 https://bugzilla.suse.com/902349 https://bugzilla.suse.com/902351 https://bugzilla.suse.com/902675 https://bugzilla.suse.com/903096 https://bugzilla.suse.com/903640 https://bugzilla.suse.com/904053 https://bugzilla.suse.com/904242 https://bugzilla.suse.com/904659 https://bugzilla.suse.com/904671 https://bugzilla.suse.com/905304 https://bugzilla.suse.com/905312 https://bugzilla.suse.com/905799 https://bugzilla.suse.com/906586 https://bugzilla.suse.com/907196 https://bugzilla.suse.com/907338 https://bugzilla.suse.com/907551 https://bugzilla.suse.com/907611 https://bugzilla.suse.com/907818 https://bugzilla.suse.com/908069 https://bugzilla.suse.com/908163 https://bugzilla.suse.com/908393 https://bugzilla.suse.com/908550 https://bugzilla.suse.com/908551 https://bugzilla.suse.com/908572 https://bugzilla.suse.com/908825 https://bugzilla.suse.com/909077 https://bugzilla.suse.com/909078 https://bugzilla.suse.com/909088 https://bugzilla.suse.com/909092 https://bugzilla.suse.com/909093 https://bugzilla.suse.com/909095 https://bugzilla.suse.com/909264 https://bugzilla.suse.com/909565 https://bugzilla.suse.com/909740 https://bugzilla.suse.com/909846 https://bugzilla.suse.com/910013 https://bugzilla.suse.com/910150 https://bugzilla.suse.com/910159 https://bugzilla.suse.com/910321 https://bugzilla.suse.com/910322 https://bugzilla.suse.com/910517 https://bugzilla.suse.com/911181 https://bugzilla.suse.com/911325 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/912171 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/913059 https://bugzilla.suse.com/914355 https://bugzilla.suse.com/914423 https://bugzilla.suse.com/914726 https://bugzilla.suse.com/915209 https://bugzilla.suse.com/915322 https://bugzilla.suse.com/915335 https://bugzilla.suse.com/915791 https://bugzilla.suse.com/915826 https://bugzilla.suse.com/916515 https://bugzilla.suse.com/916982 https://bugzilla.suse.com/917839 https://bugzilla.suse.com/917884 https://bugzilla.suse.com/920250 http://download.suse.com/patch/finder/?keywords=0fd9eadfb31561dd2d783db07c79f6e2 http://download.suse.com/patch/finder/?keywords=17ea342ac70ce094db352e89d143510f http://download.suse.com/patch/finder/?keywords=321560c2742d1b151f3288d50e942005 http://download.suse.com/patch/finder/?keywords=5b95a73648a17520abb1323d24fb56b3 http://download.suse.com/patch/finder/?keywords=67d4ee6ce4fba72ecd3e70dc4181af85 http://download.suse.com/patch/finder/?keywords=6fcf5fa8810b78007b8a23933dd952aa http://download.suse.com/patch/finder/?keywords=970f627fefba5af21dfb55448dac4ed3 http://download.suse.com/patch/finder/?keywords=99f6f7f6dfadfd4b30ee84103aa604a4 http://download.suse.com/patch/finder/?keywords=ba948ef69752594d363b7f7db540bcf2 http://download.suse.com/patch/finder/?keywords=ffa229c2e3c1d02c022c4adc72eb544d From sle-updates at lists.suse.com Tue Mar 24 12:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Mar 2015 19:04:51 +0100 (CET) Subject: SUSE-RU-2015:0591-1: moderate: Recommended update for apache2-mod_nss Message-ID: <20150324180451.B829932395@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0591-1 Rating: moderate References: #864929 #897712 #902068 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for apache2-mod_nss provides a new feature: Support for Server Name Indication (SNI) has been added. The NSS module now allows multiple HTTPS websites with multiple certificates on the same IP address and port. (fate#318331, bsc#897712) Additionally, the following issues have been fixed: * Small fixes for support of TLS v1.2. (bsc#902068) * Check for misconfiguration of certificate's CN and virtual names. (bsc#897712) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_nss=10379 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_nss=10379 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.13.1 References: https://bugzilla.suse.com/864929 https://bugzilla.suse.com/897712 https://bugzilla.suse.com/902068 http://download.suse.com/patch/finder/?keywords=e19d3ce8f75a29ba132676d07adf01ed From sle-updates at lists.suse.com Tue Mar 24 19:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 02:04:54 +0100 (CET) Subject: SUSE-RU-2015:0592-1: moderate: Recommended update for cron Message-ID: <20150325010454.B5C1A32369@maintenance.suse.de> SUSE Recommended Update: Recommended update for cron ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0592-1 Rating: moderate References: #900604 #906112 #920430 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cron provides the following fixes: * Fix loading of PAM environment from pam_env as documented in the manual. (bsc#900604, bsc#920430) * Fix auto-reloading of /etc/crontab after changes. (bsc#906112) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cron=10501 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cron=10501 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cron=10501 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cron-4.1-194.211.213.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): cron-4.1-194.211.213.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cron-4.1-194.211.213.1 References: https://bugzilla.suse.com/900604 https://bugzilla.suse.com/906112 https://bugzilla.suse.com/920430 http://download.suse.com/patch/finder/?keywords=fac320c151213810f0f6c6a89fbfd921 From sle-updates at lists.suse.com Tue Mar 24 21:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 04:04:54 +0100 (CET) Subject: SUSE-SU-2015:0593-1: important: Security update for Mozilla Firefox Message-ID: <20150325030454.3B4EB32369@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0593-1 Rating: important References: #923534 Cross-References: CVE-2015-0817 CVE-2015-0818 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 * CVE-2015-0818 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-20150323=10524 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-20150323=10524 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-20150323=10524 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-20150323=10524 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.5.3esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 31.5.3esr]: MozillaFirefox-31.5.3esr-0.8.1 MozillaFirefox-translations-31.5.3esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 31.5.3esr]: MozillaFirefox-31.5.3esr-0.8.1 MozillaFirefox-translations-31.5.3esr-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 31.5.3esr]: MozillaFirefox-31.5.3esr-0.8.1 MozillaFirefox-translations-31.5.3esr-0.8.1 References: http://support.novell.com/security/cve/CVE-2015-0817.html http://support.novell.com/security/cve/CVE-2015-0818.html https://bugzilla.suse.com/923534 http://download.suse.com/patch/finder/?keywords=c769ca2ba75baf304d03ef988f02dabf From sle-updates at lists.suse.com Tue Mar 24 21:05:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 04:05:10 +0100 (CET) Subject: SUSE-RU-2015:0594-1: moderate: Recommended update for glib2 Message-ID: <20150325030510.BBFA932395@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0594-1 Rating: moderate References: #899590 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 backports the feature to use a monotonic clock for timeouts, so timers will not fire before their due time even if the system clock changes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glib2=10459 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glib2=10459 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glib2=10459 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glib2=10459 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.14.1 libgio-fam-2.22.5-0.8.14.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glib2-doc-2.22.5-0.8.14.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): glib2-devel-32bit-2.22.5-0.8.14.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glib2-2.22.5-0.8.14.1 glib2-doc-2.22.5-0.8.14.1 glib2-lang-2.22.5-0.8.14.1 libgio-2_0-0-2.22.5-0.8.14.1 libglib-2_0-0-2.22.5-0.8.14.1 libgmodule-2_0-0-2.22.5-0.8.14.1 libgobject-2_0-0-2.22.5-0.8.14.1 libgthread-2_0-0-2.22.5-0.8.14.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.14.1 libglib-2_0-0-32bit-2.22.5-0.8.14.1 libgmodule-2_0-0-32bit-2.22.5-0.8.14.1 libgobject-2_0-0-32bit-2.22.5-0.8.14.1 libgthread-2_0-0-32bit-2.22.5-0.8.14.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.14.1 glib2-doc-2.22.5-0.8.14.1 glib2-lang-2.22.5-0.8.14.1 libgio-2_0-0-2.22.5-0.8.14.1 libglib-2_0-0-2.22.5-0.8.14.1 libgmodule-2_0-0-2.22.5-0.8.14.1 libgobject-2_0-0-2.22.5-0.8.14.1 libgthread-2_0-0-2.22.5-0.8.14.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.14.1 libglib-2_0-0-32bit-2.22.5-0.8.14.1 libgmodule-2_0-0-32bit-2.22.5-0.8.14.1 libgobject-2_0-0-32bit-2.22.5-0.8.14.1 libgthread-2_0-0-32bit-2.22.5-0.8.14.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgio-2_0-0-x86-2.22.5-0.8.14.1 libglib-2_0-0-x86-2.22.5-0.8.14.1 libgmodule-2_0-0-x86-2.22.5-0.8.14.1 libgobject-2_0-0-x86-2.22.5-0.8.14.1 libgthread-2_0-0-x86-2.22.5-0.8.14.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glib2-2.22.5-0.8.14.1 glib2-devel-2.22.5-0.8.14.1 glib2-lang-2.22.5-0.8.14.1 libgio-2_0-0-2.22.5-0.8.14.1 libgio-fam-2.22.5-0.8.14.1 libglib-2_0-0-2.22.5-0.8.14.1 libgmodule-2_0-0-2.22.5-0.8.14.1 libgobject-2_0-0-2.22.5-0.8.14.1 libgthread-2_0-0-2.22.5-0.8.14.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgio-2_0-0-32bit-2.22.5-0.8.14.1 libglib-2_0-0-32bit-2.22.5-0.8.14.1 libgmodule-2_0-0-32bit-2.22.5-0.8.14.1 libgobject-2_0-0-32bit-2.22.5-0.8.14.1 libgthread-2_0-0-32bit-2.22.5-0.8.14.1 References: https://bugzilla.suse.com/899590 http://download.suse.com/patch/finder/?keywords=a7d2c571abd1d127cd84cc28cf287ec9 From sle-updates at lists.suse.com Wed Mar 25 05:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 12:04:53 +0100 (CET) Subject: SUSE-OU-2015:0596-1: Recommended update for Azure and HP service settings Message-ID: <20150325110453.150BE32398@maintenance.suse.de> SUSE Optional Update: Recommended update for Azure and HP service settings ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0596-1 Rating: low References: #911856 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: Packages regionServiceClientConfigAzure, regionServiceClientConfigHP and azuremetadata have been added to the SLE 12 Public Cloud module. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azuremetadata-3.0.0-3.1 regionServiceClientConfigAzure-0.0.3-2.1 regionServiceClientConfigHP-1.0.0-2.1 References: https://bugzilla.suse.com/911856 From sle-updates at lists.suse.com Wed Mar 25 05:05:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 12:05:10 +0100 (CET) Subject: SUSE-SU-2015:0597-1: moderate: Security update for Xerces-C Message-ID: <20150325110510.1248732398@maintenance.suse.de> SUSE Security Update: Security update for Xerces-C ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0597-1 Rating: moderate References: #920810 Cross-References: CVE-2015-0252 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The Xerces-C XML parsing library was updated to fix mishandling certain kinds of malformed input documents, that could have resulted in a segmentation faults during a parse operation, leading to denial of service or potential code execution. (bnc#920810,CVE-2015-0252) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-144=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-144=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libxerces-c-3_1-3.1.1-4.1 libxerces-c-3_1-32bit-3.1.1-4.1 libxerces-c-3_1-debuginfo-3.1.1-4.1 libxerces-c-3_1-debuginfo-32bit-3.1.1-4.1 xerces-c-debuginfo-3.1.1-4.1 xerces-c-debugsource-3.1.1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxerces-c-3_1-3.1.1-4.1 libxerces-c-3_1-32bit-3.1.1-4.1 libxerces-c-3_1-debuginfo-3.1.1-4.1 libxerces-c-3_1-debuginfo-32bit-3.1.1-4.1 xerces-c-debuginfo-3.1.1-4.1 xerces-c-debugsource-3.1.1-4.1 References: http://support.novell.com/security/cve/CVE-2015-0252.html https://bugzilla.suse.com/920810 From sle-updates at lists.suse.com Wed Mar 25 05:05:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 12:05:29 +0100 (CET) Subject: SUSE-OU-2015:0598-1: Initial release of SUSE Enterprise Storage client Message-ID: <20150325110529.644D432398@maintenance.suse.de> SUSE Optional Update: Initial release of SUSE Enterprise Storage client ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0598-1 Rating: low References: #913799 #914521 #917309 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three optional fixes can now be installed. Description: This update provides the functionality required for SUSE Linux Enterprise Server 12 to act as a client for SUSE Enterprise Storage. qemu can now use storage provided by the SUSE Enterprise Storage Ceph cluster via the RADOS Block Device (rbd) backend. Applications can now be enhanced to directly incorporate object or block storage backed by the SUSE Enterprise Storage cluster, by linking with the librados and librbd client libraries. Also included is the rbd tool to manage RADOS block devices mapped via the rbd kernel module, for use as a standard generic block device. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-143=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-143=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-143=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-143=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libvirt-client-32bit-1.2.5-25.4 libvirt-client-debuginfo-32bit-1.2.5-25.4 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libvirt-debugsource-1.2.5-25.4 libvirt-devel-1.2.5-25.4 - SUSE Linux Enterprise Software Development Kit 12 (x86_64): ceph-devel-0.80.8-2.3 gperftools-debuginfo-2.1-4.2 gperftools-debugsource-2.1-4.2 gperftools-devel-2.1-4.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libvirt-1.2.5-25.4 libvirt-client-1.2.5-25.4 libvirt-client-debuginfo-1.2.5-25.4 libvirt-daemon-1.2.5-25.4 libvirt-daemon-config-network-1.2.5-25.4 libvirt-daemon-config-nwfilter-1.2.5-25.4 libvirt-daemon-debuginfo-1.2.5-25.4 libvirt-daemon-driver-interface-1.2.5-25.4 libvirt-daemon-driver-interface-debuginfo-1.2.5-25.4 libvirt-daemon-driver-lxc-1.2.5-25.4 libvirt-daemon-driver-lxc-debuginfo-1.2.5-25.4 libvirt-daemon-driver-network-1.2.5-25.4 libvirt-daemon-driver-network-debuginfo-1.2.5-25.4 libvirt-daemon-driver-nodedev-1.2.5-25.4 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-25.4 libvirt-daemon-driver-nwfilter-1.2.5-25.4 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-25.4 libvirt-daemon-driver-qemu-1.2.5-25.4 libvirt-daemon-driver-qemu-debuginfo-1.2.5-25.4 libvirt-daemon-driver-secret-1.2.5-25.4 libvirt-daemon-driver-secret-debuginfo-1.2.5-25.4 libvirt-daemon-driver-storage-1.2.5-25.4 libvirt-daemon-driver-storage-debuginfo-1.2.5-25.4 libvirt-daemon-lxc-1.2.5-25.4 libvirt-daemon-qemu-1.2.5-25.4 libvirt-debugsource-1.2.5-25.4 libvirt-doc-1.2.5-25.4 libvirt-lock-sanlock-1.2.5-25.4 libvirt-lock-sanlock-debuginfo-1.2.5-25.4 qemu-2.0.2-43.1 qemu-block-curl-2.0.2-43.1 qemu-block-curl-debuginfo-2.0.2-43.1 qemu-debugsource-2.0.2-43.1 qemu-guest-agent-2.0.2-43.1 qemu-guest-agent-debuginfo-2.0.2-43.1 qemu-lang-2.0.2-43.1 qemu-tools-2.0.2-43.1 qemu-tools-debuginfo-2.0.2-43.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-43.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-43.1 qemu-ppc-debuginfo-2.0.2-43.1 - SUSE Linux Enterprise Server 12 (noarch): python-requests-2.3.0-4.2 qemu-ipxe-1.0.0-43.1 qemu-seabios-1.7.4-43.1 qemu-sgabios-8-43.1 qemu-vgabios-1.7.4-43.1 - SUSE Linux Enterprise Server 12 (x86_64): ceph-common-0.80.8-2.3 ceph-common-debuginfo-0.80.8-2.3 gperftools-2.1-4.2 gperftools-debuginfo-2.1-4.2 gperftools-debugsource-2.1-4.2 libcephfs1-0.80.8-2.3 libcephfs1-debuginfo-0.80.8-2.3 librados2-0.80.8-2.3 librados2-debuginfo-0.80.8-2.3 librbd1-0.80.8-2.3 librbd1-debuginfo-0.80.8-2.3 libvirt-daemon-driver-libxl-1.2.5-25.4 libvirt-daemon-driver-libxl-debuginfo-1.2.5-25.4 libvirt-daemon-xen-1.2.5-25.4 python-ceph-0.80.8-2.3 qemu-block-rbd-2.0.2-43.1 qemu-block-rbd-debuginfo-2.0.2-43.1 qemu-x86-2.0.2-43.1 qemu-x86-debuginfo-2.0.2-43.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-43.1 qemu-s390-debuginfo-2.0.2-43.1 - SUSE Linux Enterprise Desktop 12 (x86_64): librados2-0.80.8-2.3 librados2-debuginfo-0.80.8-2.3 librbd1-0.80.8-2.3 librbd1-debuginfo-0.80.8-2.3 libvirt-1.2.5-25.4 libvirt-client-1.2.5-25.4 libvirt-client-32bit-1.2.5-25.4 libvirt-client-debuginfo-1.2.5-25.4 libvirt-client-debuginfo-32bit-1.2.5-25.4 libvirt-daemon-1.2.5-25.4 libvirt-daemon-config-network-1.2.5-25.4 libvirt-daemon-config-nwfilter-1.2.5-25.4 libvirt-daemon-debuginfo-1.2.5-25.4 libvirt-daemon-driver-interface-1.2.5-25.4 libvirt-daemon-driver-interface-debuginfo-1.2.5-25.4 libvirt-daemon-driver-libxl-1.2.5-25.4 libvirt-daemon-driver-libxl-debuginfo-1.2.5-25.4 libvirt-daemon-driver-lxc-1.2.5-25.4 libvirt-daemon-driver-lxc-debuginfo-1.2.5-25.4 libvirt-daemon-driver-network-1.2.5-25.4 libvirt-daemon-driver-network-debuginfo-1.2.5-25.4 libvirt-daemon-driver-nodedev-1.2.5-25.4 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-25.4 libvirt-daemon-driver-nwfilter-1.2.5-25.4 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-25.4 libvirt-daemon-driver-qemu-1.2.5-25.4 libvirt-daemon-driver-qemu-debuginfo-1.2.5-25.4 libvirt-daemon-driver-secret-1.2.5-25.4 libvirt-daemon-driver-secret-debuginfo-1.2.5-25.4 libvirt-daemon-driver-storage-1.2.5-25.4 libvirt-daemon-driver-storage-debuginfo-1.2.5-25.4 libvirt-daemon-lxc-1.2.5-25.4 libvirt-daemon-qemu-1.2.5-25.4 libvirt-daemon-xen-1.2.5-25.4 libvirt-debugsource-1.2.5-25.4 libvirt-doc-1.2.5-25.4 qemu-2.0.2-43.1 qemu-block-curl-2.0.2-43.1 qemu-block-curl-debuginfo-2.0.2-43.1 qemu-debugsource-2.0.2-43.1 qemu-kvm-2.0.2-43.1 qemu-tools-2.0.2-43.1 qemu-tools-debuginfo-2.0.2-43.1 qemu-x86-2.0.2-43.1 qemu-x86-debuginfo-2.0.2-43.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-43.1 qemu-seabios-1.7.4-43.1 qemu-sgabios-8-43.1 qemu-vgabios-1.7.4-43.1 References: https://bugzilla.suse.com/913799 https://bugzilla.suse.com/914521 https://bugzilla.suse.com/917309 From sle-updates at lists.suse.com Wed Mar 25 10:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 17:04:50 +0100 (CET) Subject: SUSE-RU-2015:0601-1: moderate: Recommended update for open-iscsi Message-ID: <20150325160450.7153932395@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0601-1 Rating: moderate References: #902183 #905670 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi provides the following fixes: - Fix isns server to allow legal registration sequence, including portal group. (bsc#905670) - Properly boot all iSCSI CNAs. (bsc#902183) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-145=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-145=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): iscsiuio-0.7.8.2-23.1 iscsiuio-debuginfo-0.7.8.2-23.1 open-iscsi-2.0.873-23.1 open-iscsi-debuginfo-2.0.873-23.1 open-iscsi-debugsource-2.0.873-23.1 open-isns-0.90-23.1 open-isns-debuginfo-0.90-23.1 - SUSE Linux Enterprise Desktop 12 (x86_64): iscsiuio-0.7.8.2-23.1 iscsiuio-debuginfo-0.7.8.2-23.1 open-iscsi-2.0.873-23.1 open-iscsi-debuginfo-2.0.873-23.1 open-iscsi-debugsource-2.0.873-23.1 References: https://bugzilla.suse.com/902183 https://bugzilla.suse.com/905670 From sle-updates at lists.suse.com Wed Mar 25 12:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 19:04:50 +0100 (CET) Subject: SUSE-RU-2015:0603-1: Recommended update for timezone Message-ID: <20150325180450.48A6832395@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0603-1 Rating: low References: #923498 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2015b) for your system, including the following changes: - Mongolia will start observing DST again in 2015, from the last Saturday in March to the last Saturday in September. - Palestine will start DST on March 28, not March 27. - Fix integer overflow bug in reference 'mktime' implementation. This release also includes changes affecting past time stamps and documentation. For a comprehensive list, refer to the release announcement from ICANN: - http://mm.icann.org/pipermail/tz-announce/2015-March/000029.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-146=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): timezone-2015b-0.11.1 timezone-debuginfo-2015b-0.11.1 timezone-debugsource-2015b-0.11.1 - SUSE Linux Enterprise Server 12 (noarch): timezone-java-2015b-0.11.1 References: https://bugzilla.suse.com/923498 From sle-updates at lists.suse.com Wed Mar 25 12:05:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 19:05:08 +0100 (CET) Subject: SUSE-RU-2015:0604-1: Recommended update for limal-ca-mgm, yast2-ca-management Message-ID: <20150325180508.25A2D32398@maintenance.suse.de> SUSE Recommended Update: Recommended update for limal-ca-mgm, yast2-ca-management ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0604-1 Rating: low References: #839983 #889356 #899893 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes two new package versions. Description: This collective update provides the following fixes and enhancements: limal-ca-mgm: * Support digests sha224, sha256, sha384 and sha512. (bsc#889356) * Convert certificate policies to oids only. (bsc#889356) yast2-ca-management: * Support digests sha224, sha256, sha384 and sha512. (bsc#889356) * Fix reading passwords from environment in commandline mode. (bsc#899893) * Enable export of Certificate Requests. (bsc#839983) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-yast2-ca-201501=10205 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-ca-201501=10205 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-ca-201501=10205 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-ca-201501=10205 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.5.24]: limal-ca-mgm-devel-1.5.24-0.3.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2.17.26]: yast2-ca-management-2.17.26-0.5.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.5.24]: limal-ca-mgm-1.5.24-0.3.2 limal-ca-mgm-perl-1.5.24-0.3.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.17.26]: yast2-ca-management-2.17.26-0.5.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.5.24]: limal-ca-mgm-1.5.24-0.3.2 limal-ca-mgm-perl-1.5.24-0.3.2 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.17.26]: yast2-ca-management-2.17.26-0.5.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.5.24]: limal-ca-mgm-1.5.24-0.3.2 limal-ca-mgm-perl-1.5.24-0.3.2 References: https://bugzilla.suse.com/839983 https://bugzilla.suse.com/889356 https://bugzilla.suse.com/899893 http://download.suse.com/patch/finder/?keywords=8f8292ada386bb38d579bebf19988e49 From sle-updates at lists.suse.com Wed Mar 25 13:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 20:04:49 +0100 (CET) Subject: SUSE-RU-2015:0603-2: Recommended update for timezone Message-ID: <20150325190449.F1B9C32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0603-2 Rating: low References: #923498 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2015b) for your system, including the following changes: - Mongolia will start observing DST again in 2015, from the last Saturday in March to the last Saturday in September. - Palestine will start DST on March 28, not March 27. - Fix integer overflow bug in reference 'mktime' implementation. This release also includes changes affecting past time stamps and documentation. For a comprehensive list, refer to the release announcement from ICANN: - http://mm.icann.org/pipermail/tz-announce/2015-March/000029.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-146=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): timezone-2015b-0.11.1 timezone-debuginfo-2015b-0.11.1 timezone-debugsource-2015b-0.11.1 - SUSE Linux Enterprise Desktop 12 (noarch): timezone-java-2015b-0.11.1 References: https://bugzilla.suse.com/923498 From sle-updates at lists.suse.com Wed Mar 25 13:05:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Mar 2015 20:05:09 +0100 (CET) Subject: SUSE-RU-2015:0605-1: Recommended update for python-netifaces Message-ID: <20150325190509.6CFFC32398@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-netifaces ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0605-1 Rating: low References: #917053 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides python-netifaces 0.10.4, which brings many bug fixes and enhancements. For a comprehensive list of changes, please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-netifaces=10296 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-netifaces=10296 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.10.4]: python-netifaces-0.10.4-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.10.4]: python-netifaces-0.10.4-0.9.1 References: https://bugzilla.suse.com/917053 http://download.suse.com/patch/finder/?keywords=1cce943153d21e66e059034c8847ba76 From sle-updates at lists.suse.com Wed Mar 25 17:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Mar 2015 00:04:48 +0100 (CET) Subject: SUSE-RU-2015:0606-1: Recommended update for timezone Message-ID: <20150325230448.A701532395@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0606-1 Rating: low References: #923498 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information (2015b) for your system, including the following changes: * Mongolia will start observing DST again in 2015, from the last Saturday in March to the last Saturday in September. * Palestine will start DST on March 28, not March 27. * Fix integer overflow bug in reference 'mktime' implementation. This release also includes changes affecting past time stamps and documentation. For a comprehensive list, refer to the release announcement from ICANN: * http://mm.icann.org/pipermail/tz-announce/2015-March/000029.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-timezone-2015b=10516 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2015b=10514 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2015b]: timezone-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch) [New Version: 2015b]: timezone-java-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2015b]: timezone-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2015b]: timezone-java-2015b-0.4.1 References: https://bugzilla.suse.com/923498 http://download.suse.com/patch/finder/?keywords=323feff9144573c7222232c276c81d9b http://download.suse.com/patch/finder/?keywords=9a465726ac6186f6d77ff216fb1bfa81 From sle-updates at lists.suse.com Wed Mar 25 22:04:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Mar 2015 05:04:47 +0100 (CET) Subject: SUSE-RU-2015:0606-2: Recommended update for timezone Message-ID: <20150326040447.EB8E132395@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0606-2 Rating: low References: #923498 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information (2015b) for your system, including the following changes: * Mongolia will start observing DST again in 2015, from the last Saturday in March to the last Saturday in September. * Palestine will start DST on March 28, not March 27. * Fix integer overflow bug in reference 'mktime' implementation. This release also includes changes affecting past time stamps and documentation. For a comprehensive list, refer to the release announcement from ICANN: * http://mm.icann.org/pipermail/tz-announce/2015-March/000029.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2015b=10517 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2015b=10517 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2015b=10517 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2015b=10517 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2015b]: timezone-java-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2015b]: timezone-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2015b]: timezone-java-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2015b]: timezone-2015b-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2015b]: timezone-java-2015b-0.4.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2015b]: timezone-2015b-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2015b]: timezone-2015b-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2015b]: timezone-java-2015b-0.4.1 References: https://bugzilla.suse.com/923498 http://download.suse.com/patch/finder/?keywords=38e89e00477ee1f3f0b64cf6f2818510 http://download.suse.com/patch/finder/?keywords=640dddbd5ccb7076e681d1f5ac832f93 From sle-updates at lists.suse.com Thu Mar 26 12:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Mar 2015 19:04:56 +0100 (CET) Subject: SUSE-RU-2015:0610-1: Recommended update for release-notes-susemanager Message-ID: <20150326180456.5D8EC32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0610-1 Rating: low References: #913215 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager 2.1 Release Notes have been updated to document: * Support for RES7 * Service pack migration via API * Inclusion of spacecmd in SUSE-Manager-Tools channel * SUSE Customer Center (SCC) and SLE 12 integration. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-release-notes-susemanager=10409 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (s390x x86_64): release-notes-susemanager-2.1.0-0.32.1 References: https://bugzilla.suse.com/913215 http://download.suse.com/patch/finder/?keywords=f58c17ee21a16a469be0ca6b32ed175d From sle-updates at lists.suse.com Thu Mar 26 13:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Mar 2015 20:04:51 +0100 (CET) Subject: SUSE-RU-2015:0611-1: important: Recommended update for SUSE Manager Server 2.1 Message-ID: <20150326190451.25E9032398@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0611-1 Rating: important References: #653265 #767279 #808947 #841731 #855389 #858971 #860299 #862408 #867836 #870159 #872029 #872298 #872351 #875231 #875452 #878550 #878553 #879904 #879992 #879998 #880001 #880022 #880026 #880027 #880081 #880087 #880327 #880388 #880936 #881111 #881225 #881522 #881711 #882468 #883009 #883057 #883379 #883487 #884051 #884081 #884350 #884366 #885889 #886391 #886421 #887538 #887879 #889363 #889605 #889721 #889739 #889905 #892707 #892711 #893608 #895001 #895961 #896029 #896109 #896238 #896244 #896254 #896844 #897723 #898242 #898426 #898428 #899266 #900956 #901058 #901108 #901193 #901675 #901776 #901927 #901928 #901958 #902182 #902373 #902494 #902503 #902915 #903064 #903720 #903723 #903880 #903961 #904690 #904699 #904703 #904732 #904841 #904959 #905072 #905263 #905530 #906850 #906851 #906887 #907086 #907106 #907337 #907527 #907586 #907643 #907645 #907646 #907677 #907809 #908317 #908320 #908849 #909724 #910243 #910482 #910494 #911166 #911180 #911272 #911808 #912035 #912057 #912886 #913215 #913221 #913939 #914260 #914437 #914900 #915140 #919448 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 123 fixes is now available. It includes 32 new package versions. Description: This collective update for SUSE Manager Server 2.1 provides the following new features: * Connect SUSE Manager to the SUSE Customer Center. * Manage SLE12 systems. * ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. (FATE#317789) * New API calls: system.scheduleSPMigration(), system.scheduleDistUpgrade(). (FATE#314785, FATE#314340) Additionally, several issues have been fixed: auditlog-keeper: * Fix value too long for type character varying(2048). (bnc#872351) * Fix init.d script restart. (bsc#872029) cobbler: * Require syslinux-x86_64 on s390x. (bsc#884051) * Fix fetching of profiles for auto-installation. (bsc#880936) * Fix port guessing in koan. (bsc#855389) * Add "copy-default" option to grubby-compat. (bsc#855389) * Handle elilo in SUSE. (bsc#855389) * Fix wrong option "text" in SUSE environment. (bsc#901058) * Fix re-installation on SLE with static network configuration. (bsc#883487) * Add RHEL 7 as a valid operating system version. oracle-config: * No need to pre-require Apache as its user and group are available in the base system. osad: * Enable and install osad during first installation. (bsc#901958) pxe-default-image: * Add bind-utils (dig) to packagelist. (bsc#889739) * Wait for gateway to become available before register. (bsc#895001) rhnlib: * Ensure bytes strings are sent to pyOpenSSL. (bnc#880388) rhnpush: * Add default path structure to proxy lookaside that avoids collisions. sm-ncc-sync-data: * Add SUSE Cloud 4 channels. (bnc#883057) * Add channels for SUSE Manager Server 2.1 s390x. * Fix parent label of the LTSS channel for SLMS. * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108) * Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608) smdba: * Fix "system check breaks backup and other configuration". * Implement rotating PostgreSQL backup. (bsc#896244) * Space reclamation caused ORA-00942: table or view does not exist. (bsc#906850) * Archival of PosgreSQL transaction log does not recover in case of no space left on device. (bsc#915140) spacecmd: * Fix listupgrades. (bsc#892707) * Make print_result a static method of SpacewalkShell. (bsc#889605) * Call listAutoinstallableChannels() for listing distributions. (bsc#887879) * Fix spacecmd schedule listing. (bsc#902494) * Fix call of setCustomOptions() during kickstart_importjson. (bsc#879904) * Fix configchannel export: do not create 'contents' key for directories. (bsc#908849) spacewalk-backend: * Insert update tag at the correct place for SLE12. (bsc#907677) * Trigger generation of metadata if the repo contains no packages. (bsc#870159) * Convert mtime to localtime to prevent invalid times because of DST. (bsc#914437) * Do not exit with error if a vendor channel has no URL associated. (bsc#914260) * Convert empty string to null for DMI values. (bsc#911272) spacewalk-branding: * CVE patches adapted for colour blind users. (bnc#872298) * Underline in icons is removed. (bnc#880001) * Fix link to macro documentation. (bsc#895961) * Fix branding in error message. (bsc#902503) spacewalk-certs-tools: * Fix removal of existing host key entries. (bsc#886391) * Remove duplicates from authorized_keys2 as well. (bsc#885889) * Do not allow registering a SUSE Manager server against itself. (bsc#841731) spacewalk-client-tools: * Allow unicode characters in proxy username and password. * Send correct hostname. (bsc#887538) spacewalk-config: * Add recommended Apache settings from the Security Team. spacewalk-java: * Fix human dates now() staying unmodified. (bnc#880081) * Allow for null evr and archs on event history detail. (bnc#880327) * Disable form autocompletion in some places. (bnc#879998) * Fix datepicker time at xx:xx PM pre-filled with xx:xx AM. (bnc#881522) * Fixed package upgrade via SSM when using the Oracle DB as backend. (bnc#889721) * This update fixes various cross-site scripting (XSS) issues in spacewalk-java. (CVE-2014-3654, bnc#902182) * Sync correct repositories. (bnc#904959) * Fix pxt page link to point to the ported version of that page. (bsc#903720) * Correctly apply patches to multiple systems in SSM. (bsc#898242) * Fix CVE audit when some packages of a patch are already installed. (bsc#899266) * Download CSV button does not export all columns ("Base Channel" missing). (bsc#896238) * Read and display only a limited number of logfile lines. (bsc#883009) * Fix package upgrade via SSM. (bsc#889721) * Fix logrotate for /var/log/rhn/rhn_web_api.log. (bsc#884081) * Throw channel name exception if name is already used. (bnc#901675) * Don't commit when XMLRPCExceptions are thrown. (bsc#908320) * Remove "Select All" button from system currency report. (bsc#653265) * Fix documentation search. (bsc#875452) * Add API listAutoinstallableChannels(). (bsc#887879) * Avoid ArrayIndexOutOfBoundsException with invalid URLs. (bsc#892711) * Avoid NumberFormatException in case of invalid URL. (bsc#892711) * Lookup kickstart tree only when org is found. (bsc#892711) * Fix NPE on GET /rhn/common/DownloadFile.do. (bsc#892711) * Port of the advanced provisioning option page to bootstrap. (bnc#862408) * mgr-sync refresh sets wrong permissions on JSON files. (bnc#907337) * Fix link to macro documentation. (bsc#895961) * Forward to "raw mode" page in case this is an uploaded profile. (bsc#904841) * Enlarge big text area to use more available screen space. (bnc#867836) * Fix links to monitoring documentation. (bsc#906887) * Fix install type detection. (bsc#875231) * Point "Register Clients" link to "Client Configuration Guide". (bsc#880026) * Change order of installer type: prefer SUSE Linux. (bsc#860299) * Fix ISE when clicking system currency. (bnc#905530) * Set cobbler hostname variable when calling system.createSystemRecord. (bnc#904699) * Fix wrong install=http://nullnull line when calling system.createSystemRecord. (bnc#904699) * Explain snapshot/rollback behavior better. (bsc#808947) * Fix patch syncing: prevent hibernate.NonUniqueObjectException androllback. (bsc#903880) * Remove "Add Selected to SSM" from system overview page. (bsc#901776) * Fix CVE audit in case of multi-version package installed and patch in multi channels. (bsc#903723) * Update channel family membership when channel is updated. (bsc#901193) * Add log warning if uploaded file size > 1MB. (bnc#901927) * Fix channel package compare. (bsc#904690) * Fix automatic configuration file deployment via snippet. (bsc#898426) * Add client hostname or IP to log messages. (bsc#904732) * Fixed copying text from kickstart snippets. (bsc#880087) * Fix auditlog config yaml syntax. (bsc#913221) * Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939) * Fixed uncaught error which prevent correct error handling. (bsc#858971) * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035) * Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811, bsc#902915) * Fix basic authentication for HTTP proxies. (bsc#912057) * Accept repos with same SCC ID and different URLs. (bsc#911808) * Avoid mgr-sync-refresh failure because clear_log_id was not called. (bsc#911166) * Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812, bsc#912886) * Fix "Select All" buttons display on rhn:list and make it consistent with new rl:list. (bsc#909724) * Fix List tag missing submit parameter for "Select All" and others. (bnc#909724) * Sort filelist in configfile.compare event history alphabetically. (bsc#910243) * Allow parenthesis in system group description. (bsc#903064) * Provide new API documentation in PDF format. (bsc#896029) * Update the example scripts section. (bsc#896029) * Fixed wording issues on package lock page. (bsc#880022) * Make text more clear for package profile sync. (bsc#884350) spacewalk-reports: * Added channel- and server-group-ids to activation-keys. * Added spacewalk-report for systems with extra packages. spacewalk-search: * Fix package searching in shared channels. spacewalk-setup: * Setup /etc/sudoers in SUSE Manager upgrade scripts (bnc#881711) * No activation if database population should be skipped. (bsc#900956) * Do not enable spacewalk-service in runlevel 4. (bsc#879992) spacewalk-utils: * Fixed spacewalk-hostname-rename to work with PostgreSQL backend. * Added limitation of spacewalk-clone-by-date for RHEL4 and earlier. * Add openSUSE 13.2 repositories to spacewalk-common-channels. * Improve clone-by-date dependency resolution. * Add CentOS 7 and EPEL 7 channels. * Fix error if blacklist / removelist is not in scbd configurationfile. spacewalk-web: * Fix links to monitoring documentation. (bsc#906887) * Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939) supportutils-plugin-susemanager: * Write current service and repository configuration into supportconfig. susemanager-manuals_en, susemanager-jsp_en: * Clarification about supported Web browsers. (bsc#889905) * Update text and image files. (bnc#907527) * Document NCC to SCC switch with SUSE Manager 2.1. (bnc#907106, bnc#907643, bnc#907645, bnc#907646) * SUSE Manager server update description. (bnc#902373) * Activation keys and packages. (bnc#767279) * Cobbler (bnc#880027), Link fix (bnc#881225), Wagon (bnc#884366) * Install and ship the built PDFs. (bnc#907086) * Update text and image files (bsc#910494). * Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings missing. (bsc#904703) * Document SP migration and ISS. (bsc#913215, partially). * Fix "beta packages" mentioned in documentation. (bsc#886421). * User guide: Snapshots: clarify snaphot usage. (bsc#906851). * Document maximal supported configuration file limit. (bsc#910482). susemanager-schema: * Add SLE 12 distribution targets to database. * Fix evr_t schema upgrade. (bsc#881111) * Allow evr_t to be compared with NULL in Oracle. (bsc#881111) * Add support to ppc64le architecture. * Fix migration script names to fix bare-metal registration. (bsc#896109) * Create regular index instead and have one migration per DB. (bsc#905072) * Drop unique index on package ids. (bsc#905072) * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035) * Fix old migration for future reference. (bsc#911180) * Avoid NPE when migrating to SCC on Oracle migrated from 1.7. (bsc#911180) susemanager: * Update the sudoers file after SUSE Manager upgrade. (bnc#881711) * Fix oracle2postgres.sh (database configuration). * Replace /etc/motd after setup. (bsc#883379) * Make mgr-create-bootstrap-repo SCC and SLE 12 aware. * Abort setup when invalid SSL country code given. (bnc#882468) * Use noRepoSync parameter always. * Fixed error message on exception in mgr-sync. (bnc#905263) * Fixed add product to not trigger redundant addition of base channel. (bnc#901928) * Ask for the authentication beforehand. (bsc#908317) susemanager-sync-data: * Add channels for Public Cloud Module. (bsc#907586) * Add new channel families SLE-WE and SLE-LP. * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108) * Add channels for IBM-DLPAR for SLE12 ppc64le. * Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608) suseRegisterInfo: * Re-add legacy suse_register_info to successfully perform the update. (bsc#898428) zypp-plugin-spacewalk: * Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254) * Changed the spec file to force usage of the official python VM. (bsc#889363) yum: * Preserve query parameters in URLs. (bsc#896844) struts: * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. apache2-mod_wsgi: * CVE-2014-0242: Information exposure. (bnc#878553) * CVE-2014-0240: Local privilege escalation. (bnc#878550) * CVE-2014-8583: Failure to handle errors when attempting to drop group privileges. (bnc#903961) libyaml-0-2: * Assert failure when processing wrapped strings (bnc#907809, CVE-2014-9130) tanukiwrapper: * Allow more than 4G as -Xmx option. (bsc#914900) The following new packages have been added to the product: susemanager-sync-data, google-gson, python-enum34. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Security Issues: * CVE-2014-0114 * CVE-2014-0240 * CVE-2014-0242 * CVE-2014-3654 * CVE-2014-7811 * CVE-2014-7812 * CVE-2014-8583 * CVE-2014-9130 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-suse-manager-201503=10396 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (noarch) [New Version: 1.0.3,1.0.4,1.20.2,1.26.13.2,2.1.0.2,2.1.14.6,2.1.14.8,2.1.14.9,2.1.16.6,2.1.165.14,2.1.2.3,2.1.2.4,2.1.27.12,2.1.5.4,2.1.50.11,2.1.6.5,2.1.60.12,2.1.9,5.11.33.7,5.3.18.4,5.4.22.6 and 5.5.71.7]: auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58 auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58 auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58 auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58 auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58 google-gson-2.2.4-0.7.52 oracle-config-1.1-0.10.10.16 osa-dispatcher-5.11.33.7-0.7.16 perl-Class-Singleton-1.4-4.13.38 perl-NOCpulse-Object-1.26.13.2-0.7.13 perl-Satcon-1.20.2-0.7.6 perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58 pxe-default-image-0.1-0.20.56 rhn-custom-info-5.4.22.6-0.7.13 rhnmd-5.3.18.4-0.7.15 rhnpush-5.5.71.7-0.7.16 sm-ncc-sync-data-2.1.9-0.7.6 spacewalk-admin-2.1.2.4-0.7.6 spacewalk-base-2.1.60.12-0.7.7 spacewalk-base-minimal-2.1.60.12-0.7.7 spacewalk-base-minimal-config-2.1.60.12-0.7.7 spacewalk-certs-tools-2.1.6.5-0.7.10 spacewalk-check-2.1.16.6-0.7.9 spacewalk-client-setup-2.1.16.6-0.7.9 spacewalk-client-tools-2.1.16.6-0.7.9 spacewalk-config-2.1.5.4-0.7.15 spacewalk-doc-indexes-2.1.2.3-0.7.26 spacewalk-grail-2.1.60.12-0.7.7 spacewalk-html-2.1.60.12-0.7.7 spacewalk-java-2.1.165.14-0.7.16 spacewalk-java-config-2.1.165.14-0.7.16 spacewalk-java-lib-2.1.165.14-0.7.16 spacewalk-java-oracle-2.1.165.14-0.7.16 spacewalk-java-postgresql-2.1.165.14-0.7.16 spacewalk-pxt-2.1.60.12-0.7.7 spacewalk-reports-2.1.14.8-0.7.10 spacewalk-search-2.1.14.6-0.7.18 spacewalk-setup-2.1.14.9-0.7.6 spacewalk-setup-jabberd-2.1.0.2-0.7.6 spacewalk-sniglets-2.1.60.12-0.7.7 spacewalk-taskomatic-2.1.165.14-0.7.16 spacewalk-utils-2.1.27.12-0.7.25 struts-1.2.9-162.33.22 supportutils-plugin-susemanager-1.0.3-0.5.5 supportutils-plugin-susemanager-client-1.0.4-0.5.5 susemanager-client-config_en-pdf-2.1-0.15.24 susemanager-install_en-pdf-2.1-0.15.24 susemanager-jsp_en-2.1-0.15.23 susemanager-manuals_en-2.1-0.15.24 susemanager-proxy-quick_en-pdf-2.1-0.15.24 susemanager-reference_en-pdf-2.1-0.15.24 susemanager-schema-2.1.50.11-0.7.8 susemanager-sync-data-2.1.5-0.7.6 susemanager-user_en-pdf-2.1-0.15.24 - SUSE Manager Server (s390x) [New Version: 1.10.2.2,1.5.1,2.1.17,2.1.25.7,2.1.33.10,2.1.55.15,2.1.9,2.5.69.6,5.0.14.6 and 9.1.15]: apache2-mod_wsgi-3.3-5.7.17 cobbler-2.2.2-0.54.9 libyaml-0-2-0.1.3-0.10.16.11 postgresql91-pltcl-9.1.15-0.3.1 python-enum34-1.0-0.7.33 python-gzipstream-1.10.2.2-0.7.6 rhnlib-2.5.69.6-0.7.6 smdba-1.5.1-0.7.6 spacecmd-2.1.25.7-0.7.9 spacewalk-backend-2.1.55.15-0.7.11 spacewalk-backend-app-2.1.55.15-0.7.11 spacewalk-backend-applet-2.1.55.15-0.7.11 spacewalk-backend-config-files-2.1.55.15-0.7.11 spacewalk-backend-config-files-common-2.1.55.15-0.7.11 spacewalk-backend-config-files-tool-2.1.55.15-0.7.11 spacewalk-backend-iss-2.1.55.15-0.7.11 spacewalk-backend-iss-export-2.1.55.15-0.7.11 spacewalk-backend-libs-2.1.55.15-0.7.11 spacewalk-backend-package-push-server-2.1.55.15-0.7.11 spacewalk-backend-server-2.1.55.15-0.7.11 spacewalk-backend-sql-2.1.55.15-0.7.11 spacewalk-backend-sql-oracle-2.1.55.15-0.7.11 spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11 spacewalk-backend-tools-2.1.55.15-0.7.11 spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11 spacewalk-backend-xmlrpc-2.1.55.15-0.7.11 spacewalk-branding-2.1.33.10-0.7.16 spacewalksd-5.0.14.6-0.7.15 suseRegisterInfo-2.1.9-0.7.29 susemanager-2.1.17-0.7.11 susemanager-tools-2.1.17-0.7.11 tanukiwrapper-3.2.3-0.10.12 yum-3.2.29-0.19.30 yum-common-3.2.29-0.19.30 zypp-plugin-spacewalk-0.9.8-0.15.51 References: http://support.novell.com/security/cve/CVE-2014-0114.html http://support.novell.com/security/cve/CVE-2014-0240.html http://support.novell.com/security/cve/CVE-2014-0242.html http://support.novell.com/security/cve/CVE-2014-3654.html http://support.novell.com/security/cve/CVE-2014-7811.html http://support.novell.com/security/cve/CVE-2014-7812.html http://support.novell.com/security/cve/CVE-2014-8583.html http://support.novell.com/security/cve/CVE-2014-9130.html https://bugzilla.suse.com/653265 https://bugzilla.suse.com/767279 https://bugzilla.suse.com/808947 https://bugzilla.suse.com/841731 https://bugzilla.suse.com/855389 https://bugzilla.suse.com/858971 https://bugzilla.suse.com/860299 https://bugzilla.suse.com/862408 https://bugzilla.suse.com/867836 https://bugzilla.suse.com/870159 https://bugzilla.suse.com/872029 https://bugzilla.suse.com/872298 https://bugzilla.suse.com/872351 https://bugzilla.suse.com/875231 https://bugzilla.suse.com/875452 https://bugzilla.suse.com/878550 https://bugzilla.suse.com/878553 https://bugzilla.suse.com/879904 https://bugzilla.suse.com/879992 https://bugzilla.suse.com/879998 https://bugzilla.suse.com/880001 https://bugzilla.suse.com/880022 https://bugzilla.suse.com/880026 https://bugzilla.suse.com/880027 https://bugzilla.suse.com/880081 https://bugzilla.suse.com/880087 https://bugzilla.suse.com/880327 https://bugzilla.suse.com/880388 https://bugzilla.suse.com/880936 https://bugzilla.suse.com/881111 https://bugzilla.suse.com/881225 https://bugzilla.suse.com/881522 https://bugzilla.suse.com/881711 https://bugzilla.suse.com/882468 https://bugzilla.suse.com/883009 https://bugzilla.suse.com/883057 https://bugzilla.suse.com/883379 https://bugzilla.suse.com/883487 https://bugzilla.suse.com/884051 https://bugzilla.suse.com/884081 https://bugzilla.suse.com/884350 https://bugzilla.suse.com/884366 https://bugzilla.suse.com/885889 https://bugzilla.suse.com/886391 https://bugzilla.suse.com/886421 https://bugzilla.suse.com/887538 https://bugzilla.suse.com/887879 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/889605 https://bugzilla.suse.com/889721 https://bugzilla.suse.com/889739 https://bugzilla.suse.com/889905 https://bugzilla.suse.com/892707 https://bugzilla.suse.com/892711 https://bugzilla.suse.com/893608 https://bugzilla.suse.com/895001 https://bugzilla.suse.com/895961 https://bugzilla.suse.com/896029 https://bugzilla.suse.com/896109 https://bugzilla.suse.com/896238 https://bugzilla.suse.com/896244 https://bugzilla.suse.com/896254 https://bugzilla.suse.com/896844 https://bugzilla.suse.com/897723 https://bugzilla.suse.com/898242 https://bugzilla.suse.com/898426 https://bugzilla.suse.com/898428 https://bugzilla.suse.com/899266 https://bugzilla.suse.com/900956 https://bugzilla.suse.com/901058 https://bugzilla.suse.com/901108 https://bugzilla.suse.com/901193 https://bugzilla.suse.com/901675 https://bugzilla.suse.com/901776 https://bugzilla.suse.com/901927 https://bugzilla.suse.com/901928 https://bugzilla.suse.com/901958 https://bugzilla.suse.com/902182 https://bugzilla.suse.com/902373 https://bugzilla.suse.com/902494 https://bugzilla.suse.com/902503 https://bugzilla.suse.com/902915 https://bugzilla.suse.com/903064 https://bugzilla.suse.com/903720 https://bugzilla.suse.com/903723 https://bugzilla.suse.com/903880 https://bugzilla.suse.com/903961 https://bugzilla.suse.com/904690 https://bugzilla.suse.com/904699 https://bugzilla.suse.com/904703 https://bugzilla.suse.com/904732 https://bugzilla.suse.com/904841 https://bugzilla.suse.com/904959 https://bugzilla.suse.com/905072 https://bugzilla.suse.com/905263 https://bugzilla.suse.com/905530 https://bugzilla.suse.com/906850 https://bugzilla.suse.com/906851 https://bugzilla.suse.com/906887 https://bugzilla.suse.com/907086 https://bugzilla.suse.com/907106 https://bugzilla.suse.com/907337 https://bugzilla.suse.com/907527 https://bugzilla.suse.com/907586 https://bugzilla.suse.com/907643 https://bugzilla.suse.com/907645 https://bugzilla.suse.com/907646 https://bugzilla.suse.com/907677 https://bugzilla.suse.com/907809 https://bugzilla.suse.com/908317 https://bugzilla.suse.com/908320 https://bugzilla.suse.com/908849 https://bugzilla.suse.com/909724 https://bugzilla.suse.com/910243 https://bugzilla.suse.com/910482 https://bugzilla.suse.com/910494 https://bugzilla.suse.com/911166 https://bugzilla.suse.com/911180 https://bugzilla.suse.com/911272 https://bugzilla.suse.com/911808 https://bugzilla.suse.com/912035 https://bugzilla.suse.com/912057 https://bugzilla.suse.com/912886 https://bugzilla.suse.com/913215 https://bugzilla.suse.com/913221 https://bugzilla.suse.com/913939 https://bugzilla.suse.com/914260 https://bugzilla.suse.com/914437 https://bugzilla.suse.com/914900 https://bugzilla.suse.com/915140 https://bugzilla.suse.com/919448 http://download.suse.com/patch/finder/?keywords=28749aa484a1278a0da11bc0677f8353 From sle-updates at lists.suse.com Thu Mar 26 17:04:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Mar 2015 00:04:45 +0100 (CET) Subject: SUSE-RU-2015:0612-1: Recommended update for vhostmd, vm-dump-metrics Message-ID: <20150326230445.AE5BE32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for vhostmd, vm-dump-metrics ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0612-1 Rating: low References: #872736 #917382 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides fixes and enhancements for vhostmd: * Build vhostmd for all supported architectures. (FATE#317817, bsc#917382) * Support both Xen and KVM hypervisors. (bsc#872736) * Replace xm commands with xl commands. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-vhostmd=10314 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vhostmd=10314 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 x86_64): vm-dump-metrics-0.4-0.7.1 vm-dump-metrics-devel-0.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 x86_64): vhostmd-0.4-0.7.1 vm-dump-metrics-0.4-0.7.1 References: https://bugzilla.suse.com/872736 https://bugzilla.suse.com/917382 http://download.suse.com/patch/finder/?keywords=8fa01ad8952c9bf53dab35d66e19fcca From sle-updates at lists.suse.com Fri Mar 27 03:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Mar 2015 10:04:54 +0100 (CET) Subject: SUSE-SU-2015:0613-1: important: Security update for Xen Message-ID: <20150327090454.A279332397@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0613-1 Rating: important References: #861318 #882089 #895528 #901488 #903680 #904255 #906996 #910254 #910681 #912011 #918995 #918998 #919098 #919464 #919663 Cross-References: CVE-2014-3615 CVE-2014-9065 CVE-2014-9066 CVE-2015-0361 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2152 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 7 fixes is now available. Description: The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed: - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. - CVE-2015-2044: XSA-121: Information leak via internal x86 system device emulation. - CVE-2015-2152: XSA-119: HVM qemu was unexpectedly enabling emulated VGA graphics backends. - CVE-2014-3615: Information leakage when guest sets high graphics resolution. - CVE-2015-0361: XSA-116: A xen crash due to use after free on hvm guest teardown. - CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation. Also the following bugs were fixed: - bnc#919098 - XEN blktap device intermittently fails to connect - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus - bnc#903680 - Problems with detecting free loop devices on Xen guest startup - bnc#861318 - xentop reports "Found interface vif101.0 but domain 101 does not exist." - Update seabios to rel-1.7.3.1 which is the correct version for Xen 4.4 - Enhancement to virsh/libvirtd "send-key" command The xen side small fix. (FATE#317240) - bnc#901488 - Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bnc#910254 - SLES11 SP3 Xen VT-d igb NIC doesn't work - Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239) - Restore missing fixes from block-dmmd script - bnc#904255 - XEN boot hangs in early boot on UEFI system - bsc#912011 - high ping latency after upgrade to latest SLES11SP3 on xen Dom0 - Fix missing banner by restoring the figlet program. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-147=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-147=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-147=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.1_10-9.1 xen-devel-4.4.1_10-9.1 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.1_10-9.1 xen-debugsource-4.4.1_10-9.1 xen-doc-html-4.4.1_10-9.1 xen-kmp-default-4.4.1_10_k3.12.36_38-9.1 xen-kmp-default-debuginfo-4.4.1_10_k3.12.36_38-9.1 xen-libs-32bit-4.4.1_10-9.1 xen-libs-4.4.1_10-9.1 xen-libs-debuginfo-32bit-4.4.1_10-9.1 xen-libs-debuginfo-4.4.1_10-9.1 xen-tools-4.4.1_10-9.1 xen-tools-debuginfo-4.4.1_10-9.1 xen-tools-domU-4.4.1_10-9.1 xen-tools-domU-debuginfo-4.4.1_10-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.1_10-9.1 xen-debugsource-4.4.1_10-9.1 xen-kmp-default-4.4.1_10_k3.12.36_38-9.1 xen-kmp-default-debuginfo-4.4.1_10_k3.12.36_38-9.1 xen-libs-32bit-4.4.1_10-9.1 xen-libs-4.4.1_10-9.1 xen-libs-debuginfo-32bit-4.4.1_10-9.1 xen-libs-debuginfo-4.4.1_10-9.1 References: http://support.novell.com/security/cve/CVE-2014-3615.html http://support.novell.com/security/cve/CVE-2014-9065.html http://support.novell.com/security/cve/CVE-2014-9066.html http://support.novell.com/security/cve/CVE-2015-0361.html http://support.novell.com/security/cve/CVE-2015-2044.html http://support.novell.com/security/cve/CVE-2015-2045.html http://support.novell.com/security/cve/CVE-2015-2151.html http://support.novell.com/security/cve/CVE-2015-2152.html https://bugzilla.suse.com/861318 https://bugzilla.suse.com/882089 https://bugzilla.suse.com/895528 https://bugzilla.suse.com/901488 https://bugzilla.suse.com/903680 https://bugzilla.suse.com/904255 https://bugzilla.suse.com/906996 https://bugzilla.suse.com/910254 https://bugzilla.suse.com/910681 https://bugzilla.suse.com/912011 https://bugzilla.suse.com/918995 https://bugzilla.suse.com/918998 https://bugzilla.suse.com/919098 https://bugzilla.suse.com/919464 https://bugzilla.suse.com/919663 From sle-updates at lists.suse.com Fri Mar 27 15:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Mar 2015 22:04:52 +0100 (CET) Subject: SUSE-RU-2015:0619-1: Recommended update for yast2-update Message-ID: <20150327210452.D2D0B32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0619-1 Rating: low References: #917896 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: When upgrading to a new Service Pack, YaST will display a list of locked packages in the package proposal summary. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-update=10337 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-update=10337 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-update=10337 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.17.25]: yast2-update-2.17.25-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.25]: yast2-update-2.17.25-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.17.25]: yast2-update-2.17.25-0.7.2 References: https://bugzilla.suse.com/917896 https://download.suse.com/patch/finder/?keywords=9465e4f2460b5df134abc16f77165ca4 From sle-updates at lists.suse.com Fri Mar 27 18:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Mar 2015 01:04:55 +0100 (CET) Subject: SUSE-SU-2015:0620-1: important: Security update for MySQL Message-ID: <20150328000455.5CE3D32369@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0620-1 Rating: important References: #857678 #868673 #878779 #901237 #914058 Cross-References: CVE-2012-5615 CVE-2014-0224 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0385 CVE-2015-0391 CVE-2015-0409 CVE-2015-0411 CVE-2015-0432 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 33 vulnerabilities is now available. It includes one version update. Description: The MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on: * http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html * http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html * http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779) Security Issues: * CVE-2015-0411 * CVE-2015-0382 * CVE-2015-0381 * CVE-2015-0391 * CVE-2015-0432 * CVE-2015-0409 * CVE-2014-6568 * CVE-2015-0385 * CVE-2015-0374 * CVE-2012-5615 * CVE-2014-0224 * CVE-2014-4274 * CVE-2014-4287 * CVE-2014-6463 * CVE-2014-6464 * CVE-2014-6469 * CVE-2014-6474 * CVE-2014-6478 * CVE-2014-6484 * CVE-2014-6489 * CVE-2014-6491 * CVE-2014-6494 * CVE-2014-6495 * CVE-2014-6496 * CVE-2014-6500 * CVE-2014-6505 * CVE-2014-6507 * CVE-2014-6520 * CVE-2014-6530 * CVE-2014-6551 * CVE-2014-6555 * CVE-2014-6559 * CVE-2014-6564 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmysql55client18=10387 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmysql55client18=10387 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmysql55client18=10387 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmysql55client18=10387 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.42-0.8.1 libmysqlclient_r15-32bit-5.0.96-0.6.20 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libmysql55client_r18-x86-5.5.42-0.8.1 libmysqlclient_r15-x86-5.0.96-0.6.20 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.42]: libmysql55client18-5.5.42-0.8.1 libmysql55client_r18-5.5.42-0.8.1 libmysqlclient15-5.0.96-0.6.20 libmysqlclient_r15-5.0.96-0.6.20 mysql-5.5.42-0.8.1 mysql-client-5.5.42-0.8.1 mysql-tools-5.5.42-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.42]: libmysql55client18-32bit-5.5.42-0.8.1 libmysqlclient15-32bit-5.0.96-0.6.20 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.42]: libmysql55client18-5.5.42-0.8.1 libmysql55client_r18-5.5.42-0.8.1 libmysqlclient15-5.0.96-0.6.20 libmysqlclient_r15-5.0.96-0.6.20 mysql-5.5.42-0.8.1 mysql-client-5.5.42-0.8.1 mysql-tools-5.5.42-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.42]: libmysql55client18-32bit-5.5.42-0.8.1 libmysqlclient15-32bit-5.0.96-0.6.20 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.42]: libmysql55client18-x86-5.5.42-0.8.1 libmysqlclient15-x86-5.0.96-0.6.20 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.42]: libmysql55client18-5.5.42-0.8.1 libmysql55client_r18-5.5.42-0.8.1 libmysqlclient15-5.0.96-0.6.20 libmysqlclient_r15-5.0.96-0.6.20 mysql-5.5.42-0.8.1 mysql-client-5.5.42-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.42]: libmysql55client18-32bit-5.5.42-0.8.1 libmysql55client_r18-32bit-5.5.42-0.8.1 libmysqlclient15-32bit-5.0.96-0.6.20 libmysqlclient_r15-32bit-5.0.96-0.6.20 References: https://www.suse.com/security/cve/CVE-2012-5615.html https://www.suse.com/security/cve/CVE-2014-0224.html https://www.suse.com/security/cve/CVE-2014-4274.html https://www.suse.com/security/cve/CVE-2014-4287.html https://www.suse.com/security/cve/CVE-2014-6463.html https://www.suse.com/security/cve/CVE-2014-6464.html https://www.suse.com/security/cve/CVE-2014-6469.html https://www.suse.com/security/cve/CVE-2014-6474.html https://www.suse.com/security/cve/CVE-2014-6478.html https://www.suse.com/security/cve/CVE-2014-6484.html https://www.suse.com/security/cve/CVE-2014-6489.html https://www.suse.com/security/cve/CVE-2014-6491.html https://www.suse.com/security/cve/CVE-2014-6494.html https://www.suse.com/security/cve/CVE-2014-6495.html https://www.suse.com/security/cve/CVE-2014-6496.html https://www.suse.com/security/cve/CVE-2014-6500.html https://www.suse.com/security/cve/CVE-2014-6505.html https://www.suse.com/security/cve/CVE-2014-6507.html https://www.suse.com/security/cve/CVE-2014-6520.html https://www.suse.com/security/cve/CVE-2014-6530.html https://www.suse.com/security/cve/CVE-2014-6551.html https://www.suse.com/security/cve/CVE-2014-6555.html https://www.suse.com/security/cve/CVE-2014-6559.html https://www.suse.com/security/cve/CVE-2014-6564.html https://www.suse.com/security/cve/CVE-2014-6568.html https://www.suse.com/security/cve/CVE-2015-0374.html https://www.suse.com/security/cve/CVE-2015-0381.html https://www.suse.com/security/cve/CVE-2015-0382.html https://www.suse.com/security/cve/CVE-2015-0385.html https://www.suse.com/security/cve/CVE-2015-0391.html https://www.suse.com/security/cve/CVE-2015-0409.html https://www.suse.com/security/cve/CVE-2015-0411.html https://www.suse.com/security/cve/CVE-2015-0432.html https://bugzilla.suse.com/857678 https://bugzilla.suse.com/868673 https://bugzilla.suse.com/878779 https://bugzilla.suse.com/901237 https://bugzilla.suse.com/914058 https://download.suse.com/patch/finder/?keywords=517a5816624f292e6bf06cda503a4300 From sle-updates at lists.suse.com Fri Mar 27 18:05:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Mar 2015 01:05:56 +0100 (CET) Subject: SUSE-SU-2015:0593-2: important: Security update for MozillaFirefox Message-ID: <20150328000556.4154832395@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0593-2 Rating: important References: #923534 Cross-References: CVE-2015-0817 CVE-2015-0818 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitrary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 * CVE-2015-0818 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-20150323=10528 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-20150323=10527 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 31.5.3esr]: MozillaFirefox-31.5.3esr-0.3.1 MozillaFirefox-translations-31.5.3esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 31.5.3esr]: MozillaFirefox-31.5.3esr-0.3.1 MozillaFirefox-translations-31.5.3esr-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-31.5.3esr-0.5.2 MozillaFirefox-translations-31.5.3esr-0.5.2 References: https://www.suse.com/security/cve/CVE-2015-0817.html https://www.suse.com/security/cve/CVE-2015-0818.html https://bugzilla.suse.com/923534 https://download.suse.com/patch/finder/?keywords=46e1d668433ddb6f934feef219ec5983 https://download.suse.com/patch/finder/?keywords=b6ab105b8070b709479f15ffdade4cf5 https://download.suse.com/patch/finder/?keywords=d22145407e04e2836b7712bde079dc1b From sle-updates at lists.suse.com Fri Mar 27 19:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Mar 2015 02:04:56 +0100 (CET) Subject: SUSE-RU-2015:0621-1: important: Recommended update for Linux kernel Message-ID: <20150328010456.0F67632369@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0621-1 Rating: important References: #864409 #924282 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to fix a severe regression. Due to a broken source patch, accessing NFSv4 servers as a client caused Oops messages and program hangs. (bsc#864409,bsc#924282) Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel=10545 slessp3-kernel=10549 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel=10545 slessp3-kernel=10546 slessp3-kernel=10547 slessp3-kernel=10548 slessp3-kernel=10549 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel=10545 slehasp3-kernel=10546 slehasp3-kernel=10547 slehasp3-kernel=10548 slehasp3-kernel=10549 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel=10545 sledsp3-kernel=10549 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.52.1 kernel-default-base-3.0.101-0.47.52.1 kernel-default-devel-3.0.101-0.47.52.1 kernel-source-3.0.101-0.47.52.1 kernel-syms-3.0.101-0.47.52.1 kernel-trace-3.0.101-0.47.52.1 kernel-trace-base-3.0.101-0.47.52.1 kernel-trace-devel-3.0.101-0.47.52.1 kernel-xen-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.52.1 kernel-pae-base-3.0.101-0.47.52.1 kernel-pae-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.52.1 kernel-default-base-3.0.101-0.47.52.1 kernel-default-devel-3.0.101-0.47.52.1 kernel-source-3.0.101-0.47.52.1 kernel-syms-3.0.101-0.47.52.1 kernel-trace-3.0.101-0.47.52.1 kernel-trace-base-3.0.101-0.47.52.1 kernel-trace-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.47.52.1 kernel-ec2-base-3.0.101-0.47.52.1 kernel-ec2-devel-3.0.101-0.47.52.1 kernel-xen-3.0.101-0.47.52.1 kernel-xen-base-3.0.101-0.47.52.1 kernel-xen-devel-3.0.101-0.47.52.1 xen-kmp-default-4.2.5_04_3.0.101_0.47.52-0.7.16 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-3.0.101-0.47.52.1 kernel-bigsmp-base-3.0.101-0.47.52.1 kernel-bigsmp-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.47.52.1 kernel-ppc64-base-3.0.101-0.47.52.1 kernel-ppc64-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.52.1 kernel-pae-base-3.0.101-0.47.52.1 kernel-pae-devel-3.0.101-0.47.52.1 xen-kmp-pae-4.2.5_04_3.0.101_0.47.52-0.7.16 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.47.52-2.28.1.13 cluster-network-kmp-trace-1.4_3.0.101_0.47.52-2.28.1.13 gfs2-kmp-default-2_3.0.101_0.47.52-0.17.1.13 gfs2-kmp-trace-2_3.0.101_0.47.52-0.17.1.13 ocfs2-kmp-default-1.6_3.0.101_0.47.52-0.21.1.13 ocfs2-kmp-trace-1.6_3.0.101_0.47.52-0.21.1.13 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.47.52-2.28.1.13 gfs2-kmp-xen-2_3.0.101_0.47.52-0.17.1.13 ocfs2-kmp-xen-1.6_3.0.101_0.47.52-0.21.1.13 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64): cluster-network-kmp-bigsmp-1.4_3.0.101_0.47.52-2.28.1.13 gfs2-kmp-bigsmp-2_3.0.101_0.47.52-0.17.1.13 ocfs2-kmp-bigsmp-1.6_3.0.101_0.47.52-0.21.1.13 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.47.52-2.28.1.13 gfs2-kmp-ppc64-2_3.0.101_0.47.52-0.17.1.13 ocfs2-kmp-ppc64-1.6_3.0.101_0.47.52-0.21.1.13 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.47.52-2.28.1.13 gfs2-kmp-pae-2_3.0.101_0.47.52-0.17.1.13 ocfs2-kmp-pae-1.6_3.0.101_0.47.52-0.21.1.13 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.52.1 kernel-default-base-3.0.101-0.47.52.1 kernel-default-devel-3.0.101-0.47.52.1 kernel-default-extra-3.0.101-0.47.52.1 kernel-source-3.0.101-0.47.52.1 kernel-syms-3.0.101-0.47.52.1 kernel-trace-devel-3.0.101-0.47.52.1 kernel-xen-3.0.101-0.47.52.1 kernel-xen-base-3.0.101-0.47.52.1 kernel-xen-devel-3.0.101-0.47.52.1 kernel-xen-extra-3.0.101-0.47.52.1 xen-kmp-default-4.2.5_04_3.0.101_0.47.52-0.7.16 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.52.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.52.1 kernel-pae-base-3.0.101-0.47.52.1 kernel-pae-devel-3.0.101-0.47.52.1 kernel-pae-extra-3.0.101-0.47.52.1 xen-kmp-pae-4.2.5_04_3.0.101_0.47.52-0.7.16 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.52.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.47.52.1 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-bigsmp-extra-3.0.101-0.47.52.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.47.52.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.47.52.1 References: https://bugzilla.suse.com/864409 https://bugzilla.suse.com/924282 https://download.suse.com/patch/finder/?keywords=4a3f8a315a135d48114e753fb2b2c8c9 https://download.suse.com/patch/finder/?keywords=6a8971ab16c3697186797442ff2265b5 https://download.suse.com/patch/finder/?keywords=735099161fdfa298ca6cdd1727d835d7 https://download.suse.com/patch/finder/?keywords=75fb251f228df4ea08dffb2b9410910b https://download.suse.com/patch/finder/?keywords=ad2c1cfb553474d65f32d4c2784a24a1 https://download.suse.com/patch/finder/?keywords=b040e216ad1ceb8576ca4a887f6449c2 https://download.suse.com/patch/finder/?keywords=bdf180359a15c675d7ca1bbb87e8cf66 https://download.suse.com/patch/finder/?keywords=d1a9a7c9f6b2f074b200318613035faf https://download.suse.com/patch/finder/?keywords=da2018045cfa85619493fdc93a177a96 https://download.suse.com/patch/finder/?keywords=eb95c00bb6596d3dd603b2a71ff3e9c8 From sle-updates at lists.suse.com Mon Mar 30 11:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Mar 2015 19:04:59 +0200 (CEST) Subject: SUSE-SU-2015:0630-1: important: Security update for MozillaFirefox Message-ID: <20150330170459.1CA0232395@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0630-1 Rating: important References: #923534 Cross-References: CVE-2015-0817 CVE-2015-0818 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-148=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-148=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-148=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-31.5.3esr-27.1 MozillaFirefox-debugsource-31.5.3esr-27.1 MozillaFirefox-devel-31.5.3esr-27.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-31.5.3esr-27.1 MozillaFirefox-debuginfo-31.5.3esr-27.1 MozillaFirefox-debugsource-31.5.3esr-27.1 MozillaFirefox-translations-31.5.3esr-27.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-31.5.3esr-27.1 MozillaFirefox-debuginfo-31.5.3esr-27.1 MozillaFirefox-debugsource-31.5.3esr-27.1 MozillaFirefox-translations-31.5.3esr-27.1 References: https://www.suse.com/security/cve/CVE-2015-0817.html https://www.suse.com/security/cve/CVE-2015-0818.html https://bugzilla.suse.com/923534 From sle-updates at lists.suse.com Mon Mar 30 11:14:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Mar 2015 19:14:55 +0200 (CEST) Subject: SUSE-RU-2015:0633-1: Recommended update for SUSE Linux Enterprise Desktop documentation Message-ID: <20150330171455.CB2EB32395@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Linux Enterprise Desktop documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0633-1 Rating: low References: #913640 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The manuals for SUSE Linux Enterprise Desktop have been updated to the latest revision. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sled-admin_en-pdf=10334 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch): sled-admin_en-pdf-11.3-0.28.29.2 sled-apps_en-pdf-11.3-0.28.29.2 sled-deployment_en-pdf-11.3-0.28.29.2 sled-gnomequick_en-pdf-11.3-0.28.29.2 sled-gnomeuser_en-pdf-11.3-0.28.29.2 sled-installquick_en-pdf-11.3-0.28.29.2 sled-kdequick_en-pdf-11.3-0.28.29.2 sled-kdeuser_en-pdf-11.3-0.28.29.2 sled-libreofficequick_en-pdf-11.3-0.28.29.2 sled-manuals_en-11.3-0.28.29.2 sled-security_en-pdf-11.3-0.28.29.2 sled-tuning_en-pdf-11.3-0.28.29.2 sled-xen_en-pdf-11.3-0.28.29.2 References: https://bugzilla.suse.com/913640 https://download.suse.com/patch/finder/?keywords=3701b00e880a361c1ec23a198392295f From sle-updates at lists.suse.com Mon Mar 30 13:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Mar 2015 21:04:51 +0200 (CEST) Subject: SUSE-RU-2015:0635-1: Recommended update for irqbalance Message-ID: <20150330190451.312A232395@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0635-1 Rating: low References: #852541 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance suppresses a warning about missing MSI data in sysfs if a re-scan is pending. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-irqbalance=10438 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-irqbalance=10438 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-irqbalance=10438 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): irqbalance-1.0.4-0.13.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): irqbalance-1.0.4-0.13.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): irqbalance-1.0.4-0.13.3 References: https://bugzilla.suse.com/852541 https://download.suse.com/patch/finder/?keywords=b992ae4a6d5a686654e5d6073a87d3fa From sle-updates at lists.suse.com Tue Mar 31 08:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Mar 2015 16:04:59 +0200 (CEST) Subject: SUSE-RU-2015:0638-1: moderate: Recommended update for systemd, aaa_base Message-ID: <20150331140459.E333932395@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd, aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0638-1 Rating: moderate References: #897799 #897803 #898233 #901481 #902240 #902901 #903009 #903963 #904517 #904828 #905550 #906709 #907318 #907393 #908476 #910315 #910643 #911347 #912030 #916420 #918118 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: systemd and aaa_base have been updated to fix the following bugs: - Add path_id_compat for backwards compatibility with SLE11 (bsc#916420). - Do not watch for socket events when service is in SERVICE_STOP (bsc#918118) - Increase number of children/workers to CPU_COUNT * 64 to avoid 'maximum number of children reached' (bsc#907393). - udev: link_setup - respect kernel name assign policy (bsc#907318). - sync with patches from Base:System:Legacy (bsc#910315) - Remove superfluous set -x from systemd-sleep-grub (bsc#905550) - Make sure that quotacheck is executed after fsck for system root is finished (bsc#897799) - Add missed keyboard layouts which are offered by YaST2 (bsc#910643 and bsc#897803) - Due to fragmentation, journal flushes on btrfs could take very long (bsc#911347) - Fixed comparison of console log facility that caused journald to skip output to console (bsc#912030) - Add user based ignore statements in tmpfiles removal directives. This feature was previously implemented by scripts in aaa_base, which are being removed by this update. (bsc#903009) - Use --boot option in systemd-tmpfiles-setup-dev.service (bsc#908476) - udev: link_setup - respect kernel name assign policy (bsc#907318). - Avoid old net devices naming scheme on openSUSE 13.2 and less maybe caused by patch - Fix systemd-nspawn network-veth support (bsc#906709) - Change the maximum number of children from CPU_COUNT * 256 to CPU_COUNT * 64. (bsc#907393). - Re-add directory /usr/lib/systemd/system/basic.target.wants - Remove pm-utils-hooks-compat.sh again, pm-utils built-in hooks partially duplicate hooks run by systemd which may potentially lead to problems, instead temporarily re-enable Forward-suspend-hibernate-calls-to-pm-utils.patch until bsc#904828 can be addressed properly - Allow the use of --type in the systemctl command list-units and list-unit-files. - Create rule to set I/O scheduler to deadline if device attribute 'rotational' equals 0, usually SSDs (bsc#904517). - Fix systemd-fstab-generator crypttab parsing (bsc#903963) - Add pm-utils-hooks-compat.sh in order to run pm-utils sleep hooks from systemd (bsc#904828) - Add patch watch_resolv.conf_for_become_changed.patch to add an inotify watch on /etc/resolv.conf which enables the reload of a changed resolver configuration on the fly (bsc#902901) - Add upstream patches which will be applied if patch is applied a this may fix the trouble with iSCSI (bsc#898233) - Add upstream patch 1089-fix-cgroup-device-controller.patch to avoid trouble on existing /dev/console with nspawn (bsc#902240) - Add patch to close file descriptors if an incomming connection can not be handled due e.g. short memory. Could be related to (bsc#901481) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-149=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-149=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-149=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): aaa_base-debuginfo-13.2+git20140911.61c1681-3.1 aaa_base-debugsource-13.2+git20140911.61c1681-3.1 aaa_base-malloccheck-13.2+git20140911.61c1681-3.1 libgudev-1_0-devel-210-55.2 libudev-devel-210-55.2 systemd-debuginfo-210-55.2 systemd-debugsource-210-55.2 systemd-devel-210-55.2 typelib-1_0-GUdev-1_0-210-55.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): aaa_base-13.2+git20140911.61c1681-3.1 aaa_base-debuginfo-13.2+git20140911.61c1681-3.1 aaa_base-debugsource-13.2+git20140911.61c1681-3.1 aaa_base-extras-13.2+git20140911.61c1681-3.1 libgudev-1_0-0-210-55.2 libgudev-1_0-0-debuginfo-210-55.2 libudev1-210-55.2 libudev1-debuginfo-210-55.2 systemd-210-55.2 systemd-debuginfo-210-55.2 systemd-debugsource-210-55.2 systemd-sysvinit-210-55.2 udev-210-55.2 udev-debuginfo-210-55.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgudev-1_0-0-32bit-210-55.2 libgudev-1_0-0-debuginfo-32bit-210-55.2 libudev1-32bit-210-55.2 libudev1-debuginfo-32bit-210-55.2 systemd-32bit-210-55.2 systemd-debuginfo-32bit-210-55.2 - SUSE Linux Enterprise Server 12 (noarch): systemd-bash-completion-210-55.2 - SUSE Linux Enterprise Desktop 12 (x86_64): aaa_base-13.2+git20140911.61c1681-3.1 aaa_base-debuginfo-13.2+git20140911.61c1681-3.1 aaa_base-debugsource-13.2+git20140911.61c1681-3.1 aaa_base-extras-13.2+git20140911.61c1681-3.1 libgudev-1_0-0-210-55.2 libgudev-1_0-0-32bit-210-55.2 libgudev-1_0-0-debuginfo-210-55.2 libgudev-1_0-0-debuginfo-32bit-210-55.2 libudev1-210-55.2 libudev1-32bit-210-55.2 libudev1-debuginfo-210-55.2 libudev1-debuginfo-32bit-210-55.2 systemd-210-55.2 systemd-32bit-210-55.2 systemd-debuginfo-210-55.2 systemd-debuginfo-32bit-210-55.2 systemd-debugsource-210-55.2 systemd-sysvinit-210-55.2 udev-210-55.2 udev-debuginfo-210-55.2 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-bash-completion-210-55.2 References: https://bugzilla.suse.com/897799 https://bugzilla.suse.com/897803 https://bugzilla.suse.com/898233 https://bugzilla.suse.com/901481 https://bugzilla.suse.com/902240 https://bugzilla.suse.com/902901 https://bugzilla.suse.com/903009 https://bugzilla.suse.com/903963 https://bugzilla.suse.com/904517 https://bugzilla.suse.com/904828 https://bugzilla.suse.com/905550 https://bugzilla.suse.com/906709 https://bugzilla.suse.com/907318 https://bugzilla.suse.com/907393 https://bugzilla.suse.com/908476 https://bugzilla.suse.com/910315 https://bugzilla.suse.com/910643 https://bugzilla.suse.com/911347 https://bugzilla.suse.com/912030 https://bugzilla.suse.com/916420 https://bugzilla.suse.com/918118 From sle-updates at lists.suse.com Tue Mar 31 09:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Mar 2015 17:04:56 +0200 (CEST) Subject: SUSE-SU-2015:0639-1: moderate: Security update for postgresql91 Message-ID: <20150331150456.18EFB32395@maintenance.suse.de> SUSE Security Update: Security update for postgresql91 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0639-1 Rating: moderate References: #916953 Cross-References: CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 Affected Products: SUSE Manager Server SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues: * Fix buffer overruns in to_char() (CVE-2015-0241). * Fix buffer overrun in replacement *printf() functions (CVE-2015-0242). * Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243). * Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244). * Fix information leak via constraint-violation error messages (CVE-2014-8161). For a comprehensive list of fixes, please refer to the following release notes: * http://www.postgresql.org/docs/9.1/static/release-9-1-15.html * http://www.postgresql.org/docs/9.1/static/release-9-1-14.html * http://www.postgresql.org/docs/9.1/static/release-9-1-13.html Security Issues: * CVE-2015-0241 * CVE-2015-0243 * CVE-2015-0244 * CVE-2014-8161 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-postgresql91-201503=10389 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-postgresql91-201503=10389 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-postgresql91-201503=10389 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-postgresql91-201503=10389 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-postgresql91-201503=10389 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64) [New Version: 9.1.15]: postgresql91-pltcl-9.1.15-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.1.15]: postgresql91-devel-9.1.15-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.1.15]: libecpg6-9.1.15-0.3.1 libpq5-9.1.15-0.3.1 postgresql91-9.1.15-0.3.1 postgresql91-contrib-9.1.15-0.3.1 postgresql91-docs-9.1.15-0.3.1 postgresql91-server-9.1.15-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.1.15]: libpq5-32bit-9.1.15-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.1.15]: libecpg6-9.1.15-0.3.1 libpq5-9.1.15-0.3.1 postgresql91-9.1.15-0.3.1 postgresql91-contrib-9.1.15-0.3.1 postgresql91-docs-9.1.15-0.3.1 postgresql91-server-9.1.15-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.1.15]: libpq5-32bit-9.1.15-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.1.15]: libecpg6-9.1.15-0.3.1 libpq5-9.1.15-0.3.1 postgresql91-9.1.15-0.3.1 postgresql91-docs-9.1.15-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.1.15]: libpq5-32bit-9.1.15-0.3.1 References: https://www.suse.com/security/cve/CVE-2014-8161.html https://www.suse.com/security/cve/CVE-2015-0241.html https://www.suse.com/security/cve/CVE-2015-0243.html https://www.suse.com/security/cve/CVE-2015-0244.html https://bugzilla.suse.com/916953 https://download.suse.com/patch/finder/?keywords=ea87b69c48107b51a3e79bed236f6663 From sle-updates at lists.suse.com Tue Mar 31 11:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Mar 2015 19:04:55 +0200 (CEST) Subject: SUSE-OU-2015:0641-1: Optional update for yast2-docker Message-ID: <20150331170455.F137832395@maintenance.suse.de> SUSE Optional Update: Optional update for yast2-docker ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0641-1 Rating: low References: #899104 #912733 #920638 #920645 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has four optional fixes can now be installed. Description: This update provides yast2-docker, an easy to use graphical user interface to manage Docker containers. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-150=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): docker-1.5.0-23.1 docker-debuginfo-1.5.0-23.1 docker-debugsource-1.5.0-23.1 ruby2.1-rubygem-archive-tar-minitar-0.5.2-2.2 ruby2.1-rubygem-docker-api-1.17.0-2.2 ruby2.1-rubygem-excon-0.39.6-2.2 - SUSE Linux Enterprise Server 12 (noarch): yast2-docker-3.1.3-6.1 References: https://bugzilla.suse.com/899104 https://bugzilla.suse.com/912733 https://bugzilla.suse.com/920638 https://bugzilla.suse.com/920645