From sle-updates at lists.suse.com Mon Aug 1 14:08:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2016 22:08:34 +0200 (CEST) Subject: SUSE-RU-2016:1935-1: moderate: Recommended update for crowbar-ceph Message-ID: <20160801200834.8BCF4FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1935-1 Rating: moderate References: #961108 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-ceph fixes the following issues: - Update incorrect caps instead recreating whole client key, (bsc#961108) - Raise when no caps defined for ceph_client resource Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1130=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1130=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-ceph-3.0+git.1458296240.8abd23d-5.1 - SUSE Enterprise Storage 2.1 (noarch): crowbar-ceph-3.0+git.1458296240.8abd23d-5.1 References: https://bugzilla.suse.com/961108 From sle-updates at lists.suse.com Tue Aug 2 07:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2016 15:08:42 +0200 (CEST) Subject: SUSE-RU-2016:1936-1: Recommended update for ucode-intel Message-ID: <20160802130842.01768FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1936-1 Rating: low References: #986034 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20160714. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1132=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1132=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): ucode-intel-20160714-9.1 ucode-intel-debuginfo-20160714-9.1 ucode-intel-debugsource-20160714-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ucode-intel-20160714-9.1 ucode-intel-debuginfo-20160714-9.1 ucode-intel-debugsource-20160714-9.1 References: https://bugzilla.suse.com/986034 From sle-updates at lists.suse.com Tue Aug 2 08:09:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2016 16:09:11 +0200 (CEST) Subject: SUSE-SU-2016:1937-1: important: Security update for the Linux Kernel Message-ID: <20160802140911.70E2CFFA3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1937-1 Rating: important References: #662458 #676471 #897662 #928547 #944309 #945345 #947337 #950998 #951844 #953048 #953233 #954847 #956491 #957805 #957986 #957990 #958390 #958463 #960857 #962742 #962846 #963762 #964727 #965087 #966245 #967640 #968667 #969016 #970114 #970506 #970604 #970609 #970948 #971049 #971770 #971947 #972124 #972933 #973378 #973499 #973570 #974165 #974308 #974620 #974646 #974692 #975533 #975772 #975788 #976739 #976821 #976868 #977417 #977582 #977685 #978401 #978469 #978527 #978822 #979169 #979213 #979347 #979419 #979485 #979489 #979521 #979548 #979867 #979879 #979922 #980246 #980348 #980371 #980706 #981038 #981143 #981344 #982282 #982354 #982544 #982698 #983143 #983213 #983318 #983394 #983721 #983904 #983977 #984148 #984456 #984755 #985232 #985978 #986362 #986569 #986572 #986811 #988215 #988498 #988552 Cross-References: CVE-2014-9717 CVE-2014-9904 CVE-2015-7833 CVE-2015-8539 CVE-2015-8551 CVE-2015-8552 CVE-2015-8845 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2847 CVE-2016-3672 CVE-2016-3707 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-4997 CVE-2016-5244 CVE-2016-5828 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP1 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 76 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.61 to receive various security and bugfixes. Main feature additions: - Improved support for Clustered File System (CephFS, fate#318586). The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - Add wait_event_cmd() (bsc#953048). - Btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - Btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - Btrfs: do not return EBUSY on concurrent subvolume mounts (bsc#951844). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#977685). - Btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - Btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - CacheFiles: Fix incorrect test for in-memory object collision (bsc#971049). - CacheFiles: Handle object being killed before being set up (bsc#971049). - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521). - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521). - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521). - EDAC/sb_edac: Fix computation of channel address (bsc#979521). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - FS-Cache: Add missing initialization of ret in cachefiles_write_page() (bsc#971049). - FS-Cache: Count culled objects and objects rejected due to lack of space (bsc#971049). - FS-Cache: Fix cancellation of in-progress operation (bsc#971049). - FS-Cache: Handle a new operation submitted against a killed object (bsc#971049). - FS-Cache: Move fscache_report_unexpected_submission() to make it more available (bsc#971049). - FS-Cache: Out of line fscache_operation_init() (bsc#971049). - FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations too (bsc#971049). - FS-Cache: Put an aborted initialised op so that it is accounted correctly (bsc#971049). - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049). - FS-Cache: Synchronise object death state change vs operation submission (bsc#971049). - FS-Cache: The operation cancellation method needs calling in more places (bsc#971049). - FS-Cache: Timeout for releasepage() (bsc#971049). - FS-Cache: When submitting an op, cancel it if the target object is dying (bsc#971049). - FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - Fix kabi issue (bsc#971049). - Input: i8042 - lower log level for "no controller" message (bsc#945345). - KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - NVMe: Unify controller probe and resume (bsc#979347). - NVMe: init nvme queue before enabling irq (bsc#662458). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Revert "scsi: fix soft lockup in scsi_remove_target() on module removal" (bsc#970609). - SCSI: Increase REPORT_LUNS timeout (bsc#982282). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570). - Use mainline variant of hyperv KVP IP failover patch (bnc#978527) - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417). - Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - base: make module_create_drivers_dir race-free (bnc#983977). - block: do not check request size in blk_cloned_rq_check_limits() (bsc#972124). - cachefiles: perform test on s_blocksize when opening cache file (bsc#971049). - cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552). - ceph fscache: Introduce a routine for uncaching single no data page from fscache. - ceph fscache: Uncaching no data page from fscache in readpage(). - ceph: Asynchronous IO support. - ceph: Avoid to propagate the invalid page point. - ceph: Clean up if error occurred in finish_read(). - ceph: EIO all operations after forced umount. - ceph: Implement writev/pwritev for sync operation. - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: add acl for cephfs. - ceph: add acl, noacl options for cephfs mount. - ceph: add get_name() NFS export callback. - ceph: add get_parent() NFS export callback. - ceph: add imported caps when handling cap export message. - ceph: add inline data to pagecache. - ceph: add missing init_acl() for mkdir() and atomic_open(). - ceph: add open export target session helper. - ceph: add request to i_unsafe_dirops when getting unsafe reply. - ceph: additional debugfs output. - ceph: always re-send cap flushes when MDS recovers. - ceph: avoid block operation when !TASK_RUNNING (ceph_get_caps). - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_close_sessions). - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_sync). - ceph: avoid releasing caps that are being used. - ceph: avoid sending unnessesary FLUSHSNAP message. - ceph: avoid useless ceph_get_dentry_parent_inode() in ceph_rename(). - ceph: cast PAGE_SIZE to size_t in ceph_sync_write(). - ceph: ceph_frag_contains_value can be boolean. - ceph: ceph_get_parent() can be static. - ceph: check OSD caps before read/write. - ceph: check buffer size in ceph_vxattrcb_layout(). - ceph: check caps in filemap_fault and page_mkwrite. - ceph: check directory's completeness before emitting directory entry. - ceph: check inode caps in ceph_d_revalidate. - ceph: check unsupported fallocate mode. - ceph: check zero length in ceph_sync_read(). - ceph: checking for IS_ERR instead of NULL. - ceph: cleanup unsafe requests when reconnecting is denied. - ceph: cleanup use of ceph_msg_get. - ceph: clear directory's completeness when creating file. - ceph: convert inline data to normal data before data write. - ceph: do not assume r_old_dentry[_dir] always set together. - ceph: do not chain inode updates to parent fsync. - ceph: do not grabs open file reference for aborted request. - ceph: do not include ceph.{file,dir}.layout vxattr in listxattr(). - ceph: do not include used caps in cap_wanted. - ceph: do not invalidate page cache when inode is no longer used. - ceph: do not mark dirty caps when there is no auth cap. - ceph: do not pre-allocate space for cap release messages. - ceph: do not set r_old_dentry_dir on link(). - ceph: do not trim auth cap when there are cap snaps. - ceph: do not zero i_wrbuffer_ref when reconnecting is denied. - ceph: drop cap releases in requests composed before cap reconnect. - ceph: drop extra open file reference in ceph_atomic_open(). - ceph: drop unconnected inodes. - ceph: exclude setfilelock requests when calculating oldest tid. - ceph: export ceph_session_state_name function. - ceph: fetch inline data when getting Fcr cap refs. - ceph: fix __dcache_readdir(). - ceph: fix a comment typo. - ceph: fix append mode write. - ceph: fix atomic_open snapdir. - ceph: fix bool assignments. - ceph: fix cache revoke race. - ceph: fix ceph_dir_llseek(). - ceph: fix ceph_fh_to_parent(). - ceph: fix ceph_removexattr(). - ceph: fix ceph_set_acl(). - ceph: fix ceph_writepages_start(). - ceph: fix dcache/nocache mount option. - ceph: fix dentry leaks. - ceph: fix directory fsync. - ceph: fix divide-by-zero in __validate_layout(). - ceph: fix double page_unlock() in page_mkwrite(). - ceph: fix dout() compile warnings in ceph_filemap_fault(). - ceph: fix file lock interruption. - ceph: fix flush tid comparision. - ceph: fix flushing caps. - ceph: fix llistxattr on symlink. - ceph: fix message length computation. - ceph: fix mksnap crash. - ceph: fix null pointer dereference in send_mds_reconnect(). - ceph: fix pr_fmt() redefinition. - ceph: fix queuing inode to mdsdir's snaprealm. - ceph: fix reading inline data when i_size greater than PAGE_SIZE. - ceph: fix request time stamp encoding. - ceph: fix reset_readdir(). - ceph: fix setting empty extended attribute. - ceph: fix sizeof(struct tYpO *) typo. - ceph: fix snap context leak in error path. - ceph: fix trim caps. - ceph: fix uninline data function. - ceph: flush cap release queue when trimming session caps. - ceph: flush inline version. - ceph: forbid mandatory file lock. - ceph: fscache: Update object store limit after file writing. - ceph: fscache: Wait for completion of object initialization. - ceph: fscache: add an interface to synchronize object store limit. - ceph: get inode size for each append write. - ceph: handle -ESTALE reply. - ceph: handle SESSION_FORCE_RO message. - ceph: handle cap export race in try_flush_caps(). - ceph: handle cap import atomically. - ceph: handle frag mismatch between readdir request and reply. - ceph: handle race between cap reconnect and cap release. - ceph: handle session flush message. - ceph: hold on to exclusive caps on complete directories. - ceph: implement readv/preadv for sync operation. - ceph: improve readahead for file holes. - ceph: improve reference tracking for snaprealm. - ceph: include time stamp in every MDS request. - ceph: include time stamp in replayed MDS requests. - ceph: initial CEPH_FEATURE_FS_FILE_LAYOUT_V2 support. - ceph: initialize inode before instantiating dentry. - ceph: introduce a new inode flag indicating if cached dentries are ordered. - ceph: introduce ceph_fill_fragtree(). - ceph: introduce global empty snap context. - ceph: invalidate dirty pages after forced umount. - ceph: keep i_snap_realm while there are writers. - ceph: kstrdup() memory handling. - ceph: let MDS adjust readdir 'frag'. - ceph: make ceph_forget_all_cached_acls() static inline. - ceph: make fsync() wait unsafe requests that created/modified inode. - ceph: make sure syncfs flushes all cap snaps. - ceph: make sure write caps are registered with auth MDS. - ceph: match wait_for_completion_timeout return type. - ceph: message versioning fixes. - ceph: move ceph_find_inode() outside the s_mutex. - ceph: move spinlocking into ceph_encode_locks_to_buffer and ceph_count_locks. - ceph: no need to get parent inode in ceph_open. - ceph: parse inline data in MClientReply and MClientCaps. - ceph: pre-allocate ceph_cap struct for ceph_add_cap(). - ceph: pre-allocate data structure that tracks caps flushing. - ceph: preallocate buffer for readdir reply. - ceph: print inode number for LOOKUPINO request. - ceph: properly apply umask when ACL is enabled. - ceph: properly handle XATTR_CREATE and XATTR_REPLACE. - ceph: properly mark empty directory as complete. - ceph: properly release page upon error. - ceph: properly zero data pages for file holes. - ceph: provide seperate {inode,file}_operations for snapdir. - ceph: queue cap release in __ceph_remove_cap(). - ceph: queue vmtruncate if necessary when handing cap grant/revoke. - ceph: ratelimit warn messages for MDS closes session. - ceph: re-send AIO write request when getting -EOLDSNAP error. - ceph: re-send flushing caps (which are revoked) in reconnect stage. - ceph: re-send requests when MDS enters reconnecting stage. - ceph: refactor readpage_nounlock() to make the logic clearer. - ceph: remember subtree root dirfrag's auth MDS. - ceph: remove exported caps when handling cap import message. - ceph: remove outdated frag information. - ceph: remove redundant code for max file size verification. - ceph: remove redundant declaration. - ceph: remove redundant memset(0). - ceph: remove redundant test of head->safe and silence static analysis warnings. - ceph: remove the useless judgement. - ceph: remove unused functions in ceph_frag.h. - ceph: remove unused stringification macros. - ceph: remove useless ACL check. - ceph: remove xattr when null value is given to setxattr(). - ceph: rename snapshot support. - ceph: replace comma with a semicolon. - ceph: request xattrs if xattr_version is zero. - ceph: reserve caps for file layout/lock MDS requests. - ceph: reset r_resend_mds after receiving -ESTALE. - ceph: return error for traceless reply race. - ceph: rework dcache readdir. - ceph: send TID of the oldest pending caps flush to MDS. - ceph: send client metadata to MDS. - ceph: set caps count after composing cap reconnect message. - ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference. - ceph: set mds_wanted when MDS reply changes a cap to auth cap. - ceph: show nocephx_require_signatures and notcp_nodelay options. - ceph: show non-default options only. - ceph: simplify ceph_fh_to_dentry(). - ceph: simplify two mount_timeout sites. - ceph: skip invalid dentry during dcache readdir. - ceph: support inline data feature. - ceph: switch some GFP_NOFS memory allocation to GFP_KERNEL. - ceph: sync read inline data. - ceph: take snap_rwsem when accessing snap realm's cached_context. - ceph: tolerate bad i_size for symlink inode (bsc#985232). - ceph: track pending caps flushing accurately. - ceph: track pending caps flushing globally. - ceph: trim unused inodes before reconnecting to recovering MDS. - ceph: trivial comment fix. - ceph: update i_max_size even if inode version does not change. - ceph: update inode fields according to issued caps. - ceph: use %zu for len in ceph_fill_inline_data(). - ceph: use ceph_seq_cmp() to compare migrate_seq. - ceph: use empty snap context for uninline_data and get_pool_perm. - ceph: use fl->fl_file as owner identifier of flock and posix lock. - ceph: use fl->fl_type to decide flock operation. - ceph: use fpos_cmp() to compare dentry positions. - ceph: use getattr request to fetch inline data. - ceph: use i_size_{read,write} to get/set i_size. - ceph: use msecs_to_jiffies for time conversion. - ceph: use pagelist to present MDS request data. - ceph: use truncate_pagecache() instead of truncate_inode_pages(). - ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure. - client: include kernel version in client metadata. - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - crush: add chooseleaf_stable tunable. - crush: decode and initialize chooseleaf_stable. - crush: ensure bucket id is valid before indexing buckets array. - crush: ensure take bucket value is valid. - crush: fix crash from invalid 'take' argument. - crush: sync up with userspace. - crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode (bsc#958390). - crypto: testmgr - mark authenticated ctr(aes) also as FIPS able (bsc#958390). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screen_info struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - fs/ceph/debugfs.c: replace seq_printf by seq_puts. - fs/ceph: replace pr_warning by pr_warn. - hid-elo: kill not flush the work (bnc#982354). - hv: util: Pass the channel information during the init call (bnc#978527). - hv: utils: Invoke the poll function after handshake (bnc#978527). - hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read(). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes (bnc#979922, LTC#141736). - kabi/severities: Allow changes in zpci_* symbols (bsc#974692) - kabi/severities: Whitelist libceph and rbd (bsc#964727). - kabi/severities: Whitelist libceph and rbd. - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846). - kgraft/gfs2: Do not block livepatching in the log daemon for too long. - kgraft/xen: Do not block livepatching in the XEN blkif kthread. - libceph: Avoid holding the zero page on ceph_msgr_slab_init errors. - libceph: Fix ceph_tcp_sendpage()'s more boolean usage. - libceph: MOSDOpReply v7 encoding. - libceph: Remove spurious kunmap() of the zero page. - libceph: a couple tweaks for wait loops. - libceph: add nocephx_sign_messages option. - libceph: advertise support for TUNABLES5. - libceph: advertise support for keepalive2. - libceph: allow setting osd_req_op's flags. - libceph: check data_len in ->alloc_msg(). - libceph: clear messenger auth_retry flag if we fault. - libceph: clear msg->con in ceph_msg_release() only. - libceph: do not access invalid memory in keepalive2 path. - libceph: do not spam dmesg with stray reply warnings. - libceph: drop authorizer check from cephx msg signing routines. - libceph: evaluate osd_req_op_data() arguments only once. - libceph: fix authorizer invalidation, take 2. - libceph: fix ceph_msg_revoke(). - libceph: fix wrong name "Ceph filesystem for Linux". - libceph: handle writefull for OSD op extent init (bsc#980706). - libceph: introduce ceph_x_authorizer_cleanup(). - libceph: invalidate AUTH in addition to a service ticket. - libceph: kill off ceph_x_ticket_handler::validity. - libceph: move ceph_file_layout helpers to ceph_fs.h. - libceph: msg signing callouts do not need con argument. - libceph: nuke time_sub(). - libceph: properly release STAT request's raw_data_in. - libceph: remove con argument in handle_reply(). - libceph: remove outdated comment. - libceph: remove the unused macro AES_KEY_SIZE. - libceph: rename con_work() to ceph_con_workfn(). - libceph: set 'exists' flag for newly up osd. - libceph: stop duplicating client fields in messenger. - libceph: store timeouts in jiffies, verify user input. - libceph: treat sockaddr_storage with uninitialized family as blank. - libceph: use keepalive2 to verify the mon session is alive. - libceph: use list_for_each_entry_safe. - libceph: use list_next_entry instead of list_entry_next. - libceph: use local variable cursor instead of msg->cursor. - libceph: use the right footer size when skipping a message. - libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846). - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE. - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048). - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048). - md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048). - md/raid5: change ->>inactive_blocked to a bit-flag (bsc#953048). - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripe_head management. - md/raid5: consider updating reshape_position at start of reshape (bsc#953048). - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048). - md/raid5: do not let shrink_slab shrink too far (bsc#953048). - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix init_stripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048). - md/raid5: fix newly-broken locking in get_active_stripe. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore released_stripes check (bsc#953048). - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048). - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048). - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048). - md/raid5: need_this_block: tidy/fix last condition (bsc#953048). - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048). - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048). - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list. - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048). - md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048). - md/raid5: separate large if clause out of fetch_block() (bsc#953048). - md/raid5: separate out the easy conditions in need_this_block (bsc#953048). - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048). - md/raid5: strengthen check on reshape_position at run (bsc#953048). - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md/raid5: use bio_list for the list of bios to return (bsc#953048). - md: be careful when testing resync_max against curr_resync_completed (bsc#953048). - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048). - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048). - mds: check cap ID when handling cap export message. - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mmc: sdhci: Allow for irq being shared (bnc#977582). - mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (bsc#967640). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - net: fix wrong mac_len calculation for vlans (bsc#968667). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: do not poll the CQ from the kthread (bsc#975788, bsc#965087). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel (bsc at 976821). - powerpc/book3s64: Remove __end_handlers marker (bsc#976821). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: Retry R5_ReadNoMerge flag when hit a read error. - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: batch adjacent full stripe write (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - raid5: check_reshape() shouldn't call mddev_suspend (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: get_active_stripe avoids device_lock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: make_request does less prepare wait. - raid5: relieve lock contention in get_active_stripe(). - raid5: relieve lock contention in get_active_stripe(). - raid5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - raid5: speedup sync_request processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flex_array for scribble data (bsc#953048). - rbd: bump queue_max_segments. - rbd: delete an unnecessary check before rbd_dev_destroy(). - rbd: do not free rbd_dev outside of the release callback. - rbd: do not put snap_context twice in rbd_queue_workfn(). - rbd: drop null test before destroy functions. - rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394). - rbd: plug rbd_dev->header.object_prefix memory leak. - rbd: rbd_wq comment is obsolete. - rbd: remove duplicate calls to rbd_dev_mapping_clear(). - rbd: report unsupported features to syslog (bsc#979169). - rbd: return -ENOMEM instead of pool id if rbd_dev_create() fails. - rbd: set device_type::release instead of device::release. - rbd: set max_sectors explicitly. - rbd: store rbd_options in rbd_device. - rbd: terminate rbd_opts_tokens with Opt_err. - rbd: timeout watch teardown on unmap with mount_timeout. - rbd: use writefull op for object size writes. - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c. - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/pci: add extra padding to function measurement block (bnc#974692, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#974692, LTC#139445). - s390/pci: extract software counters from fmb (bnc#974692, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#974692, LTC#139444). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#974692, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#974692, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#974692, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#974692, LTC#139442). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138). - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sb_edac: Fix support for systems with two home agents per socket (bsc#979521). - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521). - sb_edac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - scsi-bnx2fc-handle_scsi_retry_delay - scsi-bnx2fc-soft_lockup_when_rmmod - scsi: Avoid crashing if device uses DIX but adapter does not support it (bsc#969016). - sd: get disk reference in sd_check_events() (bnc#897662). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - vgaarb: Add more context to error messages (bsc#976868). - wait: introduce wait_event_exclusive_cmd (bsc#953048). - x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521). - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: standardize mmap_rnd() usage (bnc#974308). - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2016-1133=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): kernel-compute-3.12.61-60.18.1 kernel-compute-base-3.12.61-60.18.1 kernel-compute-base-debuginfo-3.12.61-60.18.1 kernel-compute-debuginfo-3.12.61-60.18.1 kernel-compute-debugsource-3.12.61-60.18.1 kernel-compute-devel-3.12.61-60.18.1 kernel-compute_debug-debuginfo-3.12.61-60.18.1 kernel-compute_debug-debugsource-3.12.61-60.18.1 kernel-compute_debug-devel-3.12.61-60.18.1 kernel-compute_debug-devel-debuginfo-3.12.61-60.18.1 kernel-rt-3.12.61-60.18.1 kernel-rt-base-3.12.61-60.18.1 kernel-rt-base-debuginfo-3.12.61-60.18.1 kernel-rt-debuginfo-3.12.61-60.18.1 kernel-rt-debugsource-3.12.61-60.18.1 kernel-rt-devel-3.12.61-60.18.1 kernel-rt_debug-debuginfo-3.12.61-60.18.1 kernel-rt_debug-debugsource-3.12.61-60.18.1 kernel-rt_debug-devel-3.12.61-60.18.1 kernel-rt_debug-devel-debuginfo-3.12.61-60.18.1 kernel-syms-rt-3.12.61-60.18.1 - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch): kernel-devel-rt-3.12.61-60.18.1 kernel-source-rt-3.12.61-60.18.1 References: https://www.suse.com/security/cve/CVE-2014-9717.html https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-3707.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/662458 https://bugzilla.suse.com/676471 https://bugzilla.suse.com/897662 https://bugzilla.suse.com/928547 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/945345 https://bugzilla.suse.com/947337 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953048 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957805 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958390 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/962742 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/964727 https://bugzilla.suse.com/965087 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/967640 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/969016 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/970604 https://bugzilla.suse.com/970609 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/971049 https://bugzilla.suse.com/971770 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/972124 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973499 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/974692 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975788 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976821 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/977582 https://bugzilla.suse.com/977685 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978527 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979169 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979347 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979489 https://bugzilla.suse.com/979521 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979922 https://bugzilla.suse.com/980246 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980706 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983394 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984456 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/988215 https://bugzilla.suse.com/988498 https://bugzilla.suse.com/988552 From sle-updates at lists.suse.com Tue Aug 2 08:32:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2016 16:32:31 +0200 (CEST) Subject: SUSE-RU-2016:1938-1: moderate: Recommended update for openstack-nova-virt-zvm and openstack-neutron-zvm-agent Message-ID: <20160802143231.21103FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-nova-virt-zvm and openstack-neutron-zvm-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1938-1 Rating: moderate References: #988729 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-nova-virt-zvm and openstack-neutron-zvm-agent provides the latest code from OpenStack Liberty and fixes various issues: openstack-nova-virt-zvm: - Add SLES12 boot-from-volume support. - Ensure power state is shutdown in power_off. openstack-neutron-zvm-agent: - Revert "Make enhancement for zvm-agent log...." Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1134=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-neutron-zvm-agent-5.0.1~a0~dev3-6.1 openstack-nova-virt-zvm-5.0.2~a0~dev3-7.1 References: https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Tue Aug 2 09:08:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2016 17:08:47 +0200 (CEST) Subject: SUSE-SU-2016:1939-1: important: Security update for bsdtar Message-ID: <20160802150847.F0DF6FFAB@maintenance.suse.de> SUSE Security Update: Security update for bsdtar ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1939-1 Rating: important References: #920870 #984990 #985609 #985669 #985675 #985682 #985698 Cross-References: CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 Affected Products: SUSE Studio Onsite 1.3 SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-bsdtar-12672=1 - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bsdtar-12672=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bsdtar-12672=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bsdtar-12672=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bsdtar-12672=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bsdtar-12672=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bsdtar-12672=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bsdtar-12672=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bsdtar-12672=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bsdtar-12672=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libarchive-devel-2.5.5-9.1 - SUSE OpenStack Cloud 5 (x86_64): libarchive2-2.5.5-9.1 - SUSE Manager Proxy 2.1 (x86_64): libarchive2-2.5.5-9.1 - SUSE Manager 2.1 (s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libarchive-devel-2.5.5-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bsdtar-debuginfo-2.5.5-9.1 bsdtar-debugsource-2.5.5-9.1 References: https://www.suse.com/security/cve/CVE-2015-2304.html https://www.suse.com/security/cve/CVE-2015-8918.html https://www.suse.com/security/cve/CVE-2015-8920.html https://www.suse.com/security/cve/CVE-2015-8921.html https://www.suse.com/security/cve/CVE-2015-8924.html https://www.suse.com/security/cve/CVE-2015-8929.html https://www.suse.com/security/cve/CVE-2016-4809.html https://bugzilla.suse.com/920870 https://bugzilla.suse.com/984990 https://bugzilla.suse.com/985609 https://bugzilla.suse.com/985669 https://bugzilla.suse.com/985675 https://bugzilla.suse.com/985682 https://bugzilla.suse.com/985698 From sle-updates at lists.suse.com Tue Aug 2 11:08:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2016 19:08:44 +0200 (CEST) Subject: SUSE-RU-2016:1940-1: Recommended update for pmtools Message-ID: <20160802170844.EE2F6FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for pmtools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1940-1 Rating: low References: #955705 #974862 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pmtools fixes the following issues: - Skip the SMBIOS version comparison in quiet mode. (bsc#974862) - Add support for DDR4 memory type. (bsc#955705) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pmtools-12673=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pmtools-12673=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 x86_64): pmtools-20071116-44.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 x86_64): pmtools-debuginfo-20071116-44.35.1 pmtools-debugsource-20071116-44.35.1 References: https://bugzilla.suse.com/955705 https://bugzilla.suse.com/974862 From sle-updates at lists.suse.com Tue Aug 2 13:13:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2016 21:13:47 +0200 (CEST) Subject: SUSE-SU-2016:1941-1: moderate: Security update for SUSE Linux Enterprise Server Docker images Message-ID: <20160802191347.83AE6FFA3@maintenance.suse.de> SUSE Security Update: Security update for SUSE Linux Enterprise Server Docker images ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1941-1 Rating: moderate References: #982831 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for the SUSE Linux Enterprise Server 12 and 12 SP1 Docker images provides the latest security patches for openldap2, glibc and openssl (bsc#982831). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1137=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sles12-docker-image-1.1.2-20160727 sles12sp1-docker-image-1.0.5-20160727 References: https://bugzilla.suse.com/982831 From sle-updates at lists.suse.com Wed Aug 3 08:09:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 16:09:16 +0200 (CEST) Subject: SUSE-RU-2016:1942-1: Recommended update for dbus-1 Message-ID: <20160803140916.6DDAFFFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1942-1 Rating: low References: #941352 #978477 #980928 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for dbus-1 fixes the following issues: - Correctly reset timeouts for pending file descriptors. (bsc#978477) - Increase listen() backlog of AF_UNIX sockets to SOMAXCONN. (bsc#980928) - Account for openSUSE:Leap in the conditional for choosing right local state directories (boo#941352) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1138=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1138=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1138=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dbus-1-debuginfo-1.8.16-19.1 dbus-1-debugsource-1.8.16-19.1 dbus-1-devel-1.8.16-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): dbus-1-devel-doc-1.8.16-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dbus-1-1.8.16-19.1 dbus-1-debuginfo-1.8.16-19.1 dbus-1-debugsource-1.8.16-19.1 dbus-1-x11-1.8.16-19.1 dbus-1-x11-debuginfo-1.8.16-19.1 dbus-1-x11-debugsource-1.8.16-19.1 libdbus-1-3-1.8.16-19.1 libdbus-1-3-debuginfo-1.8.16-19.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): dbus-1-debuginfo-32bit-1.8.16-19.1 libdbus-1-3-32bit-1.8.16-19.1 libdbus-1-3-debuginfo-32bit-1.8.16-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dbus-1-1.8.16-19.1 dbus-1-debuginfo-1.8.16-19.1 dbus-1-debuginfo-32bit-1.8.16-19.1 dbus-1-debugsource-1.8.16-19.1 dbus-1-x11-1.8.16-19.1 dbus-1-x11-debuginfo-1.8.16-19.1 dbus-1-x11-debugsource-1.8.16-19.1 libdbus-1-3-1.8.16-19.1 libdbus-1-3-32bit-1.8.16-19.1 libdbus-1-3-debuginfo-1.8.16-19.1 libdbus-1-3-debuginfo-32bit-1.8.16-19.1 References: https://bugzilla.suse.com/941352 https://bugzilla.suse.com/978477 https://bugzilla.suse.com/980928 From sle-updates at lists.suse.com Wed Aug 3 09:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 17:08:58 +0200 (CEST) Subject: SUSE-RU-2016:1943-1: moderate: Recommended update for ceph Message-ID: <20160803150858.E5D64FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1943-1 Rating: moderate References: #965619 #972370 #982324 #982755 #988585 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for ceph provides version 10.2.2 and fixes several issues: - ceph.in: Fix exception when pool name has non-ascii characters (bsc#972370) - Regenerate tarball from same SHA1 after deleting downstream tags (bsc#982755) - Fix systemd complains about "unknown lvalue" (bsc#982324) - ceph.spec, ceph.spec.in: Move ceph-rbdnamer binary from ceph to ceph-common (bsc#965619) - For a detailed description of all fixes, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (x86_64): ceph-10.2.2+git.1466068668.308eb8b-3.1 ceph-base-10.2.2+git.1466068668.308eb8b-3.1 ceph-base-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-common-10.2.2+git.1466068668.308eb8b-3.1 ceph-common-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-debugsource-10.2.2+git.1466068668.308eb8b-3.1 ceph-fuse-10.2.2+git.1466068668.308eb8b-3.1 ceph-fuse-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-mds-10.2.2+git.1466068668.308eb8b-3.1 ceph-mds-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-mon-10.2.2+git.1466068668.308eb8b-3.1 ceph-mon-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-osd-10.2.2+git.1466068668.308eb8b-3.1 ceph-osd-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-radosgw-10.2.2+git.1466068668.308eb8b-3.1 ceph-radosgw-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-test-10.2.2+git.1466068668.308eb8b-3.1 ceph-test-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 libcephfs1-10.2.2+git.1466068668.308eb8b-3.1 libcephfs1-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 librados2-10.2.2+git.1466068668.308eb8b-3.1 librados2-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 libradosstriper1-10.2.2+git.1466068668.308eb8b-3.1 libradosstriper1-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 librbd1-10.2.2+git.1466068668.308eb8b-3.1 librbd1-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 librgw2-10.2.2+git.1466068668.308eb8b-3.1 librgw2-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 python-cephfs-10.2.2+git.1466068668.308eb8b-3.1 python-cephfs-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 python-rados-10.2.2+git.1466068668.308eb8b-3.1 python-rados-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 python-rbd-10.2.2+git.1466068668.308eb8b-3.1 python-rbd-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 rbd-fuse-10.2.2+git.1466068668.308eb8b-3.1 rbd-fuse-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 rbd-mirror-10.2.2+git.1466068668.308eb8b-3.1 rbd-mirror-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 rbd-nbd-10.2.2+git.1466068668.308eb8b-3.1 rbd-nbd-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 References: https://bugzilla.suse.com/965619 https://bugzilla.suse.com/972370 https://bugzilla.suse.com/982324 https://bugzilla.suse.com/982755 https://bugzilla.suse.com/988585 From sle-updates at lists.suse.com Wed Aug 3 10:09:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 18:09:54 +0200 (CEST) Subject: SUSE-SU-2016:1944-1: moderate: Security update for libvirt Message-ID: <20160803160954.A7E7BFFAB@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1944-1 Rating: moderate References: #952889 #970906 #987527 Cross-References: CVE-2016-5008 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2016-5008: empty VNC password disables authentication (bsc#987527) Bugs fixed: - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed 'make check' failures. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvirt-12674=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvirt-12674=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-12674=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-1.2.5-15.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libvirt-devel-32bit-1.2.5-15.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-1.2.5-15.3 libvirt-client-1.2.5-15.3 libvirt-doc-1.2.5-15.3 libvirt-lock-sanlock-1.2.5-15.3 perl-Sys-Virt-1.2.5-4.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-15.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-15.3 libvirt-debugsource-1.2.5-15.3 perl-Sys-Virt-debuginfo-1.2.5-4.2 perl-Sys-Virt-debugsource-1.2.5-4.2 References: https://www.suse.com/security/cve/CVE-2016-5008.html https://bugzilla.suse.com/952889 https://bugzilla.suse.com/970906 https://bugzilla.suse.com/987527 From sle-updates at lists.suse.com Wed Aug 3 11:09:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 19:09:07 +0200 (CEST) Subject: SUSE-SU-2016:1945-1: moderate: Security update for sqlite3 Message-ID: <20160803170907.36198FFAA@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1945-1 Rating: moderate References: #987394 Cross-References: CVE-2016-6153 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1141=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1141=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1141=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-3.1 sqlite3-debugsource-3.8.10.2-3.1 sqlite3-devel-3.8.10.2-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-3.1 libsqlite3-0-debuginfo-3.8.10.2-3.1 sqlite3-3.8.10.2-3.1 sqlite3-debuginfo-3.8.10.2-3.1 sqlite3-debugsource-3.8.10.2-3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsqlite3-0-3.8.10.2-3.1 libsqlite3-0-32bit-3.8.10.2-3.1 libsqlite3-0-debuginfo-3.8.10.2-3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-3.1 sqlite3-3.8.10.2-3.1 sqlite3-debuginfo-3.8.10.2-3.1 sqlite3-debugsource-3.8.10.2-3.1 References: https://www.suse.com/security/cve/CVE-2016-6153.html https://bugzilla.suse.com/987394 From sle-updates at lists.suse.com Wed Aug 3 11:09:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 19:09:32 +0200 (CEST) Subject: SUSE-SU-2016:1946-1: important: Security update for hawk2 Message-ID: <20160803170932.077E2FFA8@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1946-1 Rating: important References: #984619 #987696 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) The following non-security issue was fixed: - In the Wizards UI, prevent text display issues due to internationalization with certain strings (bsc#987696) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): hawk2-1.0.1+git.1456406635.49e230d-12.1 hawk2-debuginfo-1.0.1+git.1456406635.49e230d-12.1 hawk2-debugsource-1.0.1+git.1456406635.49e230d-12.1 References: https://bugzilla.suse.com/984619 https://bugzilla.suse.com/987696 From sle-updates at lists.suse.com Wed Aug 3 12:09:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 20:09:02 +0200 (CEST) Subject: SUSE-OU-2016:1947-1: Optional update for python-numpy Message-ID: <20160803180902.52A1FFFA3@maintenance.suse.de> SUSE Optional Update: Optional update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1947-1 Rating: low References: #987347 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds three new packages to SLE Software Development Kit 11 SP4: python-numpy-devel, blas-devel and lapack-devel. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-numpy-12675=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-numpy-12675=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-numpy-12675=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): blas-devel-3.4.2-0.11.1 lapack-devel-3.4.2-0.11.1 libblas3-3.4.2-0.11.1 python-numpy-devel-1.8.0-0.13.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): doxygen-1.7.3-5.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libblas3-3.4.2-0.11.1 liblapack3-3.4.2-0.11.1 python-numpy-1.8.0-0.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): python-numpy-debuginfo-1.8.0-0.13.1 python-numpy-debugsource-1.8.0-0.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): doxygen-debuginfo-1.7.3-5.9.1 doxygen-debugsource-1.7.3-5.9.1 lapack-debuginfo-3.4.2-0.11.1 lapack-debugsource-3.4.2-0.11.1 References: https://bugzilla.suse.com/987347 From sle-updates at lists.suse.com Wed Aug 3 12:09:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 20:09:27 +0200 (CEST) Subject: SUSE-RU-2016:1948-1: Recommended update for freetype2 and libqt4 Message-ID: <20160803180927.0305EFFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for freetype2 and libqt4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1948-1 Rating: low References: #865241 #967455 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for freetype2 and libqt4 fixes the following issues: - Fix memory leaks as well as font handling issues (bsc#967455). - Fix issue of showing the user badly defined fonts by removing xlfd fonts support since that set of fonts is old and unmaintained (bsc#967455). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libqt4-12676=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libqt4-12676=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libqt4-12676=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): freetype2-devel-2.3.7-25.44.1 libQtWebKit-devel-4.6.3-5.41.2 libqt4-devel-4.6.3-5.41.2 libqt4-devel-doc-4.6.3-5.41.7 libqt4-sql-postgresql-4.6.3-5.41.11 libqt4-sql-unixODBC-4.6.3-5.41.11 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): freetype2-devel-32bit-2.3.7-25.44.1 libQtWebKit4-32bit-4.6.3-5.41.2 libqt4-sql-mysql-32bit-4.6.3-5.41.11 libqt4-sql-postgresql-32bit-4.6.3-5.41.11 libqt4-sql-sqlite-32bit-4.6.3-5.41.2 libqt4-sql-unixODBC-32bit-4.6.3-5.41.11 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): libqt4-devel-doc-data-4.6.3-5.41.8 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libQtWebKit4-x86-4.6.3-5.41.2 libqt4-sql-mysql-x86-4.6.3-5.41.11 libqt4-sql-postgresql-x86-4.6.3-5.41.11 libqt4-sql-sqlite-x86-4.6.3-5.41.2 libqt4-sql-unixODBC-x86-4.6.3-5.41.11 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): freetype2-2.3.7-25.44.1 ft2demos-2.3.7-25.44.1 libQtWebKit4-4.6.3-5.41.2 libqt4-4.6.3-5.41.2 libqt4-qt3support-4.6.3-5.41.2 libqt4-sql-4.6.3-5.41.2 libqt4-sql-mysql-4.6.3-5.41.11 libqt4-sql-sqlite-4.6.3-5.41.2 libqt4-x11-4.6.3-5.41.2 qt4-x11-tools-4.6.3-5.41.7 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): freetype2-32bit-2.3.7-25.44.1 libQtWebKit4-32bit-4.6.3-5.41.2 libqt4-32bit-4.6.3-5.41.2 libqt4-qt3support-32bit-4.6.3-5.41.2 libqt4-sql-32bit-4.6.3-5.41.2 libqt4-x11-32bit-4.6.3-5.41.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): freetype2-x86-2.3.7-25.44.1 libQtWebKit4-x86-4.6.3-5.41.2 libqt4-qt3support-x86-4.6.3-5.41.2 libqt4-sql-x86-4.6.3-5.41.2 libqt4-x11-x86-4.6.3-5.41.2 libqt4-x86-4.6.3-5.41.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): freetype2-debuginfo-2.3.7-25.44.1 freetype2-debugsource-2.3.7-25.44.1 ft2demos-debuginfo-2.3.7-25.44.1 ft2demos-debugsource-2.3.7-25.44.1 libqt4-debuginfo-4.6.3-5.41.2 libqt4-debugsource-4.6.3-5.41.2 References: https://bugzilla.suse.com/865241 https://bugzilla.suse.com/967455 From sle-updates at lists.suse.com Wed Aug 3 13:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 21:08:52 +0200 (CEST) Subject: SUSE-RU-2016:1949-1: moderate: Recommended update for openCryptoki Message-ID: <20160803190852.C6916FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1949-1 Rating: moderate References: #983433 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openCryptoki fixes the following issues: - Create /var/lock/opencryptoki directory at installation time (bsc#983433) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1145=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1145=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): openCryptoki-debuginfo-3.2-11.1 openCryptoki-debugsource-3.2-11.1 openCryptoki-devel-3.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390 s390x x86_64): openCryptoki-3.2-11.1 openCryptoki-debuginfo-3.2-11.1 openCryptoki-debugsource-3.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openCryptoki-64bit-3.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390): openCryptoki-32bit-3.2-11.1 References: https://bugzilla.suse.com/983433 From sle-updates at lists.suse.com Wed Aug 3 14:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2016 22:08:53 +0200 (CEST) Subject: SUSE-RU-2016:1950-1: Recommended update for fence-agents Message-ID: <20160803200853.EA795FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1950-1 Rating: low References: #986440 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Pass stream to logger in Python 2.6 compatible way. (bsc#986440) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-fence-agents-12677=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-fence-agents-12677=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): fence-agents-4.0.12-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): fence-agents-debuginfo-4.0.12-3.1 fence-agents-debugsource-4.0.12-3.1 References: https://bugzilla.suse.com/986440 From sle-updates at lists.suse.com Thu Aug 4 09:09:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 17:09:50 +0200 (CEST) Subject: SUSE-RU-2016:1952-1: Recommended update for gcc48 Message-ID: <20160804150950.16D32FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1952-1 Rating: low References: #981311 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc48 fixes a miscompilation issue specific to the aarch64 architecture. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1149=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1149=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1149=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1149=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gcc48-gij-32bit-4.8.5-30.1 gcc48-gij-4.8.5-30.1 gcc48-gij-debuginfo-32bit-4.8.5-30.1 gcc48-gij-debuginfo-4.8.5-30.1 libgcj48-32bit-4.8.5-30.1 libgcj48-4.8.5-30.1 libgcj48-debuginfo-32bit-4.8.5-30.1 libgcj48-debuginfo-4.8.5-30.1 libgcj48-debugsource-4.8.5-30.1 libgcj48-jar-4.8.5-30.1 libgcj_bc1-4.8.5-30.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-30.1 gcc48-debugsource-4.8.5-30.1 gcc48-fortran-4.8.5-30.1 gcc48-fortran-debuginfo-4.8.5-30.1 gcc48-gij-4.8.5-30.1 gcc48-gij-debuginfo-4.8.5-30.1 gcc48-java-4.8.5-30.1 gcc48-java-debuginfo-4.8.5-30.1 gcc48-obj-c++-4.8.5-30.1 gcc48-obj-c++-debuginfo-4.8.5-30.1 gcc48-objc-4.8.5-30.1 gcc48-objc-debuginfo-4.8.5-30.1 libffi48-debugsource-4.8.5-30.1 libffi48-devel-4.8.5-30.1 libgcj48-4.8.5-30.1 libgcj48-debuginfo-4.8.5-30.1 libgcj48-debugsource-4.8.5-30.1 libgcj48-devel-4.8.5-30.1 libgcj48-devel-debuginfo-4.8.5-30.1 libgcj48-jar-4.8.5-30.1 libgcj_bc1-4.8.5-30.1 libobjc4-4.8.5-30.1 libobjc4-debuginfo-4.8.5-30.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): gcc48-objc-32bit-4.8.5-30.1 libobjc4-32bit-4.8.5-30.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): gcc48-ada-4.8.5-30.1 gcc48-ada-debuginfo-4.8.5-30.1 libada48-4.8.5-30.1 libada48-debuginfo-4.8.5-30.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cpp48-4.8.5-30.1 cpp48-debuginfo-4.8.5-30.1 gcc48-4.8.5-30.1 gcc48-c++-4.8.5-30.1 gcc48-c++-debuginfo-4.8.5-30.1 gcc48-debuginfo-4.8.5-30.1 gcc48-debugsource-4.8.5-30.1 gcc48-locale-4.8.5-30.1 libstdc++48-devel-4.8.5-30.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gcc48-32bit-4.8.5-30.1 libstdc++48-devel-32bit-4.8.5-30.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gcc48-info-4.8.5-30.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libasan0-32bit-4.8.5-30.1 libasan0-4.8.5-30.1 libasan0-debuginfo-4.8.5-30.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gcc48-info-4.8.5-30.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cpp48-4.8.5-30.1 cpp48-debuginfo-4.8.5-30.1 gcc48-32bit-4.8.5-30.1 gcc48-4.8.5-30.1 gcc48-c++-4.8.5-30.1 gcc48-c++-debuginfo-4.8.5-30.1 gcc48-debuginfo-4.8.5-30.1 gcc48-debugsource-4.8.5-30.1 gcc48-gij-32bit-4.8.5-30.1 gcc48-gij-4.8.5-30.1 gcc48-gij-debuginfo-32bit-4.8.5-30.1 gcc48-gij-debuginfo-4.8.5-30.1 libasan0-32bit-4.8.5-30.1 libasan0-4.8.5-30.1 libasan0-debuginfo-4.8.5-30.1 libgcj48-32bit-4.8.5-30.1 libgcj48-4.8.5-30.1 libgcj48-debuginfo-32bit-4.8.5-30.1 libgcj48-debuginfo-4.8.5-30.1 libgcj48-debugsource-4.8.5-30.1 libgcj48-jar-4.8.5-30.1 libgcj_bc1-4.8.5-30.1 libstdc++48-devel-32bit-4.8.5-30.1 libstdc++48-devel-4.8.5-30.1 References: https://bugzilla.suse.com/981311 From sle-updates at lists.suse.com Thu Aug 4 09:10:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 17:10:23 +0200 (CEST) Subject: SUSE-RU-2016:1953-1: Recommended update for libica-2_1_0 Message-ID: <20160804151023.795B8FFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica-2_1_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1953-1 Rating: low References: #978696 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libica-2_1_0 provides the following fixes: - Obsolete libica-2_0_2 and trigger upgrade when libica-2_1_0 is installed (bsc#978696) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libica-2_1_0-12678=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libica-2_1_0-12678=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (s390x): libica-2_1_0-2.1.0-0.14.1 libica-2_1_0-32bit-2.1.0-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): libica-2_1_0-debuginfo-2.1.0-0.14.1 libica-2_1_0-debuginfo-32bit-2.1.0-0.14.1 libica-2_1_0-debugsource-2.1.0-0.14.1 References: https://bugzilla.suse.com/978696 From sle-updates at lists.suse.com Thu Aug 4 09:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 17:10:47 +0200 (CEST) Subject: SUSE-RU-2016:1954-1: moderate: Recommended update for dracut Message-ID: <20160804151047.3F57CFFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1954-1 Rating: moderate References: #951003 #959803 #975959 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Set MTU and LLADDR for DHCP if specified. (bsc#959803) - Wait for netroot until all iBFT interfaces are up. (bsc#951003) - Update iscsi module setup to test iscsi for flash directory before continuing (bsc#975959) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1147=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1147=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dracut-037-72.1 dracut-debuginfo-037-72.1 dracut-debugsource-037-72.1 dracut-fips-037-72.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dracut-037-72.1 dracut-debuginfo-037-72.1 dracut-debugsource-037-72.1 References: https://bugzilla.suse.com/951003 https://bugzilla.suse.com/959803 https://bugzilla.suse.com/975959 From sle-updates at lists.suse.com Thu Aug 4 10:09:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 18:09:24 +0200 (CEST) Subject: SUSE-RU-2016:1955-1: Recommended update for python-pbr Message-ID: <20160804160924.71E3EFFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pbr ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1955-1 Rating: low References: #982342 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pbr fixes the following issue: - Allow adding new modules in openstack-neutron (bnc#982342) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-pbr-12679=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-pbr-0.10.0-9.1 References: https://bugzilla.suse.com/982342 From sle-updates at lists.suse.com Thu Aug 4 10:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 18:09:48 +0200 (CEST) Subject: SUSE-RU-2016:1956-1: Recommended update for binutils Message-ID: <20160804160948.3D02FFFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1956-1 Rating: low References: #970239 #985642 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: GNU Binutils was updated to version 2.26.1, which brings several fixes and enhancements: - Add -mrelax-relocations on x86 but keep it disabled on old products. - Add --fix-stm32l4xx-629360 to the ARM linker to enable a link-time workaround for a bug in the bus matrix / memory controller for some of the STM32 Cortex-M4 based products (STM32L4xx). - Add a configure option --enable-compressed-debug-sections={all,ld} to decide whether DWARF debug sections should be compressed by default. - Add support for the ARC EM/HS, and ARC600/700 architectures. - Experimental support for linker garbage collection (--gc-sections) has been enabled for COFF and PE based targets. - New command line option for ELF targets to compress DWARF debug sections, --compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi]. - New command line option, --orphan-handling=[place|warn|error|discard], to adjust how orphan sections are handled. The default is 'place' which gives the current behavior, 'warn' and 'error' issue a warning or error respectively when orphan sections are found, and 'discard' will discard all orphan sections. - Add support for LLVM plugin. - Add --print-memory-usage option to report memory blocks usage. - Add --require-defined option, it's like --undefined except the new symbol must be defined by the end of the link. - Add a configure option --enable-compressed-debug-sections={all,gas} to decide whether DWARF debug sections should be compressed by default. - Add support for the ARC EM/HS, and ARC600/700 architectures. Remove assembler support for Argonaut RISC architectures. - Add option to objcopy to insert new symbols into a file: --add-symbol =[
:][,] - Add support for the ARC EM/HS, and ARC600/700 architectures. - Extend objcopy --compress-debug-sections option to support --compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi] for ELF targets. - Add --update-section option to objcopy. - Add --output-separator option to strings. - Fix internal error when applying TLSDESC relocations with no TLS segment - Fix wrong insn type for troo insn. - Change default common-page-size to 64K on aarch64. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1152=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1152=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1152=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): binutils-debuginfo-2.26.1-9.12.1 binutils-debugsource-2.26.1-9.12.1 binutils-devel-2.26.1-9.12.1 cross-ppc-binutils-2.26.1-9.12.1 cross-ppc-binutils-debuginfo-2.26.1-9.12.1 cross-ppc-binutils-debugsource-2.26.1-9.12.1 cross-spu-binutils-2.26.1-9.12.1 cross-spu-binutils-debuginfo-2.26.1-9.12.1 cross-spu-binutils-debugsource-2.26.1-9.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64): binutils-gold-2.26.1-9.12.1 binutils-gold-debuginfo-2.26.1-9.12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): binutils-2.26.1-9.12.1 binutils-debuginfo-2.26.1-9.12.1 binutils-debugsource-2.26.1-9.12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): binutils-2.26.1-9.12.1 binutils-debuginfo-2.26.1-9.12.1 binutils-debugsource-2.26.1-9.12.1 References: https://bugzilla.suse.com/970239 https://bugzilla.suse.com/985642 From sle-updates at lists.suse.com Thu Aug 4 10:10:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 18:10:27 +0200 (CEST) Subject: SUSE-RU-2016:1957-1: Recommended update for release-notes-sles Message-ID: <20160804161027.B1BC1FFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1957-1 Rating: low References: #972596 #984505 #988152 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Support for Korn Shell (ksh) Extended Until 2022. (fate#319081, bsc#988152) - Enabling Indirect Descriptors in the blkfront Module. (fate#320625) - Root File System Conversion to Btrfs Not Supported. (fate#320870, bsc#972596) Some entries have been fixed or improved: - Python Update to Version 2.7.9. (fate#318300) - pax Binary Replaced with spax from the star Package. (fate#318412) - Other entries: minor punctuation corrections. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1150=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20160801-23.1 References: https://bugzilla.suse.com/972596 https://bugzilla.suse.com/984505 https://bugzilla.suse.com/988152 From sle-updates at lists.suse.com Thu Aug 4 11:09:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 19:09:43 +0200 (CEST) Subject: SUSE-RU-2016:1958-1: moderate: Recommended update for booth Message-ID: <20160804170943.4675EFFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for booth ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1958-1 Rating: moderate References: #968865 Affected Products: SUSE Linux Enterprise High Availability GEO 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for booth fixes the following issues: - Set the owner of /etc/booth and booth.conf.example to hacluster:haclient (bsc#968865) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12-SP1: zypper in -t patch SUSE-SLE-HA-GEO-12-SP1-2016-1155=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability GEO 12-SP1 (s390x x86_64): booth-0.2.0-32.1 booth-debuginfo-0.2.0-32.1 booth-debugsource-0.2.0-32.1 References: https://bugzilla.suse.com/968865 From sle-updates at lists.suse.com Thu Aug 4 11:10:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 19:10:07 +0200 (CEST) Subject: SUSE-RU-2016:1959-1: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <20160804171007.7841EFFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1959-1 Rating: low References: #990887 #990888 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update enhances supportutils-plugin-suse-public-cloud to collect information about instance initialization recorded by the initialization code in system logs. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1153=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): supportutils-plugin-suse-public-cloud-1.0.1-5.1 References: https://bugzilla.suse.com/990887 https://bugzilla.suse.com/990888 From sle-updates at lists.suse.com Thu Aug 4 11:10:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 19:10:36 +0200 (CEST) Subject: SUSE-RU-2016:1960-1: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <20160804171036.B79CBFFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1960-1 Rating: low References: #990887 #990888 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update enhances supportutils-plugin-suse-public-cloud to collect information about instance initialization recorded by the initialization code in system logs. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-supportutils-plugin-suse-public-cloud-12680=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): supportutils-plugin-suse-public-cloud-1.0.1-5.1 References: https://bugzilla.suse.com/990887 https://bugzilla.suse.com/990888 From sle-updates at lists.suse.com Thu Aug 4 12:09:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 20:09:11 +0200 (CEST) Subject: SUSE-SU-2016:1961-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 Message-ID: <20160804180911.1C1CAFFA3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1961-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11.1 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1157=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-5-14.2 kgraft-patch-3_12_49-11-xen-5-14.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Thu Aug 4 12:10:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 20:10:57 +0200 (CEST) Subject: SUSE-SU-2016:1962-1: moderate: Security update for gimp Message-ID: <20160804181057.56481FFAA@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1962-1 Rating: moderate References: #986021 Cross-References: CVE-2016-4994 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: gimp was updated to fix one security issue. This security issue was fixed: - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1156=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1156=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gimp-lang-2.8.10-7.8 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gimp-2.8.10-7.8 gimp-debuginfo-2.8.10-7.8 gimp-debugsource-2.8.10-7.8 gimp-plugins-python-2.8.10-7.8 gimp-plugins-python-debuginfo-2.8.10-7.8 libgimp-2_0-0-2.8.10-7.8 libgimp-2_0-0-debuginfo-2.8.10-7.8 libgimpui-2_0-0-2.8.10-7.8 libgimpui-2_0-0-debuginfo-2.8.10-7.8 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gimp-debuginfo-2.8.10-7.8 gimp-debugsource-2.8.10-7.8 gimp-devel-2.8.10-7.8 gimp-devel-debuginfo-2.8.10-7.8 libgimp-2_0-0-2.8.10-7.8 libgimp-2_0-0-debuginfo-2.8.10-7.8 libgimpui-2_0-0-2.8.10-7.8 libgimpui-2_0-0-debuginfo-2.8.10-7.8 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gimp-lang-2.8.10-7.8 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gimp-2.8.10-7.8 gimp-debuginfo-2.8.10-7.8 gimp-debugsource-2.8.10-7.8 gimp-plugins-python-2.8.10-7.8 gimp-plugins-python-debuginfo-2.8.10-7.8 libgimp-2_0-0-2.8.10-7.8 libgimp-2_0-0-debuginfo-2.8.10-7.8 libgimpui-2_0-0-2.8.10-7.8 libgimpui-2_0-0-debuginfo-2.8.10-7.8 References: https://www.suse.com/security/cve/CVE-2016-4994.html https://bugzilla.suse.com/986021 From sle-updates at lists.suse.com Thu Aug 4 12:11:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2016 20:11:22 +0200 (CEST) Subject: SUSE-RU-2016:1963-1: Recommended update for resource-agents Message-ID: <20160804181122.431E2FFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1963-1 Rating: low References: #956739 #977193 #978680 #985486 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for resource-agents enables support for IPv6 in ldirectord. Two new packages have been added to SLE High Availability Extension 12 SP1: perl-IO-Socket-IP and perl-Net-INET6Glue. Two packages received enhancements related to IPv6 support: perl-Net-HTTP and perl-libwww-perl. Additionally, resource-agents received two bug fixes unrelated to the IPv6 feature: - exportfs: Add pseudo resource factor. (bsc#978680) - send_arp: Fix for infiniband, re-merge from upstream iputils arping. (bsc#985486) - Fixed one bugreference (bsc#956739) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1158=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1158=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1158=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): perl-Net-HTTP-6.06-5.2 perl-libwww-perl-6.05-5.2 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): ldirectord-3.9.6+git.1442374860.7f3628a-17.1 monitoring-plugins-metadata-3.9.6+git.1442374860.7f3628a-17.1 resource-agents-3.9.6+git.1442374860.7f3628a-17.1 resource-agents-debuginfo-3.9.6+git.1442374860.7f3628a-17.1 resource-agents-debugsource-3.9.6+git.1442374860.7f3628a-17.1 - SUSE Linux Enterprise High Availability 12-SP1 (noarch): perl-IO-Socket-IP-0.37-2.1 perl-Net-INET6Glue-0.603-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): perl-Net-HTTP-6.06-5.2 perl-libwww-perl-6.05-5.2 References: https://bugzilla.suse.com/956739 https://bugzilla.suse.com/977193 https://bugzilla.suse.com/978680 https://bugzilla.suse.com/985486 From sle-updates at lists.suse.com Thu Aug 4 23:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2016 07:08:53 +0200 (CEST) Subject: SUSE-RU-2016:1965-1: Recommended update for hwinfo Message-ID: <20160805050853.7E2BFFFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1965-1 Rating: low References: #960507 #980819 #982332 #983004 #989633 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes: - Fix input device name detection for USB devices. (bsc#989633) - Avoid bogus virtio devices in device listing. (bsc#960507) - Add aliases with '-' for options with '_'. (bsc#983004) - Clarify hwinfo usage in man page and help text. (bsc#982332) - Change wording for SCSI reference. - Add reference to SCSI command specification. - Change type of serial_buf[] to unsigned char. (bsc#980819) - Correct comma placement after part-number. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1159=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1159=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1159=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): hwinfo-debuginfo-21.30-8.1 hwinfo-debugsource-21.30-8.1 hwinfo-devel-21.30-8.1 hwinfo-devel-debuginfo-21.30-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): hwinfo-21.30-8.1 hwinfo-debuginfo-21.30-8.1 hwinfo-debugsource-21.30-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): hwinfo-21.30-8.1 hwinfo-debuginfo-21.30-8.1 hwinfo-debugsource-21.30-8.1 References: https://bugzilla.suse.com/960507 https://bugzilla.suse.com/980819 https://bugzilla.suse.com/982332 https://bugzilla.suse.com/983004 https://bugzilla.suse.com/989633 From sle-updates at lists.suse.com Fri Aug 5 07:09:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2016 15:09:26 +0200 (CEST) Subject: SUSE-SU-2016:1966-1: Security update for several openstack-components Message-ID: <20160805130926.A8D3DFFE1@maintenance.suse.de> SUSE Security Update: Security update for several openstack-components ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1966-1 Rating: low References: #984802 #988729 Cross-References: CVE-2016-4985 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update provides the latest code from OpenStack Liberty for openstack-designate, -ironic, -neutron-vpnaas, -nova-docker, -sahara, -tempest and -trove. Additionally the following security issue has been fixed: openstack-ironic: - Mask password on agent lookup according to policy (bsc#984802, CVE-2016-4985) For a detailed description of all changes, please refer to the changelog. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1160=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-designate-1.0.3~a0~dev10-6.1 openstack-designate-agent-1.0.3~a0~dev10-6.1 openstack-designate-api-1.0.3~a0~dev10-6.1 openstack-designate-central-1.0.3~a0~dev10-6.1 openstack-designate-doc-1.0.3~a0~dev10-6.2 openstack-designate-sink-1.0.3~a0~dev10-6.1 openstack-ironic-4.2.5-6.1 openstack-ironic-api-4.2.5-6.1 openstack-ironic-conductor-4.2.5-6.1 openstack-ironic-doc-4.2.5-6.2 openstack-neutron-vpn-agent-7.0.5~a0~dev3-6.1 openstack-neutron-vpnaas-7.0.5~a0~dev3-6.1 openstack-neutron-vpnaas-doc-7.0.5~a0~dev3-6.1 openstack-nova-docker-0.0.1~a0~dev238-4.1 openstack-sahara-3.0.3~a0~dev1-6.1 openstack-sahara-api-3.0.3~a0~dev1-6.1 openstack-sahara-doc-3.0.3~a0~dev1-6.1 openstack-sahara-engine-3.0.3~a0~dev1-6.1 openstack-tempest-7.0.0-9.1 openstack-tempest-test-7.0.0-9.1 openstack-trove-4.0.1~a0~dev19-8.1 openstack-trove-api-4.0.1~a0~dev19-8.1 openstack-trove-conductor-4.0.1~a0~dev19-8.1 openstack-trove-doc-4.0.1~a0~dev19-8.1 openstack-trove-guestagent-4.0.1~a0~dev19-8.1 openstack-trove-taskmanager-4.0.1~a0~dev19-8.1 python-designate-1.0.3~a0~dev10-6.1 python-ironic-4.2.5-6.1 python-neutron-vpnaas-7.0.5~a0~dev3-6.1 python-sahara-3.0.3~a0~dev1-6.1 python-tempest-7.0.0-9.1 python-trove-4.0.1~a0~dev19-8.1 References: https://www.suse.com/security/cve/CVE-2016-4985.html https://bugzilla.suse.com/984802 https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Fri Aug 5 08:10:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2016 16:10:01 +0200 (CEST) Subject: SUSE-RU-2016:1972-1: Recommended update for cfengine, cfengine-masterfiles Message-ID: <20160805141001.06DF5FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cfengine, cfengine-masterfiles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1972-1 Rating: low References: #990638 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cfengine, cfengine-masterfiles fixes the following issues: CFEngine was updated from version 3.7.1 to 3.7.3, which brings fixes and enhancements: Behavior changes: - classesmatching(): order of classes changed. - Suppress standard services noise on SUSE. Fixes: - Reduce verbosity of yum and apt_get package modules. - Parse def.json vars, classes in C. - Namespaced classes can now be specified on the command line. - getvalues() will now return a list also for data containers, and will descend recursively into the containers. - @if minimum_version now correctly ignores lines starting with '@'. - Fix definition of classes from augments file. - Don't follow symbolic links when copying extended attributes. - Fix cf-serverd error messages with classic protocol clients. - The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. - Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points. - Fix file descriptor leak when there are network errors. - Fix a regression which would sometimes cause "Permission denied" errors on files inside directories with very restricted permissions. - Check for empty server response in RemoteDirList after decryption. - Allow def.json up to 5MB instead of 4K. - Add guard for binary upgrade during bootstrap. - Fix a bug which sometimes caused package promises to be skipped with "XX Another cf-agent seems to have done this since I started" messages in the log, most notably in long running cf-agent runs (longer than one minute). - Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf. - Fix two cases where action_policy warn still produces errors. - Fix classes being set because of hash collision in the implementation. - Installing packages containing version numbers using yum now works correctly. - readfile() and read*list() should print an error if they fail to read file. - If there is an error saving a mustache template file it is now logged with log-level error (was inform). - Fixed several bugs which prevented CFEngine from loading libraries from the correct location. - If file_select.file_types is set to symlink and there are regular files in the scanned directory, CFEngine no longer produces an unnecessary error message. - cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments. - Fix "@endif" keyword sometimes being improperly processed by policy parser. - It is possible to edit the same value in multiple regions of one file. - Fix select_class not setting class when used in common bundle with slist. - Fix broken HA policy for 3rd disaster-recovery node. - Directories should no more be changed randomly into files. - Include latest security updates for 3.7. - Reduce malloc() thread contention on heavily loaded cf-serverd, by not exiting early in the logging function, if no message is to be printed. - Improve cf-serverd's lock contention because of getpwnam() call. - action_policy "warn" now correctly produces warnings instead of various other verbosity levels. - Improve efficiency and debug reports. - Change package modules permissions on hub package so that hub can execute package promises. - No longer hang when changing permissions/ownership on fifos. - Fix exporting CSV reports through HTTPS. - failsafe.cf will be created when needed. - Mustache templates: Fix {{@}} key when value is not a primitive. The old behavior, when iterating across a map or array of maps, was to abort if the key was requested with {{@}}. The new behavior is to always replace {{@}} with either the key name or the iteration position in the array. An error is printed if {{@}} is used outside of a Mustache iteration section. - Legacy package promise: Result classes are now defined if the package being promised is already up to date. - TTY detection should be more reliable. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1161=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1161=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): cfengine-debuginfo-3.7.3-13.1 cfengine-debugsource-3.7.3-13.1 libpromises-devel-3.7.3-13.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): cfengine-3.7.3-13.1 cfengine-debuginfo-3.7.3-13.1 cfengine-debugsource-3.7.3-13.1 cfengine-doc-3.7.3-13.1 libpromises3-3.7.3-13.1 libpromises3-debuginfo-3.7.3-13.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): cfengine-masterfiles-3.7.3-6.1 References: https://bugzilla.suse.com/990638 From sle-updates at lists.suse.com Fri Aug 5 09:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2016 17:08:48 +0200 (CEST) Subject: SUSE-RU-2016:1973-1: Recommended update for emacs Message-ID: <20160805150848.A49D4FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1973-1 Rating: low References: #953745 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs provides the following fixes: - Do not enforce the usage of the glibc regular expression as the GNU emacs ctags program depends on the emacs version. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1162=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1162=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): emacs-24.3-16.32 emacs-debuginfo-24.3-16.32 emacs-debugsource-24.3-16.32 emacs-nox-24.3-16.32 emacs-nox-debuginfo-24.3-16.32 emacs-x11-24.3-16.32 emacs-x11-debuginfo-24.3-16.32 etags-24.3-16.32 etags-debuginfo-24.3-16.32 - SUSE Linux Enterprise Server 12-SP1 (noarch): emacs-el-24.3-16.32 emacs-info-24.3-16.32 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): emacs-info-24.3-16.32 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): emacs-24.3-16.32 emacs-debuginfo-24.3-16.32 emacs-debugsource-24.3-16.32 emacs-x11-24.3-16.32 emacs-x11-debuginfo-24.3-16.32 etags-24.3-16.32 etags-debuginfo-24.3-16.32 References: https://bugzilla.suse.com/953745 From sle-updates at lists.suse.com Mon Aug 8 10:10:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Aug 2016 18:10:02 +0200 (CEST) Subject: SUSE-RU-2016:1984-1: Recommended update for gdb Message-ID: <20160808161002.BFB40FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1984-1 Rating: low References: #971556 #974419 #990697 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: GDB was updated to version 7.11.1, which brings several fixes and enhancements: - Per-inferior thread numbers. - Breakpoint "explicit locations" (via CLI and GDB/MI). - New convenience variables ($_gthread, $_inferior). - Record btrace now supports non-stop mode. - Various improvements on AArch64 GNU/Linux: - multi-architecture debugging support. - displaced stepping. - tracepoint support added in GDBserver. - reverse debugging. - In Ada, the overloads selection menu provides the parameter types and return types for the matching overloaded subprograms. - Various remote protocol improvements, including several new packets which can be used to support features such as follow-exec-mode, exec catchpoints, syscall catchpoints, etc. - Some minor improvements in the Python API for extending GDB. - New commands or subcommands: - info os cpu, set/show serial parity, info dll - maint print symbol-cache/symbol-cache-statistics, maint flush-symbol-cache - record btrace bts, record bts - compile print - show/set mpx bound - tui enable/disable - record btrace pt, record pt - maint info btrace, maint btrace packet-history/clear-packet-history/clear - s390 support for vector ABI. - "set sysroot" improvements related to remote targets. - Better support for debugging containerized programs (without "set sysroot"). - HISTSIZE environment variable is replaced by GDBHISTSIZE. - Python scripting: - it's possible to write frame unwinders - several new methods in Objfile, Type and Value classes - gdb can auto-load scripts contained in special sections named '.debug_gdb_scripts'. - Extensions for the MI interface, new remote packet types. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1166=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1166=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1166=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdb-debuginfo-7.11.1-8.35.1 gdb-debugsource-7.11.1-8.35.1 gdbserver-7.11.1-8.35.1 gdbserver-debuginfo-7.11.1-8.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x): gdb-debuginfo-32bit-7.11.1-8.35.1 gdbserver-32bit-7.11.1-8.35.1 gdbserver-debuginfo-32bit-7.11.1-8.35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdb-7.11.1-8.35.1 gdb-debuginfo-7.11.1-8.35.1 gdb-debugsource-7.11.1-8.35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdb-7.11.1-8.35.1 gdb-debuginfo-7.11.1-8.35.1 gdb-debugsource-7.11.1-8.35.1 References: https://bugzilla.suse.com/971556 https://bugzilla.suse.com/974419 https://bugzilla.suse.com/990697 From sle-updates at lists.suse.com Mon Aug 8 12:09:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Aug 2016 20:09:23 +0200 (CEST) Subject: SUSE-SU-2016:1985-1: important: Security update for the Linux Kernel Message-ID: <20160808180923.98903FFAC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1985-1 Rating: important References: #676471 #866130 #909589 #936530 #944309 #950998 #953369 #954847 #956491 #957986 #960857 #961518 #963762 #966245 #967914 #968500 #969149 #969391 #970114 #971030 #971126 #971360 #971446 #971944 #971947 #971989 #973378 #974620 #974646 #974787 #975358 #976739 #976868 #978401 #978821 #978822 #979213 #979274 #979347 #979419 #979548 #979595 #979867 #979879 #979915 #980246 #980371 #980725 #980788 #980931 #981231 #981267 #982532 #982544 #982691 #983143 #983213 #983721 #984107 #984755 #986362 #986572 #988498 Cross-References: CVE-2015-7833 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2187 CVE-2016-3134 CVE-2016-3707 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: oxygen: add Xonar DGX support (bsc#982691). - Assign correct ->can_queue value in hv_storvsc (bnc#969391) - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.p atch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFS: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - NFSv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - NVMe: Unify controller probe and resume (bsc#979347). - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - hid-elo: kill not flush the work (bnc#982532). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipvs: count pre-established TCP states as active (bsc#970114). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-linux-kernel-12681=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-12681=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-57.1 kernel-rt-base-3.0.101.rt130-57.1 kernel-rt-devel-3.0.101.rt130-57.1 kernel-rt_trace-3.0.101.rt130-57.1 kernel-rt_trace-base-3.0.101.rt130-57.1 kernel-rt_trace-devel-3.0.101.rt130-57.1 kernel-source-rt-3.0.101.rt130-57.1 kernel-syms-rt-3.0.101.rt130-57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-57.1 kernel-rt-debugsource-3.0.101.rt130-57.1 kernel-rt_debug-debuginfo-3.0.101.rt130-57.1 kernel-rt_debug-debugsource-3.0.101.rt130-57.1 kernel-rt_trace-debuginfo-3.0.101.rt130-57.1 kernel-rt_trace-debugsource-3.0.101.rt130-57.1 References: https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3707.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/676471 https://bugzilla.suse.com/866130 https://bugzilla.suse.com/909589 https://bugzilla.suse.com/936530 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/953369 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/961518 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/967914 https://bugzilla.suse.com/968500 https://bugzilla.suse.com/969149 https://bugzilla.suse.com/969391 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/971030 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971446 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/974787 https://bugzilla.suse.com/975358 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979274 https://bugzilla.suse.com/979347 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979915 https://bugzilla.suse.com/980246 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/980788 https://bugzilla.suse.com/980931 https://bugzilla.suse.com/981231 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/982532 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982691 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/984107 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/988498 From sle-updates at lists.suse.com Tue Aug 9 07:09:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 15:09:29 +0200 (CEST) Subject: SUSE-RU-2016:1992-1: moderate: Recommended update for aaa_base Message-ID: <20160809130929.89268FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1992-1 Rating: moderate References: #992144 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base provides the following fixes: - Do not use the = sign for setenv in /etc/profile.d/lang.csh (bsc#992144) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1168=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1168=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1168=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): aaa_base-debuginfo-13.2+git20140911.61c1681-22.1 aaa_base-debugsource-13.2+git20140911.61c1681-22.1 aaa_base-malloccheck-13.2+git20140911.61c1681-22.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): aaa_base-13.2+git20140911.61c1681-22.1 aaa_base-debuginfo-13.2+git20140911.61c1681-22.1 aaa_base-debugsource-13.2+git20140911.61c1681-22.1 aaa_base-extras-13.2+git20140911.61c1681-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): aaa_base-13.2+git20140911.61c1681-22.1 aaa_base-debuginfo-13.2+git20140911.61c1681-22.1 aaa_base-debugsource-13.2+git20140911.61c1681-22.1 aaa_base-extras-13.2+git20140911.61c1681-22.1 References: https://bugzilla.suse.com/992144 From sle-updates at lists.suse.com Tue Aug 9 08:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 16:09:05 +0200 (CEST) Subject: SUSE-RU-2016:1993-1: moderate: Recommended update for sssd Message-ID: <20160809140905.2B390FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1993-1 Rating: moderate References: #976038 #977224 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - The sss_cache module would terminate with a segmentation fault when called with a specific domain name through the -d command line option. (bsc#976038) - The sss_sudo module could terminate with a segmentation fault when trying to refresh more than 255 rules using D-Bus. (bsc#977224) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1169=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1169=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1169=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libipa_hbac-devel-1.11.5.1-23.1 libsss_idmap-devel-1.11.5.1-23.1 libsss_nss_idmap-devel-1.11.5.1-23.1 libsss_nss_idmap0-1.11.5.1-23.1 libsss_nss_idmap0-debuginfo-1.11.5.1-23.1 sssd-debuginfo-1.11.5.1-23.1 sssd-debugsource-1.11.5.1-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libipa_hbac0-1.11.5.1-23.1 libipa_hbac0-debuginfo-1.11.5.1-23.1 libsss_idmap0-1.11.5.1-23.1 libsss_idmap0-debuginfo-1.11.5.1-23.1 libsss_sudo-1.11.5.1-23.1 libsss_sudo-debuginfo-1.11.5.1-23.1 python-sssd-config-1.11.5.1-23.1 python-sssd-config-debuginfo-1.11.5.1-23.1 sssd-1.11.5.1-23.1 sssd-ad-1.11.5.1-23.1 sssd-ad-debuginfo-1.11.5.1-23.1 sssd-debuginfo-1.11.5.1-23.1 sssd-debugsource-1.11.5.1-23.1 sssd-ipa-1.11.5.1-23.1 sssd-ipa-debuginfo-1.11.5.1-23.1 sssd-krb5-1.11.5.1-23.1 sssd-krb5-common-1.11.5.1-23.1 sssd-krb5-common-debuginfo-1.11.5.1-23.1 sssd-krb5-debuginfo-1.11.5.1-23.1 sssd-ldap-1.11.5.1-23.1 sssd-ldap-debuginfo-1.11.5.1-23.1 sssd-proxy-1.11.5.1-23.1 sssd-proxy-debuginfo-1.11.5.1-23.1 sssd-tools-1.11.5.1-23.1 sssd-tools-debuginfo-1.11.5.1-23.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): sssd-32bit-1.11.5.1-23.1 sssd-debuginfo-32bit-1.11.5.1-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libipa_hbac0-1.11.5.1-23.1 libipa_hbac0-debuginfo-1.11.5.1-23.1 libsss_idmap0-1.11.5.1-23.1 libsss_idmap0-debuginfo-1.11.5.1-23.1 libsss_sudo-1.11.5.1-23.1 libsss_sudo-debuginfo-1.11.5.1-23.1 python-sssd-config-1.11.5.1-23.1 python-sssd-config-debuginfo-1.11.5.1-23.1 sssd-1.11.5.1-23.1 sssd-32bit-1.11.5.1-23.1 sssd-ad-1.11.5.1-23.1 sssd-ad-debuginfo-1.11.5.1-23.1 sssd-debuginfo-1.11.5.1-23.1 sssd-debuginfo-32bit-1.11.5.1-23.1 sssd-debugsource-1.11.5.1-23.1 sssd-ipa-1.11.5.1-23.1 sssd-ipa-debuginfo-1.11.5.1-23.1 sssd-krb5-1.11.5.1-23.1 sssd-krb5-common-1.11.5.1-23.1 sssd-krb5-common-debuginfo-1.11.5.1-23.1 sssd-krb5-debuginfo-1.11.5.1-23.1 sssd-ldap-1.11.5.1-23.1 sssd-ldap-debuginfo-1.11.5.1-23.1 sssd-proxy-1.11.5.1-23.1 sssd-proxy-debuginfo-1.11.5.1-23.1 sssd-tools-1.11.5.1-23.1 sssd-tools-debuginfo-1.11.5.1-23.1 References: https://bugzilla.suse.com/976038 https://bugzilla.suse.com/977224 From sle-updates at lists.suse.com Tue Aug 9 09:09:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:09:03 +0200 (CEST) Subject: SUSE-SU-2016:1994-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 Message-ID: <20160809150903.77A5AFFE2@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1994-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_20 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-5-2.1 kgraft-patch-3_12_51-60_20-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:10:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:10:43 +0200 (CEST) Subject: SUSE-SU-2016:1995-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 Message-ID: <20160809151043.2A6D2FFAC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1995-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1175=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1175=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_31-default-5-2.2 kgraft-patch-3_12_51-52_31-xen-5-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_31-default-5-2.2 kgraft-patch-3_12_51-52_31-xen-5-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:12:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:12:24 +0200 (CEST) Subject: SUSE-SU-2016:1996-1: important: Security update for squid3 Message-ID: <20160809151224.A47B9FFE1@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1996-1 Rating: important References: #895773 #902197 #938715 #963539 #967011 #968392 #968393 #968394 #968395 #973782 #973783 #976553 #976556 #976708 #979008 #979009 #979010 #979011 Cross-References: CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12682=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12682=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): squid3-debuginfo-3.1.23-8.16.27.1 References: https://www.suse.com/security/cve/CVE-2011-3205.html https://www.suse.com/security/cve/CVE-2011-4096.html https://www.suse.com/security/cve/CVE-2012-5643.html https://www.suse.com/security/cve/CVE-2013-0188.html https://www.suse.com/security/cve/CVE-2013-4115.html https://www.suse.com/security/cve/CVE-2014-0128.html https://www.suse.com/security/cve/CVE-2014-6270.html https://www.suse.com/security/cve/CVE-2014-7141.html https://www.suse.com/security/cve/CVE-2014-7142.html https://www.suse.com/security/cve/CVE-2015-5400.html https://www.suse.com/security/cve/CVE-2016-2390.html https://www.suse.com/security/cve/CVE-2016-2569.html https://www.suse.com/security/cve/CVE-2016-2570.html https://www.suse.com/security/cve/CVE-2016-2571.html https://www.suse.com/security/cve/CVE-2016-2572.html https://www.suse.com/security/cve/CVE-2016-3947.html https://www.suse.com/security/cve/CVE-2016-3948.html https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4052.html https://www.suse.com/security/cve/CVE-2016-4053.html https://www.suse.com/security/cve/CVE-2016-4054.html https://www.suse.com/security/cve/CVE-2016-4553.html https://www.suse.com/security/cve/CVE-2016-4554.html https://www.suse.com/security/cve/CVE-2016-4555.html https://www.suse.com/security/cve/CVE-2016-4556.html https://bugzilla.suse.com/895773 https://bugzilla.suse.com/902197 https://bugzilla.suse.com/938715 https://bugzilla.suse.com/963539 https://bugzilla.suse.com/967011 https://bugzilla.suse.com/968392 https://bugzilla.suse.com/968393 https://bugzilla.suse.com/968394 https://bugzilla.suse.com/968395 https://bugzilla.suse.com/973782 https://bugzilla.suse.com/973783 https://bugzilla.suse.com/976553 https://bugzilla.suse.com/976556 https://bugzilla.suse.com/976708 https://bugzilla.suse.com/979008 https://bugzilla.suse.com/979009 https://bugzilla.suse.com/979010 https://bugzilla.suse.com/979011 From sle-updates at lists.suse.com Tue Aug 9 09:15:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:15:18 +0200 (CEST) Subject: SUSE-SU-2016:1997-1: important: Security update for java-1_7_0-openjdk Message-ID: <20160809151518.DDD38FFAC@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1997-1 Rating: important References: #982366 #984684 #988651 #989722 #989723 #989725 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has three fixes is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f ailing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail s with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1186=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1186=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.111-33.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-debugsource-1.7.0.111-33.1 java-1_7_0-openjdk-demo-1.7.0.111-33.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-devel-1.7.0.111-33.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-headless-1.7.0.111-33.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.111-33.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-debugsource-1.7.0.111-33.1 java-1_7_0-openjdk-headless-1.7.0.111-33.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/982366 https://bugzilla.suse.com/984684 https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 From sle-updates at lists.suse.com Tue Aug 9 09:17:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:17:47 +0200 (CEST) Subject: SUSE-SU-2016:1998-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20160809151747.0A821FFAC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1998-1 Rating: important References: #984764 Cross-References: CVE-2016-4470 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1170=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1170=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-2-2.2 kgraft-patch-3_12_60-52_54-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-2-2.2 kgraft-patch-3_12_60-52_54-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2016-4470.html https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:18:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:18:09 +0200 (CEST) Subject: SUSE-SU-2016:1999-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20160809151809.E6FEBFFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1999-1 Rating: important References: #984764 Cross-References: CVE-2016-4470 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1171=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-2-2.2 kgraft-patch-3_12_60-52_49-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-2-2.2 kgraft-patch-3_12_60-52_49-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2016-4470.html https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:18:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:18:29 +0200 (CEST) Subject: SUSE-SU-2016:2000-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20160809151829.7C406FFE1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2000-1 Rating: important References: #971793 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1179=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-2-2.2 kgraft-patch-3_12_57-60_35-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:19:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:19:33 +0200 (CEST) Subject: SUSE-SU-2016:2001-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20160809151933.9C17EFFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2001-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1172=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-2-2.3 kgraft-patch-3_12_55-52_45-xen-2-2.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-2-2.3 kgraft-patch-3_12_55-52_45-xen-2-2.3 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:20:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:20:55 +0200 (CEST) Subject: SUSE-SU-2016:2002-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 Message-ID: <20160809152055.054CBFFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2002-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1190=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1190=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_34-default-5-2.2 kgraft-patch-3_12_51-52_34-xen-5-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_34-default-5-2.2 kgraft-patch-3_12_51-52_34-xen-5-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:22:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:22:27 +0200 (CEST) Subject: SUSE-SU-2016:2003-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20160809152227.784D4FFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2003-1 Rating: important References: #979074 #980856 #980883 #984764 Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-2053 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1180=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-2-2.1 kgraft-patch-3_12_59-60_41-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:23:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:23:15 +0200 (CEST) Subject: SUSE-RU-2016:2004-1: Recommended update for supportutils-plugin-suse-openstack-cloud Message-ID: <20160809152315.D1FB1FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2004-1 Rating: low References: #988729 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-suse-openstack-cloud fixes the following issues: - Improve capturing of horizon configurations Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1189=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1189=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1189=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1468235662.8196f29-3.1 - SUSE Enterprise Storage 3 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1468235662.8196f29-3.1 - SUSE Enterprise Storage 2.1 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1468235662.8196f29-3.1 References: https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Tue Aug 9 09:23:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:23:38 +0200 (CEST) Subject: SUSE-SU-2016:2005-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 Message-ID: <20160809152338.7B23DFFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2005-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.48-52_27 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1176=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1176=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_48-52_27-default-5-2.2 kgraft-patch-3_12_48-52_27-xen-5-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_48-52_27-default-5-2.2 kgraft-patch-3_12_48-52_27-xen-5-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:25:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:25:20 +0200 (CEST) Subject: SUSE-SU-2016:2006-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 Message-ID: <20160809152520.84A5EFFE1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2006-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1173=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-2-2.2 kgraft-patch-3_12_55-52_42-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-2-2.2 kgraft-patch-3_12_55-52_42-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:26:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:26:50 +0200 (CEST) Subject: SUSE-SU-2016:2007-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 Message-ID: <20160809152650.ECA95FFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2007-1 Rating: important References: #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1181=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-3-2.1 kgraft-patch-3_12_53-60_30-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:28:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:28:17 +0200 (CEST) Subject: SUSE-SU-2016:2008-1: moderate: Security update for squid Message-ID: <20160809152817.0DAE0FFE0@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2008-1 Rating: moderate References: #902197 #929493 #938715 #955783 #959290 #963539 #968392 #968393 #968394 #968395 #973782 #973783 #976553 #976556 #979008 #979009 #979010 #979011 Cross-References: CVE-2015-3455 CVE-2015-5400 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has two fixes is now available. Description: The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues: - Fixed multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2015-5400: Improper protection of alternate path. (bsc#938715) - CVE-2015-3455: Squid http proxy configured with client-first SSL bumping did not correctly validate server certificate. (bsc#929493) - CVE-2016-3948: Fixed denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: Fixed multiple issues in ESI processing (bsc#976556) - CVE-2016-4553: Fixed cache poisoning issue in HTTP Request handling (bsc#979009) - CVE-2016-4554: Fixed header smuggling issue in HTTP Request processing (bsc#979010) - Fixed multiple Denial of Service issues in ESI Response processing. (CVE-2016-4555, CVE-2016-4556, bsc#979011, bsc#979008) Additionally, the following non-security issues have been fixed: - Fix header size in script unsquid.pl. (bsc#902197) - Add external helper ext_session_acl to package. (bsc#959290) - Update forward_max_tries to permit 25 server paths With cloud sites becoming more popular more CDN servers are producing long lists of IPv6 and IPv4 addresses. If there are not enough paths selected the IPv4 ones may never be reached. - squid.init: wait that squid really dies when we kill it on upgrade instead of proclaiming its demise prematurely (bnc#963539) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1184=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): squid-3.3.14-20.2 squid-debuginfo-3.3.14-20.2 squid-debugsource-3.3.14-20.2 References: https://www.suse.com/security/cve/CVE-2015-3455.html https://www.suse.com/security/cve/CVE-2015-5400.html https://www.suse.com/security/cve/CVE-2016-2569.html https://www.suse.com/security/cve/CVE-2016-2570.html https://www.suse.com/security/cve/CVE-2016-2571.html https://www.suse.com/security/cve/CVE-2016-2572.html https://www.suse.com/security/cve/CVE-2016-3947.html https://www.suse.com/security/cve/CVE-2016-3948.html https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4052.html https://www.suse.com/security/cve/CVE-2016-4053.html https://www.suse.com/security/cve/CVE-2016-4054.html https://www.suse.com/security/cve/CVE-2016-4553.html https://www.suse.com/security/cve/CVE-2016-4554.html https://www.suse.com/security/cve/CVE-2016-4555.html https://www.suse.com/security/cve/CVE-2016-4556.html https://bugzilla.suse.com/902197 https://bugzilla.suse.com/929493 https://bugzilla.suse.com/938715 https://bugzilla.suse.com/955783 https://bugzilla.suse.com/959290 https://bugzilla.suse.com/963539 https://bugzilla.suse.com/968392 https://bugzilla.suse.com/968393 https://bugzilla.suse.com/968394 https://bugzilla.suse.com/968395 https://bugzilla.suse.com/973782 https://bugzilla.suse.com/973783 https://bugzilla.suse.com/976553 https://bugzilla.suse.com/976556 https://bugzilla.suse.com/979008 https://bugzilla.suse.com/979009 https://bugzilla.suse.com/979010 https://bugzilla.suse.com/979011 From sle-updates at lists.suse.com Tue Aug 9 09:31:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:31:07 +0200 (CEST) Subject: SUSE-SU-2016:2009-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 Message-ID: <20160809153107.B8886FFAC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2009-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1182=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-4-2.1 kgraft-patch-3_12_51-60_25-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:32:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:32:39 +0200 (CEST) Subject: SUSE-SU-2016:2010-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 Message-ID: <20160809153239.7E792FFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2010-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1174=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_39-default-4-2.2 kgraft-patch-3_12_51-52_39-xen-4-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_39-default-4-2.2 kgraft-patch-3_12_51-52_39-xen-4-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:34:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:34:24 +0200 (CEST) Subject: SUSE-SU-2016:2011-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20160809153424.41C77FFAC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2011-1 Rating: important References: #979074 #980856 #980883 #984764 Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-2053 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1178=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-2-2.2 kgraft-patch-3_12_59-60_45-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 09:35:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:35:20 +0200 (CEST) Subject: SUSE-SU-2016:2012-1: important: Security update for java-1_8_0-openjdk Message-ID: <20160809153520.0C7A8FFE0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2012-1 Rating: important References: #984684 #987895 #988651 #989721 #989722 #989723 #989725 #989726 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 * Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes CallMethodA/CallMethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_ has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update * Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain "GNU General Public License" header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates * Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwic eTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define "headful" jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 * Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property "enableCustomValueHandler" introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL * AArch64 port - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64 - S8148328, PR3078: aarch64: redundant lsr instructions in stub code. - S8148783, PR3078: aarch64: SEGV running SpecJBB2013 - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection - S8150082, PR3078: aarch64: optimise small array copy - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops. - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero. - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine - S8153713, PR3078: aarch64: improve short array clearing using store pair - S8153797, PR3078: aarch64: Add Arrays.fill stub code - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8155015, PR3078: Aarch64: bad assert in spill generation code - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612 - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine - S8157841, PR3078: aarch64: prefetch ignores cache line size - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted - S8158913, PR3078: aarch64: SEGV running Spark terasort - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words - S8159063, PR3078: aarch64: optimise unaligned array copy long - PR3078: Cleanup remaining differences from aarch64/jdk8u tree - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895) - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1187=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1187=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.101-14.3 java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3 java-1_8_0-openjdk-debugsource-1.8.0.101-14.3 java-1_8_0-openjdk-demo-1.8.0.101-14.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-14.3 java-1_8_0-openjdk-devel-1.8.0.101-14.3 java-1_8_0-openjdk-headless-1.8.0.101-14.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.101-14.3 java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3 java-1_8_0-openjdk-debugsource-1.8.0.101-14.3 java-1_8_0-openjdk-headless-1.8.0.101-14.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3552.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/984684 https://bugzilla.suse.com/987895 https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989721 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989726 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 From sle-updates at lists.suse.com Tue Aug 9 09:37:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:37:50 +0200 (CEST) Subject: SUSE-SU-2016:2013-1: important: Security update for php53 Message-ID: <20160809153750.2A2AAFFAC@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2013-1 Rating: important References: #986004 #986244 #986386 #986388 #986393 Cross-References: CVE-2015-8935 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12683=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12683=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12683=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-74.1 php53-imap-5.3.17-74.1 php53-posix-5.3.17-74.1 php53-readline-5.3.17-74.1 php53-sockets-5.3.17-74.1 php53-sqlite-5.3.17-74.1 php53-tidy-5.3.17-74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-74.1 php53-5.3.17-74.1 php53-bcmath-5.3.17-74.1 php53-bz2-5.3.17-74.1 php53-calendar-5.3.17-74.1 php53-ctype-5.3.17-74.1 php53-curl-5.3.17-74.1 php53-dba-5.3.17-74.1 php53-dom-5.3.17-74.1 php53-exif-5.3.17-74.1 php53-fastcgi-5.3.17-74.1 php53-fileinfo-5.3.17-74.1 php53-ftp-5.3.17-74.1 php53-gd-5.3.17-74.1 php53-gettext-5.3.17-74.1 php53-gmp-5.3.17-74.1 php53-iconv-5.3.17-74.1 php53-intl-5.3.17-74.1 php53-json-5.3.17-74.1 php53-ldap-5.3.17-74.1 php53-mbstring-5.3.17-74.1 php53-mcrypt-5.3.17-74.1 php53-mysql-5.3.17-74.1 php53-odbc-5.3.17-74.1 php53-openssl-5.3.17-74.1 php53-pcntl-5.3.17-74.1 php53-pdo-5.3.17-74.1 php53-pear-5.3.17-74.1 php53-pgsql-5.3.17-74.1 php53-pspell-5.3.17-74.1 php53-shmop-5.3.17-74.1 php53-snmp-5.3.17-74.1 php53-soap-5.3.17-74.1 php53-suhosin-5.3.17-74.1 php53-sysvmsg-5.3.17-74.1 php53-sysvsem-5.3.17-74.1 php53-sysvshm-5.3.17-74.1 php53-tokenizer-5.3.17-74.1 php53-wddx-5.3.17-74.1 php53-xmlreader-5.3.17-74.1 php53-xmlrpc-5.3.17-74.1 php53-xmlwriter-5.3.17-74.1 php53-xsl-5.3.17-74.1 php53-zip-5.3.17-74.1 php53-zlib-5.3.17-74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-74.1 php53-debugsource-5.3.17-74.1 References: https://www.suse.com/security/cve/CVE-2015-8935.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2016-5767.html https://www.suse.com/security/cve/CVE-2016-5769.html https://www.suse.com/security/cve/CVE-2016-5772.html https://bugzilla.suse.com/986004 https://bugzilla.suse.com/986244 https://bugzilla.suse.com/986386 https://bugzilla.suse.com/986388 https://bugzilla.suse.com/986393 From sle-updates at lists.suse.com Tue Aug 9 09:38:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 17:38:54 +0200 (CEST) Subject: SUSE-SU-2016:2014-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 Message-ID: <20160809153854.9CD3DFFE0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2014-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.44-52_18 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1177=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1177=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_44-52_18-default-6-2.2 kgraft-patch-3_12_44-52_18-xen-6-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_44-52_18-default-6-2.2 kgraft-patch-3_12_44-52_18-xen-6-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 From sle-updates at lists.suse.com Tue Aug 9 10:09:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 18:09:41 +0200 (CEST) Subject: SUSE-RU-2016:2015-1: Recommended update for crowbar-barclamp-dns Message-ID: <20160809160941.DE0B3FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-dns ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2015-1 Rating: low References: #982289 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-dns fixes the following issue: - Fix install failure when nscd is not installed (bsc#982289) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-dns-12684=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-dns-1.9+git.1455690042.ebfa1a7-15.1 References: https://bugzilla.suse.com/982289 From sle-updates at lists.suse.com Tue Aug 9 11:08:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 19:08:43 +0200 (CEST) Subject: SUSE-RU-2016:2016-1: Recommended update for nss_ldap Message-ID: <20160809170843.9E20FFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for nss_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2016-1 Rating: low References: #934444 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nss_ldap provides the following fixes: - Properly initialize context structure in _nss_ldap_getbyname(). This is a follow-up fix to address issues with LDAP connections in one-shot operation mode. (bsc#934444) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1192=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1192=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nss_ldap-265-32.15 nss_ldap-debuginfo-265-32.15 nss_ldap-debugsource-265-32.15 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): nss_ldap-32bit-265-32.15 nss_ldap-debuginfo-32bit-265-32.15 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): nss_ldap-265-32.15 nss_ldap-32bit-265-32.15 nss_ldap-debuginfo-265-32.15 nss_ldap-debuginfo-32bit-265-32.15 nss_ldap-debugsource-265-32.15 References: https://bugzilla.suse.com/934444 From sle-updates at lists.suse.com Tue Aug 9 11:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 19:09:10 +0200 (CEST) Subject: SUSE-RU-2016:2017-1: Recommended update for wayland Message-ID: <20160809170910.C2DA2FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for wayland ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2017-1 Rating: low References: #960181 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wayland provides the following fixes: - Downgrade an error to a warning so projects using wayland that show that message don't fail to build. (bsc#960181) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1193=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1193=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1193=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1193=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libwayland-client0-1.2.1-16.3 libwayland-client0-debuginfo-1.2.1-16.3 libwayland-cursor0-1.2.1-16.3 libwayland-cursor0-debuginfo-1.2.1-16.3 libwayland-server0-1.2.1-16.3 libwayland-server0-debuginfo-1.2.1-16.3 wayland-debugsource-1.2.1-16.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libwayland-client0-1.2.1-16.3 libwayland-client0-debuginfo-1.2.1-16.3 libwayland-cursor0-1.2.1-16.3 libwayland-cursor0-debuginfo-1.2.1-16.3 libwayland-server0-1.2.1-16.3 libwayland-server0-debuginfo-1.2.1-16.3 wayland-debugsource-1.2.1-16.3 wayland-devel-1.2.1-16.3 wayland-devel-debuginfo-1.2.1-16.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-16.3 libwayland-client0-debuginfo-32bit-1.2.1-16.3 libwayland-cursor0-32bit-1.2.1-16.3 libwayland-cursor0-debuginfo-32bit-1.2.1-16.3 libwayland-server0-32bit-1.2.1-16.3 libwayland-server0-debuginfo-32bit-1.2.1-16.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-16.3 libwayland-client0-debuginfo-32bit-1.2.1-16.3 libwayland-cursor0-32bit-1.2.1-16.3 libwayland-cursor0-debuginfo-32bit-1.2.1-16.3 libwayland-server0-32bit-1.2.1-16.3 libwayland-server0-debuginfo-32bit-1.2.1-16.3 wayland-debugsource-1.2.1-16.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwayland-client0-1.2.1-16.3 libwayland-client0-32bit-1.2.1-16.3 libwayland-client0-debuginfo-1.2.1-16.3 libwayland-client0-debuginfo-32bit-1.2.1-16.3 libwayland-cursor0-1.2.1-16.3 libwayland-cursor0-32bit-1.2.1-16.3 libwayland-cursor0-debuginfo-1.2.1-16.3 libwayland-cursor0-debuginfo-32bit-1.2.1-16.3 libwayland-server0-1.2.1-16.3 libwayland-server0-32bit-1.2.1-16.3 libwayland-server0-debuginfo-1.2.1-16.3 libwayland-server0-debuginfo-32bit-1.2.1-16.3 wayland-debugsource-1.2.1-16.3 References: https://bugzilla.suse.com/960181 From sle-updates at lists.suse.com Tue Aug 9 13:09:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2016 21:09:08 +0200 (CEST) Subject: SUSE-SU-2016:2018-1: important: Security update for the Linux Kernel Message-ID: <20160809190908.CD86DFFAC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2018-1 Rating: important References: #909589 #954847 #971030 #974620 #979915 #982544 #983721 #984755 #986362 #986572 #988498 Cross-References: CVE-2016-4470 CVE-2016-4997 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-12685=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-12685=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-12685=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-12685=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-80.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-80.1 kernel-default-base-3.0.101-80.1 kernel-default-devel-3.0.101-80.1 kernel-source-3.0.101-80.1 kernel-syms-3.0.101-80.1 kernel-trace-3.0.101-80.1 kernel-trace-base-3.0.101-80.1 kernel-trace-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-80.1 kernel-ec2-base-3.0.101-80.1 kernel-ec2-devel-3.0.101-80.1 kernel-xen-3.0.101-80.1 kernel-xen-base-3.0.101-80.1 kernel-xen-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-ppc64-3.0.101-80.1 kernel-ppc64-base-3.0.101-80.1 kernel-ppc64-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-80.1 kernel-pae-base-3.0.101-80.1 kernel-pae-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-80.1 kernel-default-debugsource-3.0.101-80.1 kernel-trace-debuginfo-3.0.101-80.1 kernel-trace-debugsource-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-80.1 kernel-trace-devel-debuginfo-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-80.1 kernel-ec2-debugsource-3.0.101-80.1 kernel-xen-debuginfo-3.0.101-80.1 kernel-xen-debugsource-3.0.101-80.1 kernel-xen-devel-debuginfo-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-ppc64-debuginfo-3.0.101-80.1 kernel-ppc64-debugsource-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-80.1 kernel-pae-debugsource-3.0.101-80.1 kernel-pae-devel-debuginfo-3.0.101-80.1 References: https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/909589 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/971030 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/979915 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/988498 From sle-updates at lists.suse.com Tue Aug 9 16:08:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2016 00:08:39 +0200 (CEST) Subject: SUSE-SU-2016:2019-1: Security update for rubygem-bson-1_11, rubygem-easy_diff, rubygem-redcarpet, and rubygem-sprockets-2_11 Message-ID: <20160809220839.8D394FFAC@maintenance.suse.de> SUSE Security Update: Security update for rubygem-bson-1_11, rubygem-easy_diff, rubygem-redcarpet, and rubygem-sprockets-2_11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2019-1 Rating: low References: #926328 #933961 #982364 Cross-References: CVE-2015-4410 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rubygem-bson-1_11, rubygem-easy_diff, rubygem-redcarpet, and rubygem-sprockets-2_11 fixes the following issues: - Avoid monodb data injection (bnc#933961, CVE-2015-4410) - Fixes merging of Arrays of Hashes (bsc#982364) - Fix XSS via autolinking of untrusted markdown (bsc#926328) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-bson-12686=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-bson-1_11-1.11.1-9.1 ruby2.1-rubygem-easy_diff-0.0.5-9.1 ruby2.1-rubygem-redcarpet-3.2.3-9.1 ruby2.1-rubygem-sprockets-2_11-2.11.3-11.1 References: https://www.suse.com/security/cve/CVE-2015-4410.html https://bugzilla.suse.com/926328 https://bugzilla.suse.com/933961 https://bugzilla.suse.com/982364 From sle-updates at lists.suse.com Wed Aug 10 04:09:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2016 12:09:25 +0200 (CEST) Subject: SUSE-SU-2016:2021-1: moderate: Security update for sqlite3 Message-ID: <20160810100925.01E62FFE0@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2021-1 Rating: moderate References: #987394 Cross-References: CVE-2016-6153 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-sqlite3-12687=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sqlite3-12687=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sqlite3-12687=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sqlite3-12687=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): sqlite3-devel-3.7.6.3-1.4.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): sqlite3-devel-3.7.6.3-1.4.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsqlite3-0-3.7.6.3-1.4.6.1 sqlite3-3.7.6.3-1.4.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsqlite3-0-32bit-3.7.6.3-1.4.6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsqlite3-0-x86-3.7.6.3-1.4.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sqlite3-debuginfo-3.7.6.3-1.4.6.1 References: https://www.suse.com/security/cve/CVE-2016-6153.html https://bugzilla.suse.com/987394 From sle-updates at lists.suse.com Wed Aug 10 08:09:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2016 16:09:01 +0200 (CEST) Subject: SUSE-RU-2016:2023-1: Recommended update for oprofile Message-ID: <20160810140901.65D40FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for oprofile ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2023-1 Rating: low References: #957426 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oprofile provides the following fixes: - Loading the 'oprofile' module on s390x will create /dev/opcontrol/0 when hardware sampling is supported. Check if this file is present and, when it isn't, reload the module with 'cpu_type=timer', which will make /dev/oprofile/cpu_type to report 'timer'. (bsc#957426) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1197=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libopagent1-0.9.9-9.40 libopagent1-debuginfo-0.9.9-9.40 oprofile-0.9.9-9.40 oprofile-debuginfo-0.9.9-9.40 oprofile-debugsource-0.9.9-9.40 oprofile-devel-0.9.9-9.40 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): libopagent1-32bit-0.9.9-9.40 libopagent1-debuginfo-32bit-0.9.9-9.40 oprofile-32bit-0.9.9-9.40 oprofile-debuginfo-32bit-0.9.9-9.40 References: https://bugzilla.suse.com/957426 From sle-updates at lists.suse.com Wed Aug 10 09:09:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2016 17:09:07 +0200 (CEST) Subject: SUSE-SU-2016:2024-1: moderate: Security update for dhcp Message-ID: <20160810150907.25279FFAC@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2024-1 Rating: moderate References: #969820 Cross-References: CVE-2016-2774 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-dhcp-12688=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-dhcp-12688=1 - SUSE Manager 2.1: zypper in -t patch sleman21-dhcp-12688=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dhcp-12688=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dhcp-12688=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-dhcp-12688=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dhcp-12688=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dhcp-12688=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dhcp-12688=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): dhcp-4.2.4.P2-0.27.1 dhcp-client-4.2.4.P2-0.27.1 dhcp-relay-4.2.4.P2-0.27.1 dhcp-server-4.2.4.P2-0.27.1 - SUSE Manager Proxy 2.1 (x86_64): dhcp-4.2.4.P2-0.27.1 dhcp-client-4.2.4.P2-0.27.1 dhcp-relay-4.2.4.P2-0.27.1 dhcp-server-4.2.4.P2-0.27.1 - SUSE Manager 2.1 (s390x x86_64): dhcp-4.2.4.P2-0.27.1 dhcp-client-4.2.4.P2-0.27.1 dhcp-relay-4.2.4.P2-0.27.1 dhcp-server-4.2.4.P2-0.27.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.27.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.27.1 dhcp-client-4.2.4.P2-0.27.1 dhcp-relay-4.2.4.P2-0.27.1 dhcp-server-4.2.4.P2-0.27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): dhcp-4.2.4.P2-0.27.1 dhcp-client-4.2.4.P2-0.27.1 dhcp-relay-4.2.4.P2-0.27.1 dhcp-server-4.2.4.P2-0.27.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dhcp-4.2.4.P2-0.27.1 dhcp-client-4.2.4.P2-0.27.1 dhcp-relay-4.2.4.P2-0.27.1 dhcp-server-4.2.4.P2-0.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.27.1 dhcp-debugsource-4.2.4.P2-0.27.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.27.1 dhcp-debugsource-4.2.4.P2-0.27.1 References: https://www.suse.com/security/cve/CVE-2016-2774.html https://bugzilla.suse.com/969820 From sle-updates at lists.suse.com Thu Aug 11 09:11:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 17:11:58 +0200 (CEST) Subject: SUSE-RU-2016:2032-1: Recommended update for python-azure-agent Message-ID: <20160811151158.CC257FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2032-1 Rating: low References: #992796 #992797 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The initialization code for Azure uses the 'eject' command to send a SCSI bus command to the framework, indicating that the mounted ISO file used as the configuration passing mechanism is no longer needed. This update adds the "eject" package as a dependency of python-azure-agent to ensure eject(1) will be always available. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-azure-agent-12689=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (x86_64): python-azure-agent-2.1.5-15.1 References: https://bugzilla.suse.com/992796 https://bugzilla.suse.com/992797 From sle-updates at lists.suse.com Thu Aug 11 09:17:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 17:17:04 +0200 (CEST) Subject: SUSE-RU-2016:2037-1: Recommended update for udhcp Message-ID: <20160811151704.1482CFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for udhcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2037-1 Rating: low References: #890844 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for udhcp fixes the following issues: - Don't strip binary files during build, so that debuginfo packages can be created later. (bsc#890844) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1202=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1202=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): udhcp-0.9.8-24.3 udhcp-debuginfo-0.9.8-24.3 udhcp-debugsource-0.9.8-24.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): udhcp-0.9.8-24.3 udhcp-debuginfo-0.9.8-24.3 udhcp-debugsource-0.9.8-24.3 References: https://bugzilla.suse.com/890844 From sle-updates at lists.suse.com Thu Aug 11 09:17:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 17:17:30 +0200 (CEST) Subject: SUSE-RU-2016:2038-1: moderate: Recommended update for crmsh Message-ID: <20160811151730.25529FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2038-1 Rating: moderate References: #981056 #981583 #981659 #989810 #990025 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - hb_report: Skip lines without timestamps in log correctly (bsc#989810) - hb_report: Don't collect logs from journalctl if -M is set (bsc#990025) - scripts: no-quorum-policy=ignore is deprecated (bsc#981056) - xmlutil: reduce unknown attribute to warning (bsc#981659) - tmpfiles: Create temporary directory if non-existing (bsc#981583) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1204=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): crmsh-2.2.1-18.1 crmsh-scripts-2.2.1-18.1 References: https://bugzilla.suse.com/981056 https://bugzilla.suse.com/981583 https://bugzilla.suse.com/981659 https://bugzilla.suse.com/989810 https://bugzilla.suse.com/990025 From sle-updates at lists.suse.com Thu Aug 11 09:18:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 17:18:27 +0200 (CEST) Subject: SUSE-RU-2016:2039-1: Recommended update for python-sip Message-ID: <20160811151827.154B2FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-sip ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2039-1 Rating: low References: #967817 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-sip fixes the following issues: - Fix a shell syntax error in %preun due to missing spaces. (bsc#967817) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1203=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1203=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1203=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): python-sip-debuginfo-4.15.4-6.3 python-sip-debugsource-4.15.4-6.3 python-sip-devel-4.15.4-6.3 python-sip-devel-debuginfo-4.15.4-6.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-sip-4.15.4-6.3 python-sip-debuginfo-4.15.4-6.3 python-sip-debugsource-4.15.4-6.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): python-sip-4.15.4-6.3 python-sip-debuginfo-4.15.4-6.3 python-sip-debugsource-4.15.4-6.3 References: https://bugzilla.suse.com/967817 From sle-updates at lists.suse.com Thu Aug 11 09:19:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 17:19:26 +0200 (CEST) Subject: SUSE-RU-2016:2042-1: Recommended update for python-azure-agent Message-ID: <20160811151926.C06C5FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2042-1 Rating: low References: #992796 #992797 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The initialization code for Azure uses the 'eject' command to send a SCSI bus command to the framework, indicating that the mounted ISO file used as the configuration passing mechanism is no longer needed. This update adds the "eject" package as a dependency of python-azure-agent to ensure eject(1) will be always available. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1201=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.1.5-16.1 References: https://bugzilla.suse.com/992796 https://bugzilla.suse.com/992797 From sle-updates at lists.suse.com Thu Aug 11 10:09:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 18:09:06 +0200 (CEST) Subject: SUSE-RU-2016:2046-1: Recommended update for rpm Message-ID: <20160811160906.2D6E4FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2046-1 Rating: low References: #829717 #894610 #940315 #953532 #965322 #967728 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for rpm provides the following fixes: - Add is_opensuse and leap_version macros to suse_macros. (bsc#940315) - Add option to make postinstall scriptlet errors fatal. (bsc#967728) - Normalize big blocksizes to 4096 bytes. (bsc#894610, bsc#829717, bsc#965322) - Fix updating of sources/patches when recursing because of a BuildArch. (bsc#953532) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1205=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1205=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1205=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): rpm-debuginfo-4.11.2-15.1 rpm-debugsource-4.11.2-15.1 rpm-devel-4.11.2-15.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rpm-4.11.2-15.1 rpm-build-4.11.2-15.1 rpm-build-debuginfo-4.11.2-15.1 rpm-debuginfo-4.11.2-15.1 rpm-debugsource-4.11.2-15.1 rpm-python-4.11.2-15.1 rpm-python-debuginfo-4.11.2-15.1 rpm-python-debugsource-4.11.2-15.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): rpm-32bit-4.11.2-15.1 rpm-debuginfo-32bit-4.11.2-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rpm-32bit-4.11.2-15.1 rpm-4.11.2-15.1 rpm-build-4.11.2-15.1 rpm-build-debuginfo-4.11.2-15.1 rpm-debuginfo-32bit-4.11.2-15.1 rpm-debuginfo-4.11.2-15.1 rpm-debugsource-4.11.2-15.1 rpm-python-4.11.2-15.1 rpm-python-debuginfo-4.11.2-15.1 rpm-python-debugsource-4.11.2-15.1 References: https://bugzilla.suse.com/829717 https://bugzilla.suse.com/894610 https://bugzilla.suse.com/940315 https://bugzilla.suse.com/953532 https://bugzilla.suse.com/965322 https://bugzilla.suse.com/967728 From sle-updates at lists.suse.com Thu Aug 11 11:08:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 19:08:57 +0200 (CEST) Subject: SUSE-RU-2016:2047-1: Recommended update for patterns-sap Message-ID: <20160811170857.A060BFFE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2047-1 Rating: low References: #972098 Affected Products: SUSE Linux Enterprise Server for SAP 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - Fix typo in BusinessOne pattern name (bsc#972098) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1207=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): patterns-sap-b1-12-7.1 patterns-sap-hana-12-7.1 patterns-sap-nw-12-7.1 References: https://bugzilla.suse.com/972098 From sle-updates at lists.suse.com Thu Aug 11 11:09:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 19:09:19 +0200 (CEST) Subject: SUSE-RU-2016:2048-1: Recommended update for patterns-sap Message-ID: <20160811170919.D1097FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2048-1 Rating: low References: #972098 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - Fix typo in BusinessOne pattern name (bsc#972098) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1206=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): patterns-sap-b1-12.1-10.1 patterns-sap-hana-12.1-10.1 patterns-sap-nw-12.1-10.1 References: https://bugzilla.suse.com/972098 From sle-updates at lists.suse.com Thu Aug 11 15:15:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2016 23:15:13 +0200 (CEST) Subject: SUSE-SU-2016:2053-1: moderate: Security update for libvirt Message-ID: <20160811211513.65270FFAC@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2053-1 Rating: moderate References: #854343 #968483 #975729 #987527 #989755 Cross-References: CVE-2016-5008 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for libvirt fixes one security issue: - CVE-2016-5008: Empty VNC password disables authentication. (bsc#987527) Additionally, the update includes the following non-security fixes: - Improve waiting for block job readines in virsh. (bsc#989755) - Parse negative values in augeas lenses. (bsc#975729) - Restart daemons in %posttrans after connection drivers have been processed. (bsc#854343, bsc#968483) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1208=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1208=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1208=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1208=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libvirt-client-32bit-1.2.18.4-11.7 libvirt-client-debuginfo-32bit-1.2.18.4-11.7 libvirt-debugsource-1.2.18.4-11.7 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libvirt-debugsource-1.2.18.4-11.7 libvirt-devel-1.2.18.4-11.7 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libvirt-1.2.18.4-11.7 libvirt-client-1.2.18.4-11.7 libvirt-client-debuginfo-1.2.18.4-11.7 libvirt-daemon-1.2.18.4-11.7 libvirt-daemon-config-network-1.2.18.4-11.7 libvirt-daemon-config-nwfilter-1.2.18.4-11.7 libvirt-daemon-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-interface-1.2.18.4-11.7 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-lxc-1.2.18.4-11.7 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-network-1.2.18.4-11.7 libvirt-daemon-driver-network-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-nodedev-1.2.18.4-11.7 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-nwfilter-1.2.18.4-11.7 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-qemu-1.2.18.4-11.7 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-secret-1.2.18.4-11.7 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-storage-1.2.18.4-11.7 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-11.7 libvirt-daemon-lxc-1.2.18.4-11.7 libvirt-daemon-qemu-1.2.18.4-11.7 libvirt-debugsource-1.2.18.4-11.7 libvirt-doc-1.2.18.4-11.7 libvirt-lock-sanlock-1.2.18.4-11.7 libvirt-lock-sanlock-debuginfo-1.2.18.4-11.7 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-11.7 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-11.7 libvirt-daemon-xen-1.2.18.4-11.7 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libvirt-1.2.18.4-11.7 libvirt-client-1.2.18.4-11.7 libvirt-client-32bit-1.2.18.4-11.7 libvirt-client-debuginfo-1.2.18.4-11.7 libvirt-client-debuginfo-32bit-1.2.18.4-11.7 libvirt-daemon-1.2.18.4-11.7 libvirt-daemon-config-network-1.2.18.4-11.7 libvirt-daemon-config-nwfilter-1.2.18.4-11.7 libvirt-daemon-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-interface-1.2.18.4-11.7 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-libxl-1.2.18.4-11.7 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-lxc-1.2.18.4-11.7 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-network-1.2.18.4-11.7 libvirt-daemon-driver-network-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-nodedev-1.2.18.4-11.7 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-nwfilter-1.2.18.4-11.7 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-qemu-1.2.18.4-11.7 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-secret-1.2.18.4-11.7 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-11.7 libvirt-daemon-driver-storage-1.2.18.4-11.7 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-11.7 libvirt-daemon-lxc-1.2.18.4-11.7 libvirt-daemon-qemu-1.2.18.4-11.7 libvirt-daemon-xen-1.2.18.4-11.7 libvirt-debugsource-1.2.18.4-11.7 libvirt-doc-1.2.18.4-11.7 References: https://www.suse.com/security/cve/CVE-2016-5008.html https://bugzilla.suse.com/854343 https://bugzilla.suse.com/968483 https://bugzilla.suse.com/975729 https://bugzilla.suse.com/987527 https://bugzilla.suse.com/989755 From sle-updates at lists.suse.com Fri Aug 12 12:09:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 20:09:35 +0200 (CEST) Subject: SUSE-RU-2016:2059-1: Recommended update for btrfsmaintenance Message-ID: <20160812180935.C5F66FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsmaintenance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2059-1 Rating: low References: #986543 #988189 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides btrfsmaintenance 0.2, which brings fixes and enhancements: - Update documentation - Fix logger name typos for 'journal' target - Remove hardcoded paths to external utilities - Set TRIP frequency to "weekly" by default. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1209=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1209=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): btrfsmaintenance-0.2-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): btrfsmaintenance-0.2-5.1 References: https://bugzilla.suse.com/986543 https://bugzilla.suse.com/988189 From sle-updates at lists.suse.com Fri Aug 12 13:08:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 21:08:40 +0200 (CEST) Subject: SUSE-RU-2016:2060-1: Recommended update for smt Message-ID: <20160812190840.E90D7FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2060-1 Rating: low References: #943355 #983755 #985396 #986018 #989748 #990105 #990861 #991439 #991453 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update provides smt version 3.0.17, which brings the following fixes: - Prevent endless loop and cleanup repository entries if migration failed (bsc#990861) - Report error if a not available product should be registered (bsc#991453) - Increase column size for NAME, VER and REL in Packages table (bsc#991439) - Make dependency on perl-DBD-mysql hard (bsc#983755) - Fix typo in clientSetup4SMT.sh (bsc#989748) - Skip repositories reported with invalid data (bsc#990861) - Order by target product id downwards (bsc#986018) - Add a generic error handler to return json format (bsc#943355) - Do not return incomplete activations (bsc#985396) - Handle release stage of products (fate#319909) - Implement installer update repositories (fate#319716) - Add registration codes for SLE10/SLE11 products to forwarding call (bsc#990105) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1210=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.17-21.2 smt-3.0.17-21.2 smt-debuginfo-3.0.17-21.2 smt-debugsource-3.0.17-21.2 smt-support-3.0.17-21.2 References: https://bugzilla.suse.com/943355 https://bugzilla.suse.com/983755 https://bugzilla.suse.com/985396 https://bugzilla.suse.com/986018 https://bugzilla.suse.com/989748 https://bugzilla.suse.com/990105 https://bugzilla.suse.com/990861 https://bugzilla.suse.com/991439 https://bugzilla.suse.com/991453 From sle-updates at lists.suse.com Fri Aug 12 13:10:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 21:10:18 +0200 (CEST) Subject: SUSE-SU-2016:2061-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss Message-ID: <20160812191018.A3E5CFFE0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2061-1 Rating: important References: #983549 #983638 #983639 #983643 #983646 #983651 #983652 #983653 #983655 #984006 #985659 #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.3.0 ESR. mozilla-nss was updated to version 3.21.1, mozilla-nspr to version 4.12. These security issues were fixed in 45.3.0ESR: - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (MFSA 2016-62) - CVE-2016-2830: Favicon network connection can persist when page is closed (MFSA 2016-63) - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64) - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (MFSA 2016-65) - CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA 2016-67) - CVE-2016-5254: Use-after-free when using alt key and toplevel menus (MFSA 2016-70) - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72) - CVE-2016-5259: Use-after-free in service workers with nested sync events (MFSA 2016-73) - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76) - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77) - CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78) - CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79) - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80) - CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Security issues fixed in 45.2.0.ESR: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12690=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12690=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-45.3.0esr-48.1 MozillaFirefox-branding-SLED-45.0-20.38 MozillaFirefox-translations-45.3.0esr-48.1 firefox-fontconfig-2.11.0-4.2 libfreebl3-3.21.1-26.2 mozilla-nspr-4.12-25.2 mozilla-nspr-devel-4.12-25.2 mozilla-nss-3.21.1-26.2 mozilla-nss-devel-3.21.1-26.2 mozilla-nss-tools-3.21.1-26.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.21.1-26.2 mozilla-nspr-32bit-4.12-25.2 mozilla-nss-32bit-3.21.1-26.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-48.1 MozillaFirefox-debugsource-45.3.0esr-48.1 firefox-fontconfig-debuginfo-2.11.0-4.2 mozilla-nspr-debuginfo-4.12-25.2 mozilla-nspr-debugsource-4.12-25.2 mozilla-nss-debuginfo-3.21.1-26.2 mozilla-nss-debugsource-3.21.1-26.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): firefox-fontconfig-debugsource-2.11.0-4.2 mozilla-nspr-debuginfo-32bit-4.12-25.2 mozilla-nss-debuginfo-32bit-3.21.1-26.2 References: https://www.suse.com/security/cve/CVE-2016-2815.html https://www.suse.com/security/cve/CVE-2016-2818.html https://www.suse.com/security/cve/CVE-2016-2819.html https://www.suse.com/security/cve/CVE-2016-2821.html https://www.suse.com/security/cve/CVE-2016-2822.html https://www.suse.com/security/cve/CVE-2016-2824.html https://www.suse.com/security/cve/CVE-2016-2828.html https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2831.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/983549 https://bugzilla.suse.com/983638 https://bugzilla.suse.com/983639 https://bugzilla.suse.com/983643 https://bugzilla.suse.com/983646 https://bugzilla.suse.com/983651 https://bugzilla.suse.com/983652 https://bugzilla.suse.com/983653 https://bugzilla.suse.com/983655 https://bugzilla.suse.com/984006 https://bugzilla.suse.com/985659 https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 From sle-updates at lists.suse.com Fri Aug 12 13:12:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 21:12:53 +0200 (CEST) Subject: SUSE-RU-2016:2062-1: Recommended update for p11-kit Message-ID: <20160812191253.1A715FFE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for p11-kit ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2062-1 Rating: low References: #936598 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for p11-kit fixes a potential segmentation fault in expand_homedir(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1212=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1212=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1212=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): p11-kit-debuginfo-0.20.3-7.1 p11-kit-debugsource-0.20.3-7.1 p11-kit-devel-0.20.3-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libp11-kit0-0.20.3-7.1 libp11-kit0-debuginfo-0.20.3-7.1 p11-kit-0.20.3-7.1 p11-kit-debuginfo-0.20.3-7.1 p11-kit-debugsource-0.20.3-7.1 p11-kit-tools-0.20.3-7.1 p11-kit-tools-debuginfo-0.20.3-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libp11-kit0-32bit-0.20.3-7.1 libp11-kit0-debuginfo-32bit-0.20.3-7.1 p11-kit-32bit-0.20.3-7.1 p11-kit-debuginfo-32bit-0.20.3-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libp11-kit0-0.20.3-7.1 libp11-kit0-32bit-0.20.3-7.1 libp11-kit0-debuginfo-0.20.3-7.1 libp11-kit0-debuginfo-32bit-0.20.3-7.1 p11-kit-0.20.3-7.1 p11-kit-32bit-0.20.3-7.1 p11-kit-debuginfo-0.20.3-7.1 p11-kit-debuginfo-32bit-0.20.3-7.1 p11-kit-debugsource-0.20.3-7.1 p11-kit-tools-0.20.3-7.1 p11-kit-tools-debuginfo-0.20.3-7.1 References: https://bugzilla.suse.com/936598 From sle-updates at lists.suse.com Fri Aug 12 13:13:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 21:13:16 +0200 (CEST) Subject: SUSE-RU-2016:2063-1: moderate: Recommended update for grub2 Message-ID: <20160812191316.86076FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2063-1 Rating: moderate References: #960776 #962585 #963610 #976836 #977590 #980088 #990086 #990604 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix multi-device root= kernel argument (bsc#960776) - Add SUSE_REMOVE_LINUX_ROOT_PARAM configuration option to /etc/default/grub (bsc#962585) - Fix handling of --list argument in grub2-once (bsc#980088) - Skip comments in /etc/sysconfig/bootloader (bsc#963610) - Examine variables from grub environment in 'grub2-once' (fate#319632) - Extend config-file parsing in 'grub2-once' (fate#319632) - Add support for "t" hotkey to switch to text mode (bsc#976836) - Fix default entry boot (bsc#977590) - Fix PXE booting on ARM64 boards (bsc#990086) - Use CPU timer for timekeeping on aarch64 (bsc#990604) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1211=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1211=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): grub2-2.02~beta2-89.1 grub2-debuginfo-2.02~beta2-89.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-89.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-89.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): grub2-i386-pc-2.02~beta2-89.1 grub2-x86_64-efi-2.02~beta2-89.1 grub2-x86_64-xen-2.02~beta2-89.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): grub2-debugsource-2.02~beta2-89.1 grub2-s390x-emu-2.02~beta2-89.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-89.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): grub2-2.02~beta2-89.1 grub2-debuginfo-2.02~beta2-89.1 grub2-i386-pc-2.02~beta2-89.1 grub2-x86_64-efi-2.02~beta2-89.1 grub2-x86_64-xen-2.02~beta2-89.1 References: https://bugzilla.suse.com/960776 https://bugzilla.suse.com/962585 https://bugzilla.suse.com/963610 https://bugzilla.suse.com/976836 https://bugzilla.suse.com/977590 https://bugzilla.suse.com/980088 https://bugzilla.suse.com/990086 https://bugzilla.suse.com/990604 From sle-updates at lists.suse.com Fri Aug 12 14:09:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:09:16 +0200 (CEST) Subject: SUSE-RU-2016:2064-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20160812200916.4CB40FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2064-1 Rating: moderate References: #950184 #969834 #971559 #980354 #982562 #984418 #984622 #988378 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for SUSE Manager Proxy 3.0 fixes the following issues: jabberd: - Allow for up to 8k client connections. (bsc#950184). - Revert configuration files to %config(noreplace). (bsc#988378) spacewalk-backend: - Copy the subscription-matcher directory instead of the content. - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. spacewalk-certs-tools: - Correctly update the trust store on SLE 11. - Re-add lost dependency of spacewalk-base-minimal-config to spacewalk-certs-tools. (bsc#984418) - Fix mgr-ssh-push-init with proxy and sudo. (bsc#982562) spacewalk-client-tools: - Fix syntax error preventing reading of HW data correctly. (bsc#984622) - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. spacewalk-web: - Recompute window dimensions when content changes. (bsc#971559) - Fix aside column height computation. (bsc#969834) susemanager-sls: - Update trust store when multiple certificates in one file are available on SLE11. - Update CA certificates only when they have changed. - Assume no pillar data if the yml file for the minion does not exist. (bsc#980354) - Add distributable pkgset beacon for RPM database notifications. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1217=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (x86_64): jabberd-2.3.2-3.1 jabberd-db-2.3.2-3.1 jabberd-db-debuginfo-2.3.2-3.1 jabberd-debuginfo-2.3.2-3.1 jabberd-debugsource-2.3.2-3.1 - SUSE Manager Proxy 3.0 (noarch): spacewalk-backend-2.5.24.5-8.1 spacewalk-backend-libs-2.5.24.5-8.1 spacewalk-base-minimal-2.5.7.9-6.1 spacewalk-base-minimal-config-2.5.7.9-6.1 spacewalk-certs-tools-2.5.1.3-3.1 spacewalk-check-2.5.13.5-8.1 spacewalk-client-setup-2.5.13.5-8.1 spacewalk-client-tools-2.5.13.5-8.1 susemanager-sls-0.1.14-6.1 References: https://bugzilla.suse.com/950184 https://bugzilla.suse.com/969834 https://bugzilla.suse.com/971559 https://bugzilla.suse.com/980354 https://bugzilla.suse.com/982562 https://bugzilla.suse.com/984418 https://bugzilla.suse.com/984622 https://bugzilla.suse.com/988378 From sle-updates at lists.suse.com Fri Aug 12 14:10:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:10:51 +0200 (CEST) Subject: SUSE-RU-2016:2065-1: Recommended update for sax2 Message-ID: <20160812201051.30CFFFFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sax2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2065-1 Rating: low References: #952013 #961731 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sax2 fixes the following issues: - Use 'intel' instead of 'vesa' driver for special vendor/device combination of i845 GPU used by IBM. (bsc#961731) - Check if the requested driver is installed on the system. (bsc#952013) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-sax2-12692=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-sax2-12692=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sax2-12692=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): sax2-tools-8.1-561.589.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): sax2-8.1-561.589.1 sax2-gui-8.1-561.589.1 sax2-ident-8.1-561.589.1 sax2-libsax-8.1-561.589.1 sax2-libsax-perl-8.1-561.589.1 sax2-libsax-python-8.1-561.589.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): sax2-8.1-561.589.1 sax2-gui-8.1-561.589.1 sax2-ident-8.1-561.589.1 sax2-libsax-8.1-561.589.1 sax2-libsax-perl-8.1-561.589.1 sax2-libsax-python-8.1-561.589.1 sax2-tools-8.1-561.589.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): sax2-debuginfo-8.1-561.589.1 sax2-debugsource-8.1-561.589.1 References: https://bugzilla.suse.com/952013 https://bugzilla.suse.com/961731 From sle-updates at lists.suse.com Fri Aug 12 14:11:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:11:25 +0200 (CEST) Subject: SUSE-RU-2016:2066-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20160812201125.74B67FFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2066-1 Rating: moderate References: #970669 #972311 #978150 #979448 #983017 #983512 #984622 #984998 #985661 #988506 #989193 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Convert bootoption "text" into "textmode=1" for SUSE systems. (bsc#984998) salt: - lvm.vg_present does not recognize PV with certain LVM filter settings (bsc#988506) - pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty. (bsc#989193) - Fixed behavior for SUSE OS grains. (bsc#970669) - Salt os_family does not detect SLES for SAP. (bsc#983017) - Move log message from INFO to DEBUG. (bsc#985661) - Fix salt --summary to count not responding minions correctly. (bsc#972311) - Fix memory leak on custom execution module scheduled jobs. (bsc#983512) - Fix groupadd module for sles11 systems. (bsc#978150) - Fix pkgrepo.managed gpgkey argument doesn't work. (bsc#979448) - Package checksum validation for zypper pkg.download. - Check if a job has executed and returned successfully. spacewalk-backend: - Copy the subscription-matcher directory instead of the content. - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. - Modify test setup for oracle DB. spacewalk-client-tools: - Fix syntax error prevent reading HW data correctly. (bsc#984622) - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1216=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): salt-2015.8.7-14.1 salt-doc-2015.8.7-14.1 salt-minion-2015.8.7-14.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-36.1 spacewalk-backend-libs-2.5.24.5-37.1 spacewalk-check-2.5.13.5-39.1 spacewalk-client-setup-2.5.13.5-39.1 spacewalk-client-tools-2.5.13.5-39.1 References: https://bugzilla.suse.com/970669 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/984622 https://bugzilla.suse.com/984998 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 From sle-updates at lists.suse.com Fri Aug 12 14:13:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:13:28 +0200 (CEST) Subject: SUSE-RU-2016:2067-1: moderate: Recommended update for SUSE Manager Server Message-ID: <20160812201328.73EAAFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2067-1 Rating: moderate References: #984998 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues with cobbler: - Convert bootoption "text" into "textmode=1" for SUSE systems. (bsc#984998) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1216=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-36.1 References: https://bugzilla.suse.com/984998 From sle-updates at lists.suse.com Fri Aug 12 14:13:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:13:51 +0200 (CEST) Subject: SUSE-RU-2016:2068-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20160812201351.C7FFEFFE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2068-1 Rating: moderate References: #970669 #972311 #978150 #979448 #983017 #983512 #984622 #985661 #988506 #989193 #989798 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools fixes the following issues: salt: - Fix broken inspector. (bsc#989798) - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506) - pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty. (bsc#989193) - Fix behavior for SUSE OS grains. (bsc#970669) - Salt os_family does not detect SLES for SAP. (bsc#983017) - Move log message from INFO to DEBUG. (bsc#985661) - Fix salt --summary to count not responding minions correctly. (bsc#972311) - Fix memory leak on custom execution module scheduled jobs. (bsc#983512) - Fix groupadd module for SLES 11 systems. (bsc#978150) - Fix pkgrepo.managed gpgkey argument. (bsc#979448) spacewalk-backend: - Copy the subscription-matcher directory instead of the content. - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. spacewalk-client-tools: - Fix syntax error preventing reading of HW data correctly. (bsc#984622) - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201607-12691=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201607-12691=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-tornado-4.2.1-5.1 salt-2015.8.7-14.1 salt-doc-2015.8.7-14.1 salt-minion-2015.8.7-14.1 spacewalk-backend-libs-2.5.24.5-10.4 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.5-14.1 spacewalk-client-setup-2.5.13.5-14.1 spacewalk-client-tools-2.5.13.5-14.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-tornado-4.2.1-5.1 salt-2015.8.7-14.1 salt-doc-2015.8.7-14.1 salt-minion-2015.8.7-14.1 spacewalk-backend-libs-2.5.24.5-10.4 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.5-14.1 spacewalk-client-setup-2.5.13.5-14.1 spacewalk-client-tools-2.5.13.5-14.1 References: https://bugzilla.suse.com/970669 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/984622 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 From sle-updates at lists.suse.com Fri Aug 12 14:15:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:15:47 +0200 (CEST) Subject: SUSE-RU-2016:2069-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20160812201547.26C2EFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2069-1 Rating: moderate References: #934560 #940927 #950184 #962588 #967803 #969834 #970669 #971559 #971622 #972156 #972311 #975534 #976184 #977804 #977888 #978150 #979288 #979448 #979745 #980354 #980482 #981378 #982373 #982562 #983017 #983295 #983297 #983344 #983512 #983826 #983916 #984418 #984622 #985661 #985707 #986955 #987550 #987614 #987795 #987870 #988378 #988573 #989193 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 43 recommended fixes can now be installed. Description: This update for SUSE Manager Server 3.0 includes the following new features: - Enable Oracle database support. (fate#320213) This update fixes the following issues: jabberd: - Allow for up to 8k client connections. (bsc#950184) - Revert configuration files to %config(noreplace). (bsc#988378) quartz: - Adjust ojdbc requirements needed to enable support for the Oracle database. salt: - pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty. (bsc#989193) - Rewrite Minion ID generation. (bsc#967803) - Fix behavior for SUSE OS grains. (bsc#970669) - Salt os_family does not detect SLES for SAP. (bsc#983017) - Move log message from INFO to DEBUG. (bsc#985661) - Fix salt --summary to count not responding minions correctly. (bsc#972311) - Fix memory leak on custom execution module scheduled jobs. (bsc#983512) - Fix groupadd module for SLES 11 systems. (bsc#978150) - Fix pkgrepo.managed gpgkey argument. (bsc#979448) smdba: - Use backup directory temporary space on restore. (bsc#986955) - Prevent access uninitialized variable. - Return values from the backup locator. - Do not proceed if backups weren't enabled. - With PostgreSQL, compute space-overview with the size(available and used) of the partition disk. - Compute the DB usage percentage on the amount of the partition instead of the remaining space. (bsc#977888) spacewalk: - Require only oracle-lib-compat. (fate#320213) spacewalk-backend: - Copy the subscription-matcher directory instead of the content. - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. spacewalk-branding: - Hide scrollbar when it's not needed. - Integrate bootstrapping UI with System Overview. - Fix warning string. (bsc#983826) - Fix message about debuginfo packages. (bsc#972156) spacewalk-certs-tools: - Correctly update the trust store on SLE 11. - Re-add lost dependency of spacewalk-base-minimal-config to spacewalk-certs-tools. (bsc#984418) - Fix mgr-ssh-push-init with proxy and sudo. (bsc#982562) spacewalk-client-tools: - Fix syntax error preventing reading of HW data correctly. (bsc#984622) - Machine_info capability and check for client tool compatibility with SUSE Manager 2.1. spacewalk-java: - Integrate bootstrapping with System Overview. - Support SP Migration for OES 2015 to 2015 SP1. - Fix for minion with multiple interfaces. (bsc#985707) - Fix HW Refresh duplicate insert. (bsc#971622) - No addon entitlements allowed for Foreign and Bootstrap systems. (bsc#983826) - Disable checkboxes for foreign and bootstrap systems in system types page. (bsc#983826) - Tell linuxrc that self_update is an user option so that it'll pass it to AutoYaST but won't process it further. - Disable YaST self update for new auto-installation trees for SLE. - Remove misleading links from action chain page. (bsc#983297) - Support OES 2015. (bsc#934560) - Align reboot behavior of salt and traditional clients. (bsc#975534) - Report the state of virtual guests from virtual host manager as 'unknown'. (bsc#983344) - Add taskomatic job to clean up minion actions. - Replace ZypperEvent with default beacon event. - Enable minions to be worked with SSM only on available features. - Use the IP address when doing ssh push via proxy. (bsc#940927) - Don't allow URLs that only differ on the authorization token. (bsc#976184) - Fix typo in Systems column. (bsc#983916) - Salt HW reg: Ignore virtual SCSI devices. (bsc#962588) spacewalk-search: - Round CPU MHz number correctly to a long value. (bsc#979745) spacewalk-setup: - Change path to Oracle LD configuration file. spacewalk-web: - Recompute window dimensions when content changes. (bsc#971559) - Fix aside column height computation. (bsc#969834) susemanager: - Allow migration from external Oracle DB to local PostgreSQL DB. (bsc#987795) - Make sure migration with external database works for DB names other than susemanager. (bsc#987870) - Create nCoW subvolume for /var/cache/rhn on btrfs. (bsc#987614) - Use performance optimized database configuration also for migration from Oracle to PostgreSQL. (bsc#987550) - Check for uppercase characters in hostname. (bsc#980482) - Add support for migrating SUMA 2.1 to SUMA 3 with external Oracle DB. - Forbid more special characters for database and certificate passwords. (bsc#983295) - Do not create swapfile when root file system is on btrfs. (bsc#977804) susemanager-docs_en: - Fix link from Best Practices to Advanced Topics (proxy configuration). (bsc#988573) - Advanced Topics Guide: Improve proxy documentation. (bsc#982373) - Fix Proxy port number. (bsc#981378) susemanager-schema: - Add missing power_management feature for bootstrap_entitlement systems. - Fix HW Refresh duplicate insert. (bsc#971622) - Add taskomatic job to clean up minion actions. - Provide separate migration scripts for Oracle. - Remove duplicates from rhnChannelContentSource. (bsc#976184) susemanager-sls: - Update trust store when multiple certificates in one file are available on SLE11. - Update CA certificates only when they have changed. - Assume no pillar data if the yml file for the minion does not exist. (bsc#980354) - Add distributable pkgset beacon for RPM database notifications. susemanager-sync-data: - Support SLES 12 LTSS. (bsc#979288) - Support SP Migration for OES 2015 to 2015 SP1. - Add requires to spacewalk-java-lib with OES support. - Add support for OES 2015 and OES 2015 SP1. (bsc#934560) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1217=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): cx_Oracle-5.2.1-0.2.1 cx_Oracle-debuginfo-5.2.1-0.2.1 cx_Oracle-debugsource-5.2.1-0.2.1 jabberd-2.3.2-3.1 jabberd-db-2.3.2-3.1 jabberd-db-debuginfo-2.3.2-3.1 jabberd-debuginfo-2.3.2-3.1 jabberd-debugsource-2.3.2-3.1 oracle-lib-compat-12.1.0.2.1-2.1 perl-DBD-Oracle-1.74-0.2.1 perl-DBD-Oracle-debuginfo-1.74-0.2.1 smdba-1.5.4-0.3.1 spacewalk-branding-2.5.2.10-6.1 susemanager-3.0.16-6.1 susemanager-frontend-libs-2.1.5-4.1 susemanager-tools-3.0.16-6.1 - SUSE Manager Server 3.0 (noarch): quartz-1.8.4-0.14.1 quartz-oracle-1.8.4-0.14.1 salt-netapi-client-0.8.0-3.1 spacewalk-backend-2.5.24.5-8.1 spacewalk-backend-app-2.5.24.5-8.1 spacewalk-backend-applet-2.5.24.5-8.1 spacewalk-backend-config-files-2.5.24.5-8.1 spacewalk-backend-config-files-common-2.5.24.5-8.1 spacewalk-backend-config-files-tool-2.5.24.5-8.1 spacewalk-backend-iss-2.5.24.5-8.1 spacewalk-backend-iss-export-2.5.24.5-8.1 spacewalk-backend-libs-2.5.24.5-8.1 spacewalk-backend-package-push-server-2.5.24.5-8.1 spacewalk-backend-server-2.5.24.5-8.1 spacewalk-backend-sql-2.5.24.5-8.1 spacewalk-backend-sql-oracle-2.5.24.5-8.1 spacewalk-backend-sql-postgresql-2.5.24.5-8.1 spacewalk-backend-tools-2.5.24.5-8.1 spacewalk-backend-xml-export-libs-2.5.24.5-8.1 spacewalk-backend-xmlrpc-2.5.24.5-8.1 spacewalk-base-2.5.7.9-6.1 spacewalk-base-minimal-2.5.7.9-6.1 spacewalk-base-minimal-config-2.5.7.9-6.1 spacewalk-certs-tools-2.5.1.3-3.1 spacewalk-client-tools-2.5.13.5-8.1 spacewalk-common-2.5.0.5-3.1 spacewalk-html-2.5.7.9-6.1 spacewalk-java-2.5.59.8-6.3 spacewalk-java-config-2.5.59.8-6.3 spacewalk-java-lib-2.5.59.8-6.3 spacewalk-java-oracle-2.5.59.8-6.3 spacewalk-java-postgresql-2.5.59.8-6.3 spacewalk-oracle-2.5.0.5-3.1 spacewalk-postgresql-2.5.0.5-3.1 spacewalk-search-2.5.2.2-3.1 spacewalk-setup-2.5.3.8-3.1 spacewalk-taskomatic-2.5.59.8-6.3 susemanager-advanced-topics_en-pdf-3-12.1 susemanager-best-practices_en-pdf-3-12.1 susemanager-docs_en-3-12.1 susemanager-getting-started_en-pdf-3-12.1 susemanager-jsp_en-3-12.1 susemanager-reference_en-pdf-3-12.1 susemanager-schema-3.0.14-6.1 susemanager-sls-0.1.14-6.1 susemanager-sync-data-3.0.10-6.1 References: https://bugzilla.suse.com/934560 https://bugzilla.suse.com/940927 https://bugzilla.suse.com/950184 https://bugzilla.suse.com/962588 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969834 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971559 https://bugzilla.suse.com/971622 https://bugzilla.suse.com/972156 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/975534 https://bugzilla.suse.com/976184 https://bugzilla.suse.com/977804 https://bugzilla.suse.com/977888 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/979288 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979745 https://bugzilla.suse.com/980354 https://bugzilla.suse.com/980482 https://bugzilla.suse.com/981378 https://bugzilla.suse.com/982373 https://bugzilla.suse.com/982562 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983295 https://bugzilla.suse.com/983297 https://bugzilla.suse.com/983344 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/983826 https://bugzilla.suse.com/983916 https://bugzilla.suse.com/984418 https://bugzilla.suse.com/984622 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/985707 https://bugzilla.suse.com/986955 https://bugzilla.suse.com/987550 https://bugzilla.suse.com/987614 https://bugzilla.suse.com/987795 https://bugzilla.suse.com/987870 https://bugzilla.suse.com/988378 https://bugzilla.suse.com/988573 https://bugzilla.suse.com/989193 From sle-updates at lists.suse.com Fri Aug 12 14:23:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2016 22:23:17 +0200 (CEST) Subject: SUSE-RU-2016:2070-1: moderate: Recommended update for salt Message-ID: <20160812202317.0292CFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2070-1 Rating: moderate References: #970669 #972311 #978150 #979448 #983017 #983512 #985661 #988506 #989193 #989798 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix broken inspector. (bsc#989798) - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506) - pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty. (bsc#989193) - Fixed behavior for SUSE OS grains. (bsc#970669) - Salt os_family does not detect SLES for SAP. (bsc#983017) - Move log message from INFO to DEBUG. (bsc#985661) - Fix salt --summary to count not responding minions correctly. (bsc#972311) - Fix memory leak on custom execution module scheduled jobs. (bsc#983512) - Fix groupadd module for sles11 systems. (bsc#978150) - Fix pkgrepo.managed gpgkey argument doesn't work. (bsc#979448) - Package checksum validation for zypper pkg.download. - Check if a job has executed and returned successfully. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1214=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1214=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1214=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.7-17.1 salt-zsh-completion-2015.8.7-17.1 - SUSE Manager Server 3.0 (x86_64): salt-2015.8.7-17.1 salt-api-2015.8.7-17.1 salt-doc-2015.8.7-17.1 salt-master-2015.8.7-17.1 salt-minion-2015.8.7-17.1 salt-proxy-2015.8.7-17.1 salt-ssh-2015.8.7-17.1 salt-syndic-2015.8.7-17.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.7-17.1 salt-zsh-completion-2015.8.7-17.1 - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.7-17.1 salt-api-2015.8.7-17.1 salt-doc-2015.8.7-17.1 salt-master-2015.8.7-17.1 salt-minion-2015.8.7-17.1 salt-proxy-2015.8.7-17.1 salt-ssh-2015.8.7-17.1 salt-syndic-2015.8.7-17.1 - SUSE Enterprise Storage 3 (x86_64): salt-2015.8.7-17.1 salt-master-2015.8.7-17.1 salt-minion-2015.8.7-17.1 References: https://bugzilla.suse.com/970669 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 From sle-updates at lists.suse.com Mon Aug 15 08:08:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2016 16:08:51 +0200 (CEST) Subject: SUSE-SU-2016:2074-1: important: Security update for the Linux Kernel Message-ID: <20160815140851.193E8FFAC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2074-1 Rating: important References: #816446 #861093 #928130 #935757 #939826 #942367 #945825 #946117 #946309 #948562 #949744 #949936 #951440 #952384 #953527 #954404 #955354 #955654 #956708 #956709 #958463 #958886 #958951 #959190 #959399 #961500 #961509 #961512 #963765 #963767 #964201 #966437 #966460 #966662 #966693 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968670 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #972510 #973570 #975945 #977847 #978822 Cross-References: CVE-2013-2015 CVE-2013-7446 CVE-2015-0272 CVE-2015-3339 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4486 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 48 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The following non-security bugs were fixed: - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - Fix lpfc_send_rscn_event allocation size claims bnc#935757 - Fix ntpd clock synchronization in Xen PV domains (bnc#816446). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - SCSI: bfa: Fix to handle firmware tskim abort request response (bsc#972510). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bsc#977847). - nf_conntrack: fix bsc#758540 kabi fix (bsc#946117). - privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). - s390/cio: collect format 1 channel-path description data (bsc#966460, bsc#966662). - s390/cio: ensure consistent measurement state (bsc#966460, bsc#966662). - s390/cio: fix measurement characteristics memleak (bsc#966460, bsc#966662). - s390/cio: update measurement characteristics (bsc#966460, bsc#966662). - xfs: Fix lost direct IO write in the last block (bsc#949744). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-source-12693=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-source-12693=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.40.1 kernel-default-base-3.0.101-0.7.40.1 kernel-default-devel-3.0.101-0.7.40.1 kernel-source-3.0.101-0.7.40.1 kernel-syms-3.0.101-0.7.40.1 kernel-trace-3.0.101-0.7.40.1 kernel-trace-base-3.0.101-0.7.40.1 kernel-trace-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.40.1 kernel-ec2-base-3.0.101-0.7.40.1 kernel-ec2-devel-3.0.101-0.7.40.1 kernel-xen-3.0.101-0.7.40.1 kernel-xen-base-3.0.101-0.7.40.1 kernel-xen-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.40.1 kernel-pae-base-3.0.101-0.7.40.1 kernel-pae-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.40.1 kernel-default-debugsource-3.0.101-0.7.40.1 kernel-default-devel-debuginfo-3.0.101-0.7.40.1 kernel-trace-debuginfo-3.0.101-0.7.40.1 kernel-trace-debugsource-3.0.101-0.7.40.1 kernel-trace-devel-debuginfo-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.40.1 kernel-ec2-debugsource-3.0.101-0.7.40.1 kernel-xen-debuginfo-3.0.101-0.7.40.1 kernel-xen-debugsource-3.0.101-0.7.40.1 kernel-xen-devel-debuginfo-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.40.1 kernel-pae-debugsource-3.0.101-0.7.40.1 kernel-pae-devel-debuginfo-3.0.101-0.7.40.1 References: https://www.suse.com/security/cve/CVE-2013-2015.html https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7515.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4486.html https://bugzilla.suse.com/816446 https://bugzilla.suse.com/861093 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/946117 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/948562 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956709 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/964201 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966460 https://bugzilla.suse.com/966662 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/972510 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/977847 https://bugzilla.suse.com/978822 From sle-updates at lists.suse.com Mon Aug 15 09:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2016 17:08:58 +0200 (CEST) Subject: SUSE-SU-2016:2075-1: moderate: Security update for ImageMagick Message-ID: <20160815150858.E6CAFFFE2@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2075-1 Rating: moderate References: #991445 #991872 Cross-References: CVE-2016-6491 CVE-2016-6520 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12694=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12694=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12694=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.48.1 ImageMagick-devel-6.4.3.6-7.48.1 libMagick++-devel-6.4.3.6-7.48.1 libMagick++1-6.4.3.6-7.48.1 libMagickWand1-6.4.3.6-7.48.1 perl-PerlMagick-6.4.3.6-7.48.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.48.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.48.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.48.1 ImageMagick-debugsource-6.4.3.6-7.48.1 References: https://www.suse.com/security/cve/CVE-2016-6491.html https://www.suse.com/security/cve/CVE-2016-6520.html https://bugzilla.suse.com/991445 https://bugzilla.suse.com/991872 From sle-updates at lists.suse.com Mon Aug 15 09:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2016 17:09:33 +0200 (CEST) Subject: SUSE-SU-2016:2076-1: moderate: Security update for ImageMagick Message-ID: <20160815150933.76EB7FFE0@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2076-1 Rating: moderate References: #991444 #991445 #991872 Cross-References: CVE-2016-5010 CVE-2016-6491 CVE-2016-6520 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-5010: Out-of-bounds read in CopyMagickMemory [bsc#991444] * CVE-2016-6491: Out-of-bounds read when processing crafted tiff files [bsc#991445] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1222=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1222=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1222=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1222=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-33.1 ImageMagick-debuginfo-6.8.8.1-33.1 ImageMagick-debugsource-6.8.8.1-33.1 libMagick++-6_Q16-3-6.8.8.1-33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-33.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-33.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-33.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-33.1 ImageMagick-debuginfo-6.8.8.1-33.1 ImageMagick-debugsource-6.8.8.1-33.1 ImageMagick-devel-6.8.8.1-33.1 libMagick++-6_Q16-3-6.8.8.1-33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-33.1 libMagick++-devel-6.8.8.1-33.1 perl-PerlMagick-6.8.8.1-33.1 perl-PerlMagick-debuginfo-6.8.8.1-33.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-33.1 ImageMagick-debugsource-6.8.8.1-33.1 libMagickCore-6_Q16-1-6.8.8.1-33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-33.1 libMagickWand-6_Q16-1-6.8.8.1-33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-33.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-33.1 ImageMagick-debuginfo-6.8.8.1-33.1 ImageMagick-debugsource-6.8.8.1-33.1 libMagick++-6_Q16-3-6.8.8.1-33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-33.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-33.1 libMagickCore-6_Q16-1-6.8.8.1-33.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-33.1 libMagickWand-6_Q16-1-6.8.8.1-33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-33.1 References: https://www.suse.com/security/cve/CVE-2016-5010.html https://www.suse.com/security/cve/CVE-2016-6491.html https://www.suse.com/security/cve/CVE-2016-6520.html https://bugzilla.suse.com/991444 https://bugzilla.suse.com/991445 https://bugzilla.suse.com/991872 From sle-updates at lists.suse.com Mon Aug 15 13:08:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2016 21:08:27 +0200 (CEST) Subject: SUSE-RU-2016:2077-1: Recommended update for salt-ceph and python-ceph-cfg Message-ID: <20160815190827.21525FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt-ceph and python-ceph-cfg ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2077-1 Rating: low References: #982290 #982536 #982548 #983254 #983474 #983654 #987582 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for salt-ceph and python-ceph-cfg fixes the following issues: salt-ceph - Change execution module namespace to ceph_cfg from ceph. (bsc#983654) python-ceph-cfg - Fix permissions on mds and rgw service keys. (bsc#982290) - Enable mon daemons on boot. (bsc#983254) - Add ceph config file parser with tests. (bsc#983474) - Add missing run time dependencies on parted, gptfdisk and util-linux. (bsc#982536) - Fix purge function. (bsc#987582) - Fix handling of floppy disks on target clusters. (bsc#982536) - Added new discover fields for disks and partitions. (bsc#982548) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1225=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): python-ceph-cfg-0.1.7+git.1468408973.22daca0-3.1 salt-ceph-0.1.2+git.1469001759.209bba4-3.1 References: https://bugzilla.suse.com/982290 https://bugzilla.suse.com/982536 https://bugzilla.suse.com/982548 https://bugzilla.suse.com/983254 https://bugzilla.suse.com/983474 https://bugzilla.suse.com/983654 https://bugzilla.suse.com/987582 From sle-updates at lists.suse.com Mon Aug 15 14:08:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2016 22:08:28 +0200 (CEST) Subject: SUSE-RU-2016:2078-1: Recommended update for python-stevedore, python-pbr Message-ID: <20160815200828.86D10FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-stevedore, python-pbr ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2078-1 Rating: low References: #979493 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-stevedore 1.8.0, which brings the following fixes and enhancements: - Titlecase looks nicer sometimes in detailed mode. - Document the signature for check_func. - Switch badges from 'pypip.in' to 'shields.io'. - Remove unnecessary openstack-common.conf. - Removed non-free color profile from .jpg. - Add sphinx integration. - Re-raise exception with full traceback. - Uncap library requirements for liberty. - Workflow documentation is now in infra-manual. - Implement a __contains__ override for extension manager. The newer version of python-stevedore requires python-pbr 1.8.0, also provided by this update. For a comprehensive list of changes, please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-1226=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1226=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-pbr-1.8.0-2.3.1 python-stevedore-1.8.0-15.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-pbr-1.8.0-2.3.1 python-stevedore-1.8.0-15.1 References: https://bugzilla.suse.com/979493 From sle-updates at lists.suse.com Tue Aug 16 05:09:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2016 13:09:04 +0200 (CEST) Subject: SUSE-SU-2016:2079-1: moderate: Security update for libidn Message-ID: <20160816110904.F1550FFAC@maintenance.suse.de> SUSE Security Update: Security update for libidn ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2079-1 Rating: moderate References: #923241 #990189 #990190 #990191 Cross-References: CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1228=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1228=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1228=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libidn-debugsource-1.28-4.1 libidn-devel-1.28-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libidn-debugsource-1.28-4.1 libidn-tools-1.28-4.1 libidn-tools-debuginfo-1.28-4.1 libidn11-1.28-4.1 libidn11-debuginfo-1.28-4.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libidn11-32bit-1.28-4.1 libidn11-debuginfo-32bit-1.28-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libidn-debugsource-1.28-4.1 libidn11-1.28-4.1 libidn11-32bit-1.28-4.1 libidn11-debuginfo-1.28-4.1 libidn11-debuginfo-32bit-1.28-4.1 References: https://www.suse.com/security/cve/CVE-2015-2059.html https://www.suse.com/security/cve/CVE-2015-8948.html https://www.suse.com/security/cve/CVE-2016-6261.html https://www.suse.com/security/cve/CVE-2016-6262.html https://www.suse.com/security/cve/CVE-2016-6263.html https://bugzilla.suse.com/923241 https://bugzilla.suse.com/990189 https://bugzilla.suse.com/990190 https://bugzilla.suse.com/990191 From sle-updates at lists.suse.com Tue Aug 16 05:09:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2016 13:09:59 +0200 (CEST) Subject: SUSE-SU-2016:2080-1: important: Security update for php5 Message-ID: <20160816110959.22AA1FFE0@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2080-1 Rating: important References: #986004 #986244 #986386 #986388 #986393 #991426 #991427 #991428 #991429 #991430 #991433 #991437 Cross-References: CVE-2015-8935 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: php5 was updated to fix the following security issues: - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php5-12696=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-php5-12696=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.89.1 php5-5.2.14-0.7.30.89.1 php5-bcmath-5.2.14-0.7.30.89.1 php5-bz2-5.2.14-0.7.30.89.1 php5-calendar-5.2.14-0.7.30.89.1 php5-ctype-5.2.14-0.7.30.89.1 php5-curl-5.2.14-0.7.30.89.1 php5-dba-5.2.14-0.7.30.89.1 php5-dbase-5.2.14-0.7.30.89.1 php5-dom-5.2.14-0.7.30.89.1 php5-exif-5.2.14-0.7.30.89.1 php5-fastcgi-5.2.14-0.7.30.89.1 php5-ftp-5.2.14-0.7.30.89.1 php5-gd-5.2.14-0.7.30.89.1 php5-gettext-5.2.14-0.7.30.89.1 php5-gmp-5.2.14-0.7.30.89.1 php5-hash-5.2.14-0.7.30.89.1 php5-iconv-5.2.14-0.7.30.89.1 php5-json-5.2.14-0.7.30.89.1 php5-ldap-5.2.14-0.7.30.89.1 php5-mbstring-5.2.14-0.7.30.89.1 php5-mcrypt-5.2.14-0.7.30.89.1 php5-mysql-5.2.14-0.7.30.89.1 php5-odbc-5.2.14-0.7.30.89.1 php5-openssl-5.2.14-0.7.30.89.1 php5-pcntl-5.2.14-0.7.30.89.1 php5-pdo-5.2.14-0.7.30.89.1 php5-pear-5.2.14-0.7.30.89.1 php5-pgsql-5.2.14-0.7.30.89.1 php5-pspell-5.2.14-0.7.30.89.1 php5-shmop-5.2.14-0.7.30.89.1 php5-snmp-5.2.14-0.7.30.89.1 php5-soap-5.2.14-0.7.30.89.1 php5-suhosin-5.2.14-0.7.30.89.1 php5-sysvmsg-5.2.14-0.7.30.89.1 php5-sysvsem-5.2.14-0.7.30.89.1 php5-sysvshm-5.2.14-0.7.30.89.1 php5-tokenizer-5.2.14-0.7.30.89.1 php5-wddx-5.2.14-0.7.30.89.1 php5-xmlreader-5.2.14-0.7.30.89.1 php5-xmlrpc-5.2.14-0.7.30.89.1 php5-xmlwriter-5.2.14-0.7.30.89.1 php5-xsl-5.2.14-0.7.30.89.1 php5-zip-5.2.14-0.7.30.89.1 php5-zlib-5.2.14-0.7.30.89.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): php5-debuginfo-5.2.14-0.7.30.89.1 php5-debugsource-5.2.14-0.7.30.89.1 References: https://www.suse.com/security/cve/CVE-2015-8935.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2016-5767.html https://www.suse.com/security/cve/CVE-2016-5769.html https://www.suse.com/security/cve/CVE-2016-5772.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://bugzilla.suse.com/986004 https://bugzilla.suse.com/986244 https://bugzilla.suse.com/986386 https://bugzilla.suse.com/986388 https://bugzilla.suse.com/986393 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991437 From sle-updates at lists.suse.com Tue Aug 16 08:08:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2016 16:08:43 +0200 (CEST) Subject: SUSE-RU-2016:2086-1: moderate: Recommended update for crmsh Message-ID: <20160816140843.1022BFFE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2086-1 Rating: moderate References: #978480 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issue: - utils: Avoid deadlock if DC changes during idle wait (bsc#978480) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-crmsh-12700=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): crmsh-2.1.2+git132.gbc9fde0-13.1 References: https://bugzilla.suse.com/978480 From sle-updates at lists.suse.com Tue Aug 16 08:09:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2016 16:09:06 +0200 (CEST) Subject: SUSE-RU-2016:2087-1: Recommended update for calamari-server Message-ID: <20160816140906.AE9CEFFE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for calamari-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2087-1 Rating: low References: #981871 #989181 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for calamari-server fixes the following issues: - Mark salt SLS files as %config(noreplace), so as to not have calamari overwrite potentially existing top.sls files on install (bsc#989181) - calamari: Ignore ENOENT in calamari-crush-location (bsc#981871) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1232=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): calamari-server-1.3+git.1465907180.26eea7d-4.1 References: https://bugzilla.suse.com/981871 https://bugzilla.suse.com/989181 From sle-updates at lists.suse.com Tue Aug 16 10:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2016 18:08:53 +0200 (CEST) Subject: SUSE-SU-2016:2089-1: important: Security update for squid3 Message-ID: <20160816160853.28098FFE1@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2089-1 Rating: important References: #895773 #902197 #938715 #963539 #967011 #968392 #968393 #968394 #968395 #973782 #973783 #976553 #976556 #976708 #979008 #979009 #979010 #979011 #993299 Cross-References: CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12701=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12701=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): squid3-debuginfo-3.1.23-8.16.30.1 References: https://www.suse.com/security/cve/CVE-2011-3205.html https://www.suse.com/security/cve/CVE-2011-4096.html https://www.suse.com/security/cve/CVE-2012-5643.html https://www.suse.com/security/cve/CVE-2013-0188.html https://www.suse.com/security/cve/CVE-2013-4115.html https://www.suse.com/security/cve/CVE-2014-0128.html https://www.suse.com/security/cve/CVE-2014-6270.html https://www.suse.com/security/cve/CVE-2014-7141.html https://www.suse.com/security/cve/CVE-2014-7142.html https://www.suse.com/security/cve/CVE-2015-5400.html https://www.suse.com/security/cve/CVE-2016-2390.html https://www.suse.com/security/cve/CVE-2016-2569.html https://www.suse.com/security/cve/CVE-2016-2570.html https://www.suse.com/security/cve/CVE-2016-2571.html https://www.suse.com/security/cve/CVE-2016-2572.html https://www.suse.com/security/cve/CVE-2016-3947.html https://www.suse.com/security/cve/CVE-2016-3948.html https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4052.html https://www.suse.com/security/cve/CVE-2016-4053.html https://www.suse.com/security/cve/CVE-2016-4054.html https://www.suse.com/security/cve/CVE-2016-4553.html https://www.suse.com/security/cve/CVE-2016-4554.html https://www.suse.com/security/cve/CVE-2016-4555.html https://www.suse.com/security/cve/CVE-2016-4556.html https://bugzilla.suse.com/895773 https://bugzilla.suse.com/902197 https://bugzilla.suse.com/938715 https://bugzilla.suse.com/963539 https://bugzilla.suse.com/967011 https://bugzilla.suse.com/968392 https://bugzilla.suse.com/968393 https://bugzilla.suse.com/968394 https://bugzilla.suse.com/968395 https://bugzilla.suse.com/973782 https://bugzilla.suse.com/973783 https://bugzilla.suse.com/976553 https://bugzilla.suse.com/976556 https://bugzilla.suse.com/976708 https://bugzilla.suse.com/979008 https://bugzilla.suse.com/979009 https://bugzilla.suse.com/979010 https://bugzilla.suse.com/979011 https://bugzilla.suse.com/993299 From sle-updates at lists.suse.com Wed Aug 17 05:08:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 13:08:35 +0200 (CEST) Subject: SUSE-SU-2016:2090-1: moderate: Security update for apache2 Message-ID: <20160817110835.E51E0FFE1@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2090-1 Rating: moderate References: #951692 #970391 #973381 #988488 Cross-References: CVE-2016-5387 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for apache2 fixes the following issues: - It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) - Ignore SIGINT signal in child processes. This fixes a race condition in signals handling when httpd is running on foreground and the user hits ctrl+c. (bsc#970391) - Don't put the backend in error state (by default) when 500/503 is overridden. (bsc#951692) - Remove obsolete /usr/share/apache2/rc.apache2 sample script. (bsc#973381) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1235=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1235=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): apache2-doc-2.4.10-14.17.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): apache2-2.4.10-14.17.1 apache2-debuginfo-2.4.10-14.17.1 apache2-debugsource-2.4.10-14.17.1 apache2-example-pages-2.4.10-14.17.1 apache2-prefork-2.4.10-14.17.1 apache2-prefork-debuginfo-2.4.10-14.17.1 apache2-utils-2.4.10-14.17.1 apache2-utils-debuginfo-2.4.10-14.17.1 apache2-worker-2.4.10-14.17.1 apache2-worker-debuginfo-2.4.10-14.17.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-2.4.10-14.17.1 apache2-debuginfo-2.4.10-14.17.1 apache2-debugsource-2.4.10-14.17.1 apache2-example-pages-2.4.10-14.17.1 apache2-prefork-2.4.10-14.17.1 apache2-prefork-debuginfo-2.4.10-14.17.1 apache2-utils-2.4.10-14.17.1 apache2-utils-debuginfo-2.4.10-14.17.1 apache2-worker-2.4.10-14.17.1 apache2-worker-debuginfo-2.4.10-14.17.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apache2-doc-2.4.10-14.17.1 References: https://www.suse.com/security/cve/CVE-2016-5387.html https://bugzilla.suse.com/951692 https://bugzilla.suse.com/970391 https://bugzilla.suse.com/973381 https://bugzilla.suse.com/988488 From sle-updates at lists.suse.com Wed Aug 17 09:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 17:08:42 +0200 (CEST) Subject: SUSE-OU-2016:2091-1: Optional update for subversion Message-ID: <20160817150843.1402BFFE2@maintenance.suse.de> SUSE Optional Update: Optional update for subversion ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2091-1 Rating: low References: #992766 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for subversion fixes the following issue: - Build with swig3, no functionality change Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1236=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-24.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-24.1 libsvn_auth_kwallet-1-0-1.8.10-24.1 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-24.1 subversion-1.8.10-24.1 subversion-debuginfo-1.8.10-24.1 subversion-debugsource-1.8.10-24.1 subversion-devel-1.8.10-24.1 subversion-perl-1.8.10-24.1 subversion-perl-debuginfo-1.8.10-24.1 subversion-python-1.8.10-24.1 subversion-python-debuginfo-1.8.10-24.1 subversion-server-1.8.10-24.1 subversion-server-debuginfo-1.8.10-24.1 subversion-tools-1.8.10-24.1 subversion-tools-debuginfo-1.8.10-24.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): subversion-bash-completion-1.8.10-24.1 References: https://bugzilla.suse.com/992766 From sle-updates at lists.suse.com Wed Aug 17 09:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 17:09:05 +0200 (CEST) Subject: SUSE-RU-2016:2092-1: Recommended update for sleshammer Message-ID: <20160817150905.7C0C9FFEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2092-1 Rating: low References: #965040 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - Improve assignments of network interfaces. (bsc#965040) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1237=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1237=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): sleshammer-debugsource-0.6.1-0.17.1 sleshammer-x86_64-0.6.1-0.17.1 - SUSE Enterprise Storage 3 (noarch): sleshammer-debugsource-0.6.1-0.17.1 sleshammer-x86_64-0.6.1-0.17.1 - SUSE Enterprise Storage 2.1 (noarch): sleshammer-debugsource-0.6.1-0.17.1 sleshammer-x86_64-0.6.1-0.17.1 References: https://bugzilla.suse.com/965040 From sle-updates at lists.suse.com Wed Aug 17 10:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 18:08:49 +0200 (CEST) Subject: SUSE-SU-2016:2093-1: important: Security update for xen Message-ID: <20160817160849.3A105FC51@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2093-1 Rating: important References: #900418 #949889 #953339 #953362 #953518 #954872 #957986 #958848 #961600 #963161 #964427 #973188 #973631 #974038 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #984981 #985503 #986586 #988675 #988676 #990843 #990923 Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 18 fixes is now available. Description: This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) (bsc#988676). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#900418: Dump cannot be performed on SLES12 XEN - bsc#953339: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#953362: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#953518: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#984981: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#949889: Fail to install 32-bit paravirt VM under SLES12SP1Beta3 XEN - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#973631: AWS EC2 kdump issue - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1238=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1238=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.3_08-17.1 xen-devel-4.5.3_08-17.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.3_08-17.1 xen-debugsource-4.5.3_08-17.1 xen-doc-html-4.5.3_08-17.1 xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1 xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1 xen-libs-32bit-4.5.3_08-17.1 xen-libs-4.5.3_08-17.1 xen-libs-debuginfo-32bit-4.5.3_08-17.1 xen-libs-debuginfo-4.5.3_08-17.1 xen-tools-4.5.3_08-17.1 xen-tools-debuginfo-4.5.3_08-17.1 xen-tools-domU-4.5.3_08-17.1 xen-tools-domU-debuginfo-4.5.3_08-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.3_08-17.1 xen-debugsource-4.5.3_08-17.1 xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1 xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1 xen-libs-32bit-4.5.3_08-17.1 xen-libs-4.5.3_08-17.1 xen-libs-debuginfo-32bit-4.5.3_08-17.1 xen-libs-debuginfo-4.5.3_08-17.1 References: https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6259.html https://www.suse.com/security/cve/CVE-2016-6351.html https://bugzilla.suse.com/900418 https://bugzilla.suse.com/949889 https://bugzilla.suse.com/953339 https://bugzilla.suse.com/953362 https://bugzilla.suse.com/953518 https://bugzilla.suse.com/954872 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/973631 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/984981 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/988676 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 From sle-updates at lists.suse.com Wed Aug 17 13:08:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 21:08:24 +0200 (CEST) Subject: SUSE-SU-2016:2094-1: important: Security update for yast2-ntp-client Message-ID: <20160817190824.A334FFFE1@maintenance.suse.de> SUSE Security Update: Security update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2094-1 Rating: important References: #985065 Cross-References: CVE-2015-1798 CVE-2015-1799 CVE-2015-5194 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 43 vulnerabilities is now available. It includes one version update. Description: The YaST2 NTP Client was updated to handle the presence of both xntp and ntp packages. If none are installed, "ntp" will be installed. Security Issues: * CVE-2016-4953 * CVE-2016-4954 * CVE-2016-4955 * CVE-2016-4956 * CVE-2016-4957 * CVE-2016-1547 * CVE-2016-1548 * CVE-2016-1549 * CVE-2016-1550 * CVE-2016-1551 * CVE-2016-2516 * CVE-2016-2517 * CVE-2016-2518 * CVE-2016-2519 * CVE-2015-8158 * CVE-2015-8138 * CVE-2015-7979 * CVE-2015-7978 * CVE-2015-7977 * CVE-2015-7976 * CVE-2015-7975 * CVE-2015-7974 * CVE-2015-7973 * CVE-2015-5300 * CVE-2015-5194 * CVE-2015-7871 * CVE-2015-7855 * CVE-2015-7854 * CVE-2015-7853 * CVE-2015-7852 * CVE-2015-7851 * CVE-2015-7850 * CVE-2015-7849 * CVE-2015-7848 * CVE-2015-7701 * CVE-2015-7703 * CVE-2015-7704 * CVE-2015-7705 * CVE-2015-7691 * CVE-2015-7692 * CVE-2015-7702 * CVE-2015-1798 * CVE-2015-1799 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (noarch) [New Version: 2.13.18]: yast2-ntp-client-2.13.18-0.20.1 References: https://www.suse.com/security/cve/CVE-2015-1798.html https://www.suse.com/security/cve/CVE-2015-1799.html https://www.suse.com/security/cve/CVE-2015-5194.html https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7691.html https://www.suse.com/security/cve/CVE-2015-7692.html https://www.suse.com/security/cve/CVE-2015-7701.html https://www.suse.com/security/cve/CVE-2015-7702.html https://www.suse.com/security/cve/CVE-2015-7703.html https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7848.html https://www.suse.com/security/cve/CVE-2015-7849.html https://www.suse.com/security/cve/CVE-2015-7850.html https://www.suse.com/security/cve/CVE-2015-7851.html https://www.suse.com/security/cve/CVE-2015-7852.html https://www.suse.com/security/cve/CVE-2015-7853.html https://www.suse.com/security/cve/CVE-2015-7854.html https://www.suse.com/security/cve/CVE-2015-7855.html https://www.suse.com/security/cve/CVE-2015-7871.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8158.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/985065 https://download.suse.com/patch/finder/?keywords=005fabcea379ebb53725d3077bfa4ba8 From sle-updates at lists.suse.com Wed Aug 17 13:08:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 21:08:46 +0200 (CEST) Subject: SUSE-RU-2016:2095-1: moderate: Recommended update for openssl-certs Message-ID: <20160817190846.BD15DFFE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2095-1 Rating: moderate References: #973042 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: The root SSL certificates were updated to version 2.7 of the upstream Mozilla NSS certificate store. Changes done: * Removed server trust from: AC Raiz Certicamara S.A., ComSign Secured CA, NetLock Uzleti (Class B) Tanusitvanykiado, NetLock Business (Class B) Root, NetLock Expressz (Class C) Tanusitvanykiado, TC TrustCenter Class 3 CA II, TURKTRUST Certificate Services Provider Root 1, TURKTRUST Certificate Services Provider Root 2, Equifax Secure Global eBusiness CA-1, Verisign Class 4 Public Primary Certification Authority G3. * Enable server trust: Actalis Authentication Root CA. * Deleted CAs: AOL CA, A Trust nQual 03, Buypass Class 3 CA 1, CA Disig, Digital Signature Trust Co Global CA 1, Digital Signature Trust Co Global CA 3, E Guven Kok Elektronik Sertifika Hizmet Saglayicisi, NetLock Expressz (Class C) Tanusitvanykiado, NetLock Kozjegyzoi (Class A) Tanusitvanykiado, NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, NetLock Uzleti (Class B) Tanusitvanykiado, SG TRUST SERVICES RACINE, Staat der Nederlanden Root CA, TC TrustCenter Class 2 CA II, TC TrustCenter Universal CA I, TDC Internet Root CA, UTN DATACorp SGC Root CA, Verisign Class 1 Public Primary Certification Authority - G2, Verisign Class 3 Public Primary Certification Authority, Verisign Class 3 Public Primary Certification Authority - G2. * New CAs: CA WoSign ECC Root, Certification Authority of WoSign, Certification Authority of WoSign G2, Certinomis - Root CA, Certum Trusted Network CA 2, CFCA EV ROOT, COMODO RSA Certification Authority, DigiCert Assured ID Root G2, DigiCert Assured ID Root G3, DigiCert Global Root G2, DigiCert Global Root G3, DigiCert Trusted Root G4, Entrust Root Certification Authority - EC1, Entrust Root Certification Authority - G2, GlobalSign, IdenTrust Commercial Root CA 1, IdenTrust Public Sector Root CA 1, OISTE WISeKey Global Root GB CA, QuoVadis Root CA 1 G3, QuoVadis Root CA 2 G3, QuoVadis Root CA 3 G3, Staat der Nederlanden EV Root CA, Staat der Nederlanden Root CA - G3, S-TRUST Universal Root CA, SZAFIR ROOT CA2, TURKTRUST Elektronik Sertifika Hizmet Saglayicisi H5, TURKTRUST Elektronik Sertifika Hizmet Saglayicisi H6, USERTrust ECC Certification Authority, USERTrust RSA Certification Authority. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (noarch) [New Version: 2.7]: openssl-certs-2.7-0.16.1 References: https://bugzilla.suse.com/973042 https://download.suse.com/patch/finder/?keywords=934eb69fe1e8d0ea564483da01a67e44 From sle-updates at lists.suse.com Wed Aug 17 13:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2016 21:09:05 +0200 (CEST) Subject: SUSE-RU-2016:2096-1: Recommended update for timezone Message-ID: <20160817190905.4B655FFE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2096-1 Rating: low References: #982833 #987720 #988184 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2016f) for your system, including the following changes: * A positive leap second will be added at the end of 2016-12-31. * Egypt (Africa/Cairo) DST change 2016-07-07 cancelled. * Asia/Novosibirsk switches from +06 to +07 on 2016-07-24 02:00 * Asia/Novokuznetsk and Asia/Novosibirsk now use numeric time zone abbreviations instead of invented ones. * Europe/Minsk's 1992-03-29 spring-forward transition was at 02:00 not 00:00. * Africa/Cairo observes DST in 2016 from July 7 to the end of October. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: * http://mm.icann.org/pipermail/tz-announce/2016-June/000039.html * http://mm.icann.org/pipermail/tz-announce/2016-July/000040.html Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2016f]: timezone-2016f-0.5.1 References: https://bugzilla.suse.com/982833 https://bugzilla.suse.com/987720 https://bugzilla.suse.com/988184 https://download.suse.com/patch/finder/?keywords=5391af1dc9a7a016c1bb38136f8713a1 From sle-updates at lists.suse.com Thu Aug 18 07:09:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2016 15:09:03 +0200 (CEST) Subject: SUSE-SU-2016:2097-1: Security update for ctags Message-ID: <20160818130903.C65DEFFE1@maintenance.suse.de> SUSE Security Update: Security update for ctags ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2097-1 Rating: low References: #899486 #976920 Cross-References: CVE-2014-7204 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ctags fixes the following issues: - CVE-2014-7204: Potential denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. (bsc#899486) - Missing Requires(post) on coreutils as it is using rm(1). (bsc#976920) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1239=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1239=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ctags-5.8-7.1 ctags-debuginfo-5.8-7.1 ctags-debugsource-5.8-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ctags-5.8-7.1 ctags-debuginfo-5.8-7.1 ctags-debugsource-5.8-7.1 References: https://www.suse.com/security/cve/CVE-2014-7204.html https://bugzilla.suse.com/899486 https://bugzilla.suse.com/976920 From sle-updates at lists.suse.com Thu Aug 18 10:09:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2016 18:09:19 +0200 (CEST) Subject: SUSE-RU-2016:2099-1: Recommended update for gtk3 Message-ID: <20160818160919.59738FFE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2099-1 Rating: low References: #957399 #960612 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gtk3 fixes the following issues: - Fix crash caused by signals that were not disconnected at program termination. (bsc#960612) - Don't abort when trying to paint a surface with an error. (bsc#957399) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1240=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1240=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1240=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gtk3-debugsource-3.10.9-8.18 gtk3-devel-3.10.9-8.18 gtk3-devel-debuginfo-3.10.9-8.18 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gtk3-debugsource-3.10.9-8.18 gtk3-tools-3.10.9-8.18 gtk3-tools-debuginfo-3.10.9-8.18 libgtk-3-0-3.10.9-8.18 libgtk-3-0-debuginfo-3.10.9-8.18 typelib-1_0-Gtk-3_0-3.10.9-8.18 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gtk3-tools-32bit-3.10.9-8.18 gtk3-tools-debuginfo-32bit-3.10.9-8.18 libgtk-3-0-32bit-3.10.9-8.18 libgtk-3-0-debuginfo-32bit-3.10.9-8.18 - SUSE Linux Enterprise Server 12-SP1 (noarch): gtk3-data-3.10.9-8.18 gtk3-lang-3.10.9-8.18 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gtk3-data-3.10.9-8.18 gtk3-lang-3.10.9-8.18 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gtk3-debugsource-3.10.9-8.18 gtk3-tools-3.10.9-8.18 gtk3-tools-32bit-3.10.9-8.18 gtk3-tools-debuginfo-3.10.9-8.18 gtk3-tools-debuginfo-32bit-3.10.9-8.18 libgtk-3-0-3.10.9-8.18 libgtk-3-0-32bit-3.10.9-8.18 libgtk-3-0-debuginfo-3.10.9-8.18 libgtk-3-0-debuginfo-32bit-3.10.9-8.18 typelib-1_0-Gtk-3_0-3.10.9-8.18 References: https://bugzilla.suse.com/957399 https://bugzilla.suse.com/960612 From sle-updates at lists.suse.com Thu Aug 18 10:09:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2016 18:09:53 +0200 (CEST) Subject: SUSE-SU-2016:2100-1: important: Security update for xen Message-ID: <20160818160953.A1CB1FFE2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2100-1 Rating: important References: #954872 #955399 #957986 #958848 #961600 #963161 #964427 #967630 #973188 #974038 #974912 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979035 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #985503 #986586 #988675 #989235 #990843 #990923 Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 16 fixes is now available. Description: This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend. Additional memory adjustment made. - bsc#974912: Persistent performance drop after live-migration using xend tool stack - bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399 - bsc#989235: xen dom0 xm create command only searched /etc/xen instead of /etc/xen/vm - Live Migration SLES 11 SP3 to SP4 on AMD: "xc: error: Couldn't set extended vcpu0 info" - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12702=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12702=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12702=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_07_3.0.101_77-37.1 xen-libs-4.4.4_07-37.1 xen-tools-domU-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_07-37.1 xen-doc-html-4.4.4_07-37.1 xen-libs-32bit-4.4.4_07-37.1 xen-tools-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_07_3.0.101_77-37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_07-37.1 xen-debugsource-4.4.4_07-37.1 References: https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6351.html https://bugzilla.suse.com/954872 https://bugzilla.suse.com/955399 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/967630 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/974912 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979035 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/989235 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 From sle-updates at lists.suse.com Thu Aug 18 12:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2016 20:08:33 +0200 (CEST) Subject: SUSE-RU-2016:2101-1: moderate: Recommended update for pacemaker Message-ID: <20160818180833.2C105FF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2101-1 Rating: moderate References: #956500 #967254 #967383 #967775 #970733 #971129 #972187 #974108 #975079 #976271 #976865 #977201 #977258 #977675 #977800 #981489 #981731 #986056 #986201 #986265 #986676 #986931 #987348 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has 23 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - crm_mon: Avoid logging errors for any CIB changes that we don't care about (bsc#986931) - crmd: When node load was reduced, crmd carries out a feasible action. - ping: Log sensible error when /tmp is full (bsc#987348) - crm_mon: Do not log errors for the known CIB changes that should be ignored (bsc#986931) - libservices: include socket units when listing all systemd agents - fencing: fence_legacy - Search capable devices by querying them through "list" action for cluster-glue stonith agents (bsc#986265) - pengine,tools: Display pending resource state by default when it's available (bsc#986201) - systemd: Allow unit names ending in .socket. - crmd: mention that graceful remote shutdowns may cause connection failures (bsc#981489) - libais,libcluster,libcrmcommon,liblrmd: don't use %z specifier - tools: crm_resource -T option should not be hidden anymore - PE: Correctly update the dependent actions of un-runnable clones - attrd,ipc: Prevent possible segfault on exit (bsc#986056) - tools: properly handle crm_resource --restart with a resource in a group - tools: don't assume all resources restart on same node with crm_resource --restart - tools: avoid memory leaks in crm_resource --restart - tools: remember any existing target-role when doing crm_resource --restart - tools: correctly count starting resources when doing crm_resource --restart - Add logrotate to requirements of pacemaker-cli - libcrmcommon: really ensure crm_time_t structure is fully initialized by API calls - crmd: avoid timeout on older peers when cancelling a resource operation - crmd: use proper resource agent name when caching metadata - crmd: avoid memory leak when sending fencing alert - liblrmd: avoid memory leak when closing or deleting lrmd connections - tools: avoid memory leak when crm_mon unpacks constraints - pengine: avoid use-after-free with location constraint + sets + templates - pengine: better error handling when unpacking sets in location constraints - pengine: avoid memory leak when invalid constraint involves set - cts: avoid kill usage error if DummySD stop called when already stopped - pengine : Correction of the record judgment of the failed information. - crmd: clear remote node transient attributes on disconnect (bsc#981489) - Revert "Fix: attrd: Correctly implement mass removal of a node's attributes" (bsc#981489) - attrd: ensure remote nodes are in correct peer cache (bsc#981489) - crmd: set remote flag when gracefully shutting down remote nodes (bsc#981489) - crmd: Graceful proxy shutdown is now tested (bsc#981489) - crmd: Set the shutdown transient attribute in response to LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes (bsc#981489) - PE: Honor the shutdown transient attributes for remote nodes (bsc#981489) - pacemaker_remote: support graceful stops (bsc#981489) - crmd: support graceful pacemaker_remote stops (bsc#981489) - lrmd,liblrmd: add lrmd IPC operations for requesting and acknowledging shutdown (bsc#981489) - cts: simulate pacemaker_remote failure with kill (bsc#981489) - crmd,lrmd,liblrmd: use defined constants for lrmd IPC operations (bsc#981489) - lrmd: make proxied IPC providers/clients opaque (bsc#981489) - lrmd: handle shutdown a little more cleanly (bsc#981489) - libpengine: log message when stonith disabled, not enabled - pengine: only set unfencing constraints once - libcrmcommon: ensure crm_time_t structure is fully initialized by API calls - attrd: don't leak memory when returning due to malformed update request - pengine: properly order stop actions relative to stonith - crm_resource: don't pretend that target-role:started would prevent promotion - crm_mon: consistently print ms resource state - controld: use "stonith_admin -H '*' -V" (bsc#977201) - stonith_admin: allow -H '*' to show history for all nodes (bsc#977201) - controld: fix "[: -eq: unary operator expected" issue from PR 1022 (bsc#977201) - controld: Prevent unwanted self-fencing if "stateful_merge_wait" state of dlm is not available (bsc#977201) - spec: fence_pcmk only eligible for Pacemaker+CMAN - crmd: Acknowledge cancellation operations for remote connection resources (bsc#976865) - controld: improve DLM check with stateful_merge_wait (bsc#977201) - attrd, libcrmcommon: validate attrd requests better - crm_mon: Fix time formatting on x32 - resources: use OCF version tagging correctly - libcommon: crm_procfs_pid_of() would always return last /proc entry checked - crmd: Take start-delay into account for the timeout of the action timer (bsc#977258) - libservices: make systemd override file world-readable to avoid log warning - libcrmcommon: correct directory name in log message - pengine: Correctly set the environment variable "OCF_RESKEY_CRM_meta_timeout" when "start-delay" is configured (bsc#977258) - services: Correctly clean up service actions for non-dbus case - RA: SysInfo - Reset the node attribute "#health_disk" to "green" when there's sufficient free disk (bsc#975079) - pengine: Organize order of actions for slave resources in anti-colocations (bsc#977800) - pengine: Organize order of actions for master resources in anti-colocations (bsc#977800) - pengine: Respect asymmetrical ordering when trying to move resources (bsc#977675) - fencing: Record the last known names of nodes to make sure fencing requested with nodeid works (bsc#974108) - ping resource: Use fping6 for IPv6 hosts (bsc#976271) - pengine: Consider resource failed if any of the configured monitor operations failed (bsc#972187) - spec: make Publican docs not depend on pre-existing packages - cib/fencing: Set status callback before connecting to cluster (bsc#974108) - libtransition: potential memory leak if unpacking action fails - attrd: crash on exit if initialization fails - pengine: Suppress assert if a stateful clone is not being demoted/stopped (bsc#971129) - PE: Correctly handle the ordering of demote actions for failed and moving containers - libcib: Correctly determine the node type (bsc#967775) - resources: match agents' default for globally_unique to pacemaker's - crm_resource: Prevent segfault when --resource is not correctly supplied for --restart command Additionally, the following bug-references have been added to the changelog: bsc#986676, bsc#981731, bsc#970733, bsc#967383, bsc#967254, bsc#956500 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1243=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1243=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpacemaker-devel-1.1.13-17.2 pacemaker-cts-1.1.13-17.2 pacemaker-cts-debuginfo-1.1.13-17.2 pacemaker-debuginfo-1.1.13-17.2 pacemaker-debugsource-1.1.13-17.2 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): libpacemaker3-1.1.13-17.2 libpacemaker3-debuginfo-1.1.13-17.2 pacemaker-1.1.13-17.2 pacemaker-cli-1.1.13-17.2 pacemaker-cli-debuginfo-1.1.13-17.2 pacemaker-cts-1.1.13-17.2 pacemaker-cts-debuginfo-1.1.13-17.2 pacemaker-debuginfo-1.1.13-17.2 pacemaker-debugsource-1.1.13-17.2 pacemaker-remote-1.1.13-17.2 pacemaker-remote-debuginfo-1.1.13-17.2 References: https://bugzilla.suse.com/956500 https://bugzilla.suse.com/967254 https://bugzilla.suse.com/967383 https://bugzilla.suse.com/967775 https://bugzilla.suse.com/970733 https://bugzilla.suse.com/971129 https://bugzilla.suse.com/972187 https://bugzilla.suse.com/974108 https://bugzilla.suse.com/975079 https://bugzilla.suse.com/976271 https://bugzilla.suse.com/976865 https://bugzilla.suse.com/977201 https://bugzilla.suse.com/977258 https://bugzilla.suse.com/977675 https://bugzilla.suse.com/977800 https://bugzilla.suse.com/981489 https://bugzilla.suse.com/981731 https://bugzilla.suse.com/986056 https://bugzilla.suse.com/986201 https://bugzilla.suse.com/986265 https://bugzilla.suse.com/986676 https://bugzilla.suse.com/986931 https://bugzilla.suse.com/987348 From sle-updates at lists.suse.com Thu Aug 18 12:12:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2016 20:12:44 +0200 (CEST) Subject: SUSE-RU-2016:2102-1: Recommended update for createrepo Message-ID: <20160818181244.DBDEBFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for createrepo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2102-1 Rating: low References: #976386 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for createrepo fixes the following issues: - Potential deadlock when createrepo is called with the -v option. (bsc#976386) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-createrepo-12703=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-createrepo-12703=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-createrepo-12703=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-createrepo-12703=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-createrepo-12703=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite Runner 1.3 (noarch): createrepo-0.9.9-0.28.30.1 - SUSE Studio Onsite 1.3 (noarch): createrepo-0.9.9-0.28.30.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): createrepo-0.9.9-0.28.30.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): createrepo-0.9.9-0.28.30.1 - SUSE Lifecycle Management Server 1.3 (noarch): createrepo-0.9.9-0.28.30.1 References: https://bugzilla.suse.com/976386 From sle-updates at lists.suse.com Fri Aug 19 06:09:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2016 14:09:22 +0200 (CEST) Subject: SUSE-SU-2016:2105-1: important: Security update for the Linux Kernel Message-ID: <20160819120922.CBD43FFAC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2105-1 Rating: important References: #947337 #950998 #951844 #953048 #954847 #956491 #957990 #962742 #963655 #963762 #965087 #966245 #968667 #970114 #970506 #971770 #972933 #973378 #973499 #974165 #974308 #974620 #975531 #975533 #975772 #975788 #977417 #978401 #978469 #978822 #979074 #979213 #979419 #979485 #979489 #979521 #979548 #979681 #979867 #979879 #979922 #980348 #980363 #980371 #980856 #980883 #981038 #981143 #981344 #981597 #982282 #982354 #982544 #982698 #983143 #983213 #983318 #983721 #983904 #983977 #984148 #984456 #984755 #984764 #985232 #985978 #986362 #986365 #986569 #986572 #986573 #986811 #988215 #988498 #988552 #990058 Cross-References: CVE-2014-9904 CVE-2015-7833 CVE-2015-8551 CVE-2015-8552 CVE-2015-8845 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3672 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-4997 CVE-2016-4998 CVE-2016-5244 CVE-2016-5828 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 55 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983143). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bsc#978401). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bsc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986362). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction an exec system call (bsc#986569). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - Add wait_event_cmd() (bsc#953048). - Btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - Disable btrfs patch (bsc#981597) - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521). - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521). - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521). - EDAC/sb_edac: Fix computation of channel address (bsc#979521). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - RAID5: batch adjacent full stripe write (bsc#953048). - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048). - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - Restore copying of SKBs with head exceeding page size (bsc#978469). - SCSI: Increase REPORT_LUNS timeout (bsc#982282). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417). - base: make module_create_drivers_dir race-free (bnc#983977). - cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552). - ceph: tolerate bad i_size for symlink inode (bsc#985232). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screen_info struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid-elo: kill not flush the work (bnc#982354). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes (bnc#979922, LTC#141736) - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kvm: Guest does not show the cpu flag nonstop_tsc (bsc#971770) - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE. - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048). - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048). - md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048). - md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048). - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripe_head management. - md/raid5: consider updating reshape_position at start of reshape (bsc#953048). - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048). - md/raid5: do not let shrink_slab shrink too far (bsc#953048). - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix init_stripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048). - md/raid5: fix newly-broken locking in get_active_stripe. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore released_stripes check (bsc#953048). - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048). - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048). - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048). - md/raid5: need_this_block: tidy/fix last condition (bsc#953048). - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048). - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048). - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list. - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048). - md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048). - md/raid5: separate large if clause out of fetch_block() (bsc#953048). - md/raid5: separate out the easy conditions in need_this_block (bsc#953048). - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048). - md/raid5: strengthen check on reshape_position at run (bsc#953048). - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md/raid5: use bio_list for the list of bios to return (bsc#953048). - md: be careful when testing resync_max against curr_resync_completed (bsc#953048). - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048). - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - net: fix wrong mac_len calculation for vlans (bsc#968667). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087). - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: Retry R5_ReadNoMerge flag when hit a read error. - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: get_active_stripe avoids device_lock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: make_request does less prepare wait. - raid5: relieve lock contention in get_active_stripe(). - raid5: relieve lock contention in get_active_stripe(). - raid5: speedup sync_request processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flex_array for scribble data (bsc#953048). - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138). - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sb_edac: Fix support for systems with two home agents per socket (bsc#979521). - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521). - sb_edac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - wait: introduce wait_event_exclusive_cmd (bsc#953048). - x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521). - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058). - x86: standardize mmap_rnd() usage (bnc#974308). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1246=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1246=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1246=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1246=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1246=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1246=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-extra-3.12.62-60.62.1 kernel-default-extra-debuginfo-3.12.62-60.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.62-60.62.1 kernel-obs-build-debugsource-3.12.62-60.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.62-60.62.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.62-60.62.1 kernel-default-base-3.12.62-60.62.1 kernel-default-base-debuginfo-3.12.62-60.62.1 kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-devel-3.12.62-60.62.1 kernel-syms-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.62-60.62.1 kernel-macros-3.12.62-60.62.1 kernel-source-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.62-60.62.1 kernel-xen-base-3.12.62-60.62.1 kernel-xen-base-debuginfo-3.12.62-60.62.1 kernel-xen-debuginfo-3.12.62-60.62.1 kernel-xen-debugsource-3.12.62-60.62.1 kernel-xen-devel-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.62-60.62.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.62-60.62.1 kernel-ec2-debuginfo-3.12.62-60.62.1 kernel-ec2-debugsource-3.12.62-60.62.1 kernel-ec2-devel-3.12.62-60.62.1 kernel-ec2-extra-3.12.62-60.62.1 kernel-ec2-extra-debuginfo-3.12.62-60.62.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-1-4.2 kgraft-patch-3_12_62-60_62-xen-1-4.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.62-60.62.1 kernel-macros-3.12.62-60.62.1 kernel-source-3.12.62-60.62.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.62-60.62.1 kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-devel-3.12.62-60.62.1 kernel-default-extra-3.12.62-60.62.1 kernel-default-extra-debuginfo-3.12.62-60.62.1 kernel-syms-3.12.62-60.62.1 kernel-xen-3.12.62-60.62.1 kernel-xen-debuginfo-3.12.62-60.62.1 kernel-xen-debugsource-3.12.62-60.62.1 kernel-xen-devel-3.12.62-60.62.1 References: https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/947337 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953048 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/962742 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/965087 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/971770 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973499 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/975531 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975788 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979489 https://bugzilla.suse.com/979521 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979922 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/981597 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984456 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/984764 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/988215 https://bugzilla.suse.com/988498 https://bugzilla.suse.com/988552 https://bugzilla.suse.com/990058 From sle-updates at lists.suse.com Fri Aug 19 06:24:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2016 14:24:41 +0200 (CEST) Subject: SUSE-SU-2016:2106-1: moderate: Security update for python Message-ID: <20160819122441.8A717FFAC@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2106-1 Rating: moderate References: #984751 #985177 #985348 #989523 Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1245=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1245=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1245=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1245=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): python-base-debuginfo-2.7.9-24.2 python-base-debugsource-2.7.9-24.2 python-devel-2.7.9-24.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): python-base-debuginfo-2.7.9-24.2 python-base-debugsource-2.7.9-24.2 python-devel-2.7.9-24.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpython2_7-1_0-2.7.9-24.2 libpython2_7-1_0-debuginfo-2.7.9-24.2 python-2.7.9-24.1 python-base-2.7.9-24.2 python-base-debuginfo-2.7.9-24.2 python-base-debugsource-2.7.9-24.2 python-curses-2.7.9-24.1 python-curses-debuginfo-2.7.9-24.1 python-debuginfo-2.7.9-24.1 python-debugsource-2.7.9-24.1 python-demo-2.7.9-24.1 python-gdbm-2.7.9-24.1 python-gdbm-debuginfo-2.7.9-24.1 python-idle-2.7.9-24.1 python-tk-2.7.9-24.1 python-tk-debuginfo-2.7.9-24.1 python-xml-2.7.9-24.2 python-xml-debuginfo-2.7.9-24.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpython2_7-1_0-32bit-2.7.9-24.2 libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2 python-32bit-2.7.9-24.1 python-base-32bit-2.7.9-24.2 python-base-debuginfo-32bit-2.7.9-24.2 python-debuginfo-32bit-2.7.9-24.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-doc-2.7.9-24.4 python-doc-pdf-2.7.9-24.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpython2_7-1_0-2.7.9-24.2 libpython2_7-1_0-32bit-2.7.9-24.2 libpython2_7-1_0-debuginfo-2.7.9-24.2 libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2 python-2.7.9-24.1 python-base-2.7.9-24.2 python-base-debuginfo-2.7.9-24.2 python-base-debuginfo-32bit-2.7.9-24.2 python-base-debugsource-2.7.9-24.2 python-curses-2.7.9-24.1 python-curses-debuginfo-2.7.9-24.1 python-debuginfo-2.7.9-24.1 python-debugsource-2.7.9-24.1 python-devel-2.7.9-24.2 python-tk-2.7.9-24.1 python-tk-debuginfo-2.7.9-24.1 python-xml-2.7.9-24.2 python-xml-debuginfo-2.7.9-24.2 References: https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 From sle-updates at lists.suse.com Fri Aug 19 08:09:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2016 16:09:19 +0200 (CEST) Subject: SUSE-SU-2016:2107-1: moderate: Security update for cracklib Message-ID: <20160819140919.9660EFF91@maintenance.suse.de> SUSE Security Update: Security update for cracklib ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2107-1 Rating: moderate References: #992966 Cross-References: CVE-2016-6318 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cracklib fixes the following issues: - Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1247=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1247=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): cracklib-debuginfo-2.9.0-7.1 cracklib-debugsource-2.9.0-7.1 cracklib-devel-2.9.0-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cracklib-2.9.0-7.1 cracklib-debuginfo-2.9.0-7.1 cracklib-debugsource-2.9.0-7.1 libcrack2-2.9.0-7.1 libcrack2-debuginfo-2.9.0-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcrack2-32bit-2.9.0-7.1 libcrack2-debuginfo-32bit-2.9.0-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cracklib-2.9.0-7.1 cracklib-debuginfo-2.9.0-7.1 cracklib-debugsource-2.9.0-7.1 libcrack2-2.9.0-7.1 libcrack2-32bit-2.9.0-7.1 libcrack2-debuginfo-2.9.0-7.1 libcrack2-debuginfo-32bit-2.9.0-7.1 References: https://www.suse.com/security/cve/CVE-2016-6318.html https://bugzilla.suse.com/992966 From sle-updates at lists.suse.com Fri Aug 19 09:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2016 17:09:33 +0200 (CEST) Subject: SUSE-RU-2016:2110-1: Recommended update for postgresql-init Message-ID: <20160819150933.3F232FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2110-1 Rating: low References: #906900 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql-init converts the former initialization script into a service file for Systemd. With this change, PostgreSQL will now by default write logs to syslog instead of $DATADIR/postmaster.log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1248=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): postgresql-init-9.4-17.14.1 References: https://bugzilla.suse.com/906900 From sle-updates at lists.suse.com Fri Aug 19 17:08:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Aug 2016 01:08:23 +0200 (CEST) Subject: SUSE-RU-2016:2122-1: Recommended update for smt Message-ID: <20160819230823.4F4B9FEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2122-1 Rating: low References: #943355 #983755 #985396 #986018 #986220 #989748 #990105 #990861 #991439 #991453 #992764 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update provides smt version 2.0.24, which brings the following fixes: - Make the curl connect timeout configurable (bsc#992764) - Find migration targets independent of the order of products reported to the API (bsc#986220) - Prevent endless loop and cleanup repository entries if migration failed (bsc#990861) - Report error if a not available product should be registered (bsc#991453) - Increase column size for NAME, VER and REL in Packages table (bsc#991439) - Made dependency on perl-DBD-mysql hard (bsc#983755) - Fixed typo in clientSetup4SMT.sh (bsc#989748) - Skipping repositories reported with invalid data (bsc#990861) - Handle release stage of products (fate#319909) - Implement installer update repositories (fate#319716) - Add registration codes for SLE10/SLE11 products to forwarding call (bsc#990105) - Order by target product id downwards (bsc#986018) - Add a generic error handler to return json format (bsc#943355) - Do not return incomplete activations (bsc#985396) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-12704=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.24-33.1 smt-2.0.24-33.1 smt-support-2.0.24-33.1 References: https://bugzilla.suse.com/943355 https://bugzilla.suse.com/983755 https://bugzilla.suse.com/985396 https://bugzilla.suse.com/986018 https://bugzilla.suse.com/986220 https://bugzilla.suse.com/989748 https://bugzilla.suse.com/990105 https://bugzilla.suse.com/990861 https://bugzilla.suse.com/991439 https://bugzilla.suse.com/991453 https://bugzilla.suse.com/992764 From sle-updates at lists.suse.com Mon Aug 22 11:09:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2016 19:09:01 +0200 (CEST) Subject: SUSE-RU-2016:2128-1: Recommended update for timezone Message-ID: <20160822170901.0ACF4FEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2128-1 Rating: low References: #988184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone adds a positive leap second at the end of 2016-12-31. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1252=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1252=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1252=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): timezone-java-2016f-0.51.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): timezone-2016f-0.51.1 timezone-debuginfo-2016f-0.51.1 timezone-debugsource-2016f-0.51.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016f-0.51.1 timezone-debuginfo-2016f-0.51.1 timezone-debugsource-2016f-0.51.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016f-0.51.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2016f-0.51.1 timezone-debuginfo-2016f-0.51.1 timezone-debugsource-2016f-0.51.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2016f-0.51.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016f-0.51.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016f-0.51.1 timezone-debuginfo-2016f-0.51.1 timezone-debugsource-2016f-0.51.1 References: https://bugzilla.suse.com/988184 From sle-updates at lists.suse.com Mon Aug 22 12:08:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2016 20:08:55 +0200 (CEST) Subject: SUSE-RU-2016:2130-1: Recommended update for openvpn Message-ID: <20160822180855.B40A6FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2130-1 Rating: low References: #934237 #959714 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvpn fixes the following issues: - Possible heap overflow on read accessing getaddrinfo result. (bsc#959714) - Multiple low severity issues. (bsc#934237) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1253=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1253=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openvpn-2.3.8-16.6.4 openvpn-auth-pam-plugin-2.3.8-16.6.4 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.6.4 openvpn-debuginfo-2.3.8-16.6.4 openvpn-debugsource-2.3.8-16.6.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openvpn-2.3.8-16.6.4 openvpn-debuginfo-2.3.8-16.6.4 openvpn-debugsource-2.3.8-16.6.4 References: https://bugzilla.suse.com/934237 https://bugzilla.suse.com/959714 From sle-updates at lists.suse.com Mon Aug 22 12:09:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2016 20:09:27 +0200 (CEST) Subject: SUSE-SU-2016:2131-1: important: Security update for MozillaFirefox Message-ID: <20160822180927.D7996FF91@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2131-1 Rating: important References: #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1254=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1254=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1254=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1254=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-devel-45.3.0esr-78.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 References: https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 From sle-updates at lists.suse.com Mon Aug 22 22:09:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 06:09:58 +0200 (CEST) Subject: SUSE-RU-2016:2132-1: Recommended update for rubygem-crowbar-client Message-ID: <20160823040958.A472CFEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2132-1 Rating: low References: #976537 #988729 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-crowbar-client fixes the following issues: - Improve error handling for unknown responses. - Fix --anonymous and --help options. - Fix timeout in case the API needs longer to respond. - Added subcommand to check the crowbar sanity. - Added option to create a default proposal. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1256=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1256=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1256=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-crowbar-client-2.4.3-3.1 ruby2.1-rubygem-httmultiparty-0.3.16-2.1 ruby2.1-rubygem-mimemagic-0.3.1-2.1 ruby2.1-rubygem-multipart-post-2.0.0-2.1 - SUSE Enterprise Storage 3 (x86_64): ruby2.1-rubygem-crowbar-client-2.4.3-3.1 ruby2.1-rubygem-httmultiparty-0.3.16-2.1 ruby2.1-rubygem-mimemagic-0.3.1-2.1 ruby2.1-rubygem-multipart-post-2.0.0-2.1 - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-crowbar-client-2.4.3-3.1 ruby2.1-rubygem-httmultiparty-0.3.16-2.1 ruby2.1-rubygem-mimemagic-0.3.1-2.1 ruby2.1-rubygem-multipart-post-2.0.0-2.1 References: https://bugzilla.suse.com/976537 https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Mon Aug 22 22:10:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 06:10:34 +0200 (CEST) Subject: SUSE-RU-2016:2133-1: Recommended update for crowbar, crowbar-core and crowbar-openstack Message-ID: <20160823041034.2059DFF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar, crowbar-core and crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2133-1 Rating: low References: #976779 #984128 #985987 #988729 #988907 #989994 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crowbar, crowbar-core and crowbar-openstack fixes the following issues: - Enable vxlan support in linuxbridge - Enable Cisco APIC Opflex support - Improve gre validation if openvswitch is used - Improve MTU calculation of VLAN an Neutron ML2 (bsc#984128) - Always enable force_config_drive for ZVM (bsc#976779) - Improve repository checks (bsc#988907) - Don't reset values in node bulk edit (bsc#989994) - Return the proper http code for role not found (bsc#985987) - Do not use non-existing attributes in bulk edit (bsc#989994) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1255=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1255=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-3.0+git.1468913489.fe7e318-11.1 crowbar-core-3.0+git.1470665748.6acec34-8.1 crowbar-core-branding-upstream-3.0+git.1470665748.6acec34-8.1 crowbar-devel-3.0+git.1468913489.fe7e318-11.1 crowbar-openstack-3.0+git.1469628658.604f0cb-18.1 - SUSE Enterprise Storage 2.1 (noarch): crowbar-3.0+git.1468913489.fe7e318-11.1 References: https://bugzilla.suse.com/976779 https://bugzilla.suse.com/984128 https://bugzilla.suse.com/985987 https://bugzilla.suse.com/988729 https://bugzilla.suse.com/988907 https://bugzilla.suse.com/989994 From sle-updates at lists.suse.com Tue Aug 23 11:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 19:08:52 +0200 (CEST) Subject: SUSE-SU-2016:2136-1: moderate: Security update for krb5 Message-ID: <20160823170852.0D07DFEB8@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2136-1 Rating: moderate References: #991088 Cross-References: CVE-2016-3120 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2016-3120: KDC NULL Pointer Dereference Denial Of Service Vulnerability (bsc#991088) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1257=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1257=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1257=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-36.4 krb5-debugsource-1.12.1-36.4 krb5-devel-1.12.1-36.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): krb5-1.12.1-36.4 krb5-client-1.12.1-36.4 krb5-client-debuginfo-1.12.1-36.4 krb5-debuginfo-1.12.1-36.4 krb5-debugsource-1.12.1-36.4 krb5-doc-1.12.1-36.4 krb5-plugin-kdb-ldap-1.12.1-36.4 krb5-plugin-kdb-ldap-debuginfo-1.12.1-36.4 krb5-plugin-preauth-otp-1.12.1-36.4 krb5-plugin-preauth-otp-debuginfo-1.12.1-36.4 krb5-plugin-preauth-pkinit-1.12.1-36.4 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-36.4 krb5-server-1.12.1-36.4 krb5-server-debuginfo-1.12.1-36.4 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): krb5-32bit-1.12.1-36.4 krb5-debuginfo-32bit-1.12.1-36.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): krb5-1.12.1-36.4 krb5-32bit-1.12.1-36.4 krb5-client-1.12.1-36.4 krb5-client-debuginfo-1.12.1-36.4 krb5-debuginfo-1.12.1-36.4 krb5-debuginfo-32bit-1.12.1-36.4 krb5-debugsource-1.12.1-36.4 References: https://www.suse.com/security/cve/CVE-2016-3120.html https://bugzilla.suse.com/991088 From sle-updates at lists.suse.com Tue Aug 23 12:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 20:08:38 +0200 (CEST) Subject: SUSE-RU-2016:2137-1: moderate: Recommended update for nfs-utils Message-ID: <20160823180838.7E335FEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2137-1 Rating: moderate References: #985845 #986108 #986395 #987035 #989323 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Fix mount issue due to comparison with uninitialized uuid. (bsc#987035) - Don't treat temporary name resolution failure as permanent. (bsc#986108, bsc#989323) - Use a public address for IPv6 callback. (bsc#986395) - Make the "mountpoint" export flag work with NFSv4. (bsc#985845) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1258=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1258=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nfs-client-1.3.0-28.1 nfs-client-debuginfo-1.3.0-28.1 nfs-doc-1.3.0-28.1 nfs-kernel-server-1.3.0-28.1 nfs-kernel-server-debuginfo-1.3.0-28.1 nfs-utils-debugsource-1.3.0-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): nfs-client-1.3.0-28.1 nfs-client-debuginfo-1.3.0-28.1 nfs-kernel-server-1.3.0-28.1 nfs-kernel-server-debuginfo-1.3.0-28.1 nfs-utils-debugsource-1.3.0-28.1 References: https://bugzilla.suse.com/985845 https://bugzilla.suse.com/986108 https://bugzilla.suse.com/986395 https://bugzilla.suse.com/987035 https://bugzilla.suse.com/989323 From sle-updates at lists.suse.com Tue Aug 23 13:08:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 21:08:30 +0200 (CEST) Subject: SUSE-RU-2016:2138-1: moderate: Recommended update for zypp-plugin-spacewalk Message-ID: <20160823190830.BB0FBFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypp-plugin-spacewalk ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2138-1 Rating: moderate References: #964932 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypp-plugin-spacewalk fixes the following issue: - Fix failover for multiple URLs per repo (bsc#964932) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-zypp-plugin-spacewalk-12705=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-zypp-plugin-spacewalk-12705=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.14-24.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.14-24.2 References: https://bugzilla.suse.com/964932 From sle-updates at lists.suse.com Tue Aug 23 13:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 21:08:56 +0200 (CEST) Subject: SUSE-RU-2016:2139-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20160823190856.B7F36FF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2139-1 Rating: moderate References: #934560 #940927 #964932 #969529 #972156 #975120 #975161 #976184 #977579 #977888 #979288 #979313 #982562 #984452 #984622 #986955 #988378 #991440 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. Description: This update includes the following new features: - Add dependency packages for JeOS (fate#320809) This update fixes the following issues: jabberd: - Revert config files to %config(noreplace) (bsc#988378) pxe-default-image: - Rebuild with latest OS fixes smdba: - Use backup directory temp space on restore (bsc#986955) - Enable --silent option working - Prevent access uninitialized variable (possible crash) - Return values from the backup locator (possible crash) - Do not proceed of backups weren't enabled (CLI) - On postgres, compute space-overview with the size(available and used) of the partition disk - Compute the db usage percentage on the amount of the partition instead of the remaining space (bsc#977888) spacewalk-backend: - Fix for non-integer IDs for bugzilla bug (bsc#975161) - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#984452) - spacewalk-repo-sync: Use dateutil parser (bsc#975161) - Only trigger virtualization notification on server save when the virtualization data is not falsy (bsc#975120) - Fix GPG bad signature detection and improve error messages (bsc#979313) spacewalk-branding: - Fix message about debuginfo packages (bsc#972156) spacewalk-certs-tools: - Fix mgr-ssh-push-init with proxy and sudo (bsc#982562) spacewalk-client-tools: - Fix syntax error prevent reading HW data correctly (bsc#984622) spacewalk-java: - Call cobbler sync in profile edit only if requested (bsc#991440) - Support SP Migration from OES 2015 to 2015 SP1 - Disable YaST self update for new autoinstallation trees for SLE - Support OES 2015 (bsc#934560) - Use the IP address when doing ssh push via proxy (bsc#940927) - Don't allow URLs that only differ on the authorization token (bsc#976184) - Redirect migration with no Org to the first step (bsc#969529) - Enhance list of channel families for SUSE Manager Server spacewalk-web: - Fix perl query for satellite detection susemanager: - Add dependency packages for JeOS (fate#320809) - Try to add /repo path to mirror at accessible check - Show optional channels in mgr-sync add channel and add an option to hide optional channels (bsc#977579) susemanager-schema: - Remove duplicates from rhnChannelContentSource (bsc#976184) susemanager-sync-data: - Support SLES12 LTSS (bsc#979288) - Support SP Migration from OES 2015 to 2015 SP1 - Add requires to spacewalk-java with OES support - Add support for OES 2015 and OES 2015 SP1 (bsc#934560) zypp-plugin-spacewalk: - Fix failover for multiple URLs per repo (bsc#964932) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-suse-manager-21-201608-12705=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): jabberd-2.2.17-0.17.2 jabberd-db-2.2.17-0.17.2 smdba-1.5.4-0.12.2 spacewalk-backend-2.1.55.26-27.2 spacewalk-backend-app-2.1.55.26-27.2 spacewalk-backend-applet-2.1.55.26-27.2 spacewalk-backend-config-files-2.1.55.26-27.2 spacewalk-backend-config-files-common-2.1.55.26-27.2 spacewalk-backend-config-files-tool-2.1.55.26-27.2 spacewalk-backend-iss-2.1.55.26-27.2 spacewalk-backend-iss-export-2.1.55.26-27.2 spacewalk-backend-libs-2.1.55.26-27.2 spacewalk-backend-package-push-server-2.1.55.26-27.2 spacewalk-backend-server-2.1.55.26-27.2 spacewalk-backend-sql-2.1.55.26-27.2 spacewalk-backend-sql-oracle-2.1.55.26-27.2 spacewalk-backend-sql-postgresql-2.1.55.26-27.2 spacewalk-backend-tools-2.1.55.26-27.2 spacewalk-backend-xml-export-libs-2.1.55.26-27.2 spacewalk-backend-xmlrpc-2.1.55.26-27.2 spacewalk-branding-2.1.33.17-21.2 susemanager-2.1.25-26.2 susemanager-tools-2.1.25-26.2 zypp-plugin-spacewalk-0.9.14-24.2 - SUSE Manager 2.1 (noarch): pxe-default-image-0.1-0.25.4 spacewalk-base-2.1.60.15-15.2 spacewalk-base-minimal-2.1.60.15-15.2 spacewalk-base-minimal-config-2.1.60.15-15.2 spacewalk-certs-tools-2.1.6.11-21.2 spacewalk-check-2.1.16.12-21.2 spacewalk-client-setup-2.1.16.12-21.2 spacewalk-client-tools-2.1.16.12-21.2 spacewalk-grail-2.1.60.15-15.2 spacewalk-html-2.1.60.15-15.2 spacewalk-java-2.1.165.25-23.2 spacewalk-java-config-2.1.165.25-23.2 spacewalk-java-lib-2.1.165.25-23.2 spacewalk-java-oracle-2.1.165.25-23.2 spacewalk-java-postgresql-2.1.165.25-23.2 spacewalk-pxt-2.1.60.15-15.2 spacewalk-sniglets-2.1.60.15-15.2 spacewalk-taskomatic-2.1.165.25-23.2 susemanager-schema-2.1.50.17-18.2 susemanager-sync-data-2.1.17-36.2 References: https://bugzilla.suse.com/934560 https://bugzilla.suse.com/940927 https://bugzilla.suse.com/964932 https://bugzilla.suse.com/969529 https://bugzilla.suse.com/972156 https://bugzilla.suse.com/975120 https://bugzilla.suse.com/975161 https://bugzilla.suse.com/976184 https://bugzilla.suse.com/977579 https://bugzilla.suse.com/977888 https://bugzilla.suse.com/979288 https://bugzilla.suse.com/979313 https://bugzilla.suse.com/982562 https://bugzilla.suse.com/984452 https://bugzilla.suse.com/984622 https://bugzilla.suse.com/986955 https://bugzilla.suse.com/988378 https://bugzilla.suse.com/991440 From sle-updates at lists.suse.com Tue Aug 23 13:12:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 21:12:09 +0200 (CEST) Subject: SUSE-RU-2016:2140-1: moderate: Recommended update for spacewalk-client-tools and zypp-plugin-spacewalk Message-ID: <20160823191209.4E7ABFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacewalk-client-tools and zypp-plugin-spacewalk ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2140-1 Rating: moderate References: #964932 #984622 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for spacewalk-client-tools and zypp-plugin-spacewalk fixes the following issues: spacewalk-client-tools: - Fix syntax error prevent reading HW data correctly (bsc#984622) zypp-plugin-spacewalk: - Fix failover for multiple URLs per repo (bsc#964932) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spacewalk-201608-12705=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.14-24.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): spacewalk-check-2.1.16.12-21.2 spacewalk-client-setup-2.1.16.12-21.2 spacewalk-client-tools-2.1.16.12-21.2 References: https://bugzilla.suse.com/964932 https://bugzilla.suse.com/984622 From sle-updates at lists.suse.com Tue Aug 23 13:12:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 21:12:41 +0200 (CEST) Subject: SUSE-RU-2016:2141-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20160823191241.2EB11FF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2141-1 Rating: moderate References: #964932 #975120 #975161 #979313 #982562 #984452 #984622 #988378 Affected Products: SUSE Manager Proxy 2.1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: jabberd: - Revert config files to %config(noreplace) (bsc#988378) spacewalk-backend: - Fix for non-integer IDs for bugzilla bug (bsc#975161) - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#984452) - spacewalk-repo-sync: Use dateutil parser (bsc#975161) - Only trigger virtualization notification on server save when the virtualization data is not falsy (bsc#975120) - Fix GPG bad signature detection and improve error messages (bsc#979313) spacewalk-certs-tools: - Fix mgr-ssh-push-init with proxy and sudo (bsc#982562) spacewalk-client-tools: - Fix syntax error prevent reading HW data correctly (bsc#984622) spacewalk-web: - Fix perl query for satellite detection zypp-plugin-spacewalk: - Fix failover for multiple URLs per repo (bsc#964932) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-suse-manager-proxy-21-201608-12705=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (noarch): spacewalk-base-minimal-2.1.60.15-15.2 spacewalk-base-minimal-config-2.1.60.15-15.2 spacewalk-certs-tools-2.1.6.11-21.2 spacewalk-check-2.1.16.12-21.2 spacewalk-client-setup-2.1.16.12-21.2 spacewalk-client-tools-2.1.16.12-21.2 - SUSE Manager Proxy 2.1 (x86_64): jabberd-2.2.17-0.17.2 jabberd-db-2.2.17-0.17.2 spacewalk-backend-2.1.55.26-27.2 spacewalk-backend-libs-2.1.55.26-27.2 zypp-plugin-spacewalk-0.9.14-24.2 References: https://bugzilla.suse.com/964932 https://bugzilla.suse.com/975120 https://bugzilla.suse.com/975161 https://bugzilla.suse.com/979313 https://bugzilla.suse.com/982562 https://bugzilla.suse.com/984452 https://bugzilla.suse.com/984622 https://bugzilla.suse.com/988378 From sle-updates at lists.suse.com Tue Aug 23 13:14:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 21:14:03 +0200 (CEST) Subject: SUSE-RU-2016:2142-1: Recommended update for libpcap Message-ID: <20160823191403.6A8DDFF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpcap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2142-1 Rating: low References: #874131 #992262 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libpcap provides the following fixes: - Do not apply userspace filter until VLAN tag is reconstructed. (bsc#874131) - Use TPID value passed by kernel rather than wild-guess 802.1Q. (bsc#874131) - In "vlan" filter BPF code, check also for 802.1ad (0x88a8) TPID in addition to 802.1Q (0x8100) and non-standard 0x9100 Q-in-Q. (bsc#874131) - Add missing DLT_INFINIBAND to dlt_choices table. (bsc#992262, fate#319438) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1259=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1259=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1259=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1259=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpcap1-32bit-1.5.3-6.1 libpcap1-debuginfo-32bit-1.5.3-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpcap-debugsource-1.5.3-6.1 libpcap-devel-1.5.3-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpcap-debugsource-1.5.3-6.1 libpcap1-1.5.3-6.1 libpcap1-debuginfo-1.5.3-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpcap-debugsource-1.5.3-6.1 libpcap1-1.5.3-6.1 libpcap1-32bit-1.5.3-6.1 libpcap1-debuginfo-1.5.3-6.1 libpcap1-debuginfo-32bit-1.5.3-6.1 References: https://bugzilla.suse.com/874131 https://bugzilla.suse.com/992262 From sle-updates at lists.suse.com Tue Aug 23 13:14:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2016 21:14:40 +0200 (CEST) Subject: SUSE-SU-2016:2143-1: Security update for several openstack-components Message-ID: <20160823191440.31625FF91@maintenance.suse.de> SUSE Security Update: Security update for several openstack-components ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2143-1 Rating: low References: #970258 #982426 #983807 #984442 #984443 #988729 Cross-References: CVE-2016-2140 CVE-2016-4428 CVE-2016-5362 CVE-2016-5363 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update provides the latest code from OpenStack Liberty for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -neutron, -neutron-fwaas, -neutron-lbaas,-nova, -resource-agents, python-networking-cisco and python-openstackclient. Additionally some security-issues have been fixed: openstack-nova: - Always copy or recreate disk.info during a migration. (bsc#970258, CVE-2016-2140) openstack-dashboard: - Escape anularjs templating in unsafe HTML. (bsc#983807, CVE-2016-4428) openstack-neutron: - Fix bypassing of anti-spoof protection. (bsc#984443, CVE-2016-5363, bsc#984442, CVE-2016-5362) For a detailed description of all fixes and improvements, please refer to the changelog. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-ceilometer-5.0.4~a0~dev6-6.1 openstack-ceilometer-agent-central-5.0.4~a0~dev6-6.1 openstack-ceilometer-agent-compute-5.0.4~a0~dev6-6.1 openstack-ceilometer-agent-ipmi-5.0.4~a0~dev6-6.1 openstack-ceilometer-agent-notification-5.0.4~a0~dev6-6.1 openstack-ceilometer-alarm-evaluator-5.0.4~a0~dev6-6.1 openstack-ceilometer-alarm-notifier-5.0.4~a0~dev6-6.1 openstack-ceilometer-api-5.0.4~a0~dev6-6.1 openstack-ceilometer-collector-5.0.4~a0~dev6-6.1 openstack-ceilometer-doc-5.0.4~a0~dev6-6.2 openstack-ceilometer-polling-5.0.4~a0~dev6-6.1 openstack-cinder-7.0.3~a0~dev2-7.1 openstack-cinder-api-7.0.3~a0~dev2-7.1 openstack-cinder-backup-7.0.3~a0~dev2-7.1 openstack-cinder-doc-7.0.3~a0~dev2-7.1 openstack-cinder-scheduler-7.0.3~a0~dev2-7.1 openstack-cinder-volume-7.0.3~a0~dev2-7.1 openstack-dashboard-8.0.2~a0~dev34-8.1 openstack-glance-11.0.2~a0~dev13-7.1 openstack-glance-doc-11.0.2~a0~dev13-7.1 openstack-heat-5.0.2~a0~dev93-9.1 openstack-heat-api-5.0.2~a0~dev93-9.1 openstack-heat-api-cfn-5.0.2~a0~dev93-9.1 openstack-heat-api-cloudwatch-5.0.2~a0~dev93-9.1 openstack-heat-doc-5.0.2~a0~dev93-9.3 openstack-heat-engine-5.0.2~a0~dev93-9.1 openstack-heat-plugin-heat_docker-5.0.2~a0~dev93-9.1 openstack-keystone-8.1.1~a0~dev13-3.1 openstack-keystone-doc-8.1.1~a0~dev13-3.2 openstack-manila-1.0.2~a0~dev11-9.1 openstack-manila-api-1.0.2~a0~dev11-9.1 openstack-manila-doc-1.0.2~a0~dev11-9.2 openstack-manila-scheduler-1.0.2~a0~dev11-9.1 openstack-manila-share-1.0.2~a0~dev11-9.1 openstack-neutron-7.1.2~a0~dev29-10.1 openstack-neutron-dhcp-agent-7.1.2~a0~dev29-10.1 openstack-neutron-doc-7.1.2~a0~dev29-10.1 openstack-neutron-fwaas-7.1.2~a0~dev1-6.1 openstack-neutron-fwaas-doc-7.1.2~a0~dev1-6.1 openstack-neutron-ha-tool-7.1.2~a0~dev29-10.1 openstack-neutron-l3-agent-7.1.2~a0~dev29-10.1 openstack-neutron-lbaas-7.1.2~a0~dev1-6.1 openstack-neutron-lbaas-agent-7.1.2~a0~dev1-6.1 openstack-neutron-lbaas-doc-7.1.2~a0~dev1-6.1 openstack-neutron-linuxbridge-agent-7.1.2~a0~dev29-10.1 openstack-neutron-metadata-agent-7.1.2~a0~dev29-10.1 openstack-neutron-metering-agent-7.1.2~a0~dev29-10.1 openstack-neutron-mlnx-agent-7.1.2~a0~dev29-10.1 openstack-neutron-nvsd-agent-7.1.2~a0~dev29-10.1 openstack-neutron-openvswitch-agent-7.1.2~a0~dev29-10.1 openstack-neutron-restproxy-agent-7.1.2~a0~dev29-10.1 openstack-neutron-server-7.1.2~a0~dev29-10.1 openstack-nova-12.0.5~a0~dev2-7.1 openstack-nova-api-12.0.5~a0~dev2-7.1 openstack-nova-cells-12.0.5~a0~dev2-7.1 openstack-nova-cert-12.0.5~a0~dev2-7.1 openstack-nova-compute-12.0.5~a0~dev2-7.1 openstack-nova-conductor-12.0.5~a0~dev2-7.1 openstack-nova-console-12.0.5~a0~dev2-7.1 openstack-nova-consoleauth-12.0.5~a0~dev2-7.1 openstack-nova-doc-12.0.5~a0~dev2-7.1 openstack-nova-novncproxy-12.0.5~a0~dev2-7.1 openstack-nova-objectstore-12.0.5~a0~dev2-7.1 openstack-nova-scheduler-12.0.5~a0~dev2-7.1 openstack-nova-serialproxy-12.0.5~a0~dev2-7.1 openstack-nova-vncproxy-12.0.5~a0~dev2-7.1 openstack-resource-agents-1.0+git.1467079370.4f2c49d-7.1 python-ceilometer-5.0.4~a0~dev6-6.1 python-cinder-7.0.3~a0~dev2-7.1 python-glance-11.0.2~a0~dev13-7.1 python-heat-5.0.2~a0~dev93-9.1 python-horizon-8.0.2~a0~dev34-8.1 python-keystone-8.1.1~a0~dev13-3.1 python-manila-1.0.2~a0~dev11-9.1 python-networking-cisco-2.1.1-6.1 python-neutron-7.1.2~a0~dev29-10.1 python-neutron-fwaas-7.1.2~a0~dev1-6.1 python-neutron-lbaas-7.1.2~a0~dev1-6.1 python-nova-12.0.5~a0~dev2-7.1 python-openstackclient-1.7.2-4.1 References: https://www.suse.com/security/cve/CVE-2016-2140.html https://www.suse.com/security/cve/CVE-2016-4428.html https://www.suse.com/security/cve/CVE-2016-5362.html https://www.suse.com/security/cve/CVE-2016-5363.html https://bugzilla.suse.com/970258 https://bugzilla.suse.com/982426 https://bugzilla.suse.com/983807 https://bugzilla.suse.com/984442 https://bugzilla.suse.com/984443 https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Wed Aug 24 09:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 17:09:12 +0200 (CEST) Subject: SUSE-SU-2016:2145-1: moderate: Security update for dosfstools Message-ID: <20160824150912.6E36FFFE1@maintenance.suse.de> SUSE Security Update: Security update for dosfstools ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2145-1 Rating: moderate References: #912607 #980364 #980377 Cross-References: CVE-2015-8872 CVE-2016-4804 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). This non-security issue was fixed: - bsc#912607: Attempt to rename root dir in fsck due to uninitialized fields. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1263=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1263=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dosfstools-3.0.26-6.5 dosfstools-debuginfo-3.0.26-6.5 dosfstools-debugsource-3.0.26-6.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dosfstools-3.0.26-6.5 dosfstools-debuginfo-3.0.26-6.5 dosfstools-debugsource-3.0.26-6.5 References: https://www.suse.com/security/cve/CVE-2015-8872.html https://www.suse.com/security/cve/CVE-2016-4804.html https://bugzilla.suse.com/912607 https://bugzilla.suse.com/980364 https://bugzilla.suse.com/980377 From sle-updates at lists.suse.com Wed Aug 24 09:10:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 17:10:08 +0200 (CEST) Subject: SUSE-SU-2016:2146-1: moderate: Security update for dosfstools Message-ID: <20160824151008.ACA4FFF91@maintenance.suse.de> SUSE Security Update: Security update for dosfstools ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2146-1 Rating: moderate References: #980364 #980377 Cross-References: CVE-2015-8872 CVE-2016-4804 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dosfstools-12706=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dosfstools-12706=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dosfstools-3.0.26-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dosfstools-debuginfo-3.0.26-3.1 dosfstools-debugsource-3.0.26-3.1 References: https://www.suse.com/security/cve/CVE-2015-8872.html https://www.suse.com/security/cve/CVE-2016-4804.html https://bugzilla.suse.com/980364 https://bugzilla.suse.com/980377 From sle-updates at lists.suse.com Wed Aug 24 09:10:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 17:10:46 +0200 (CEST) Subject: SUSE-SU-2016:2147-1: moderate: Security update for squid Message-ID: <20160824151046.178BAFF91@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2147-1 Rating: moderate References: #976553 #979010 Cross-References: CVE-2016-4051 CVE-2016-4554 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing (bsc#979010) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid-12707=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid-12707=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid-2.7.STABLE5-2.12.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid-debuginfo-2.7.STABLE5-2.12.29.1 squid-debugsource-2.7.STABLE5-2.12.29.1 References: https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4554.html https://bugzilla.suse.com/976553 https://bugzilla.suse.com/979010 From sle-updates at lists.suse.com Wed Aug 24 10:09:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 18:09:58 +0200 (CEST) Subject: SUSE-RU-2016:2149-1: moderate: Recommended update for python-ec2metadata Message-ID: <20160824160958.4518DFF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ec2metadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2149-1 Rating: moderate References: #994138 #994139 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-ec2metadata fixes the following issues: - Do not use proxy when looking up EC2 meta data (bsc#994138, bsc#994139) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1265=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ec2metadata-1.5.4-6.1 References: https://bugzilla.suse.com/994138 https://bugzilla.suse.com/994139 From sle-updates at lists.suse.com Wed Aug 24 10:10:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 18:10:29 +0200 (CEST) Subject: SUSE-RU-2016:2150-1: moderate: Recommended update for python-ec2metadata Message-ID: <20160824161029.6F074FF91@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ec2metadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2150-1 Rating: moderate References: #924626 #994138 #994139 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-ec2metadata fixes the following issues: - Do not use proxy when looking up EC2 meta data (bsc#994138, bsc#994139) - Write all EC2 metadata to a file (bsc#924626) + Properly write metadata to file if no query argument is provided bsc# + Properly generate XML for 'public-keys' query option + Document the 'api' option in the help message + Alpha sort the options displayed with the help message Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-ec2metadata-12708=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): python-ec2metadata-1.5.4-9.1 References: https://bugzilla.suse.com/924626 https://bugzilla.suse.com/994138 https://bugzilla.suse.com/994139 From sle-updates at lists.suse.com Wed Aug 24 11:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 19:08:49 +0200 (CEST) Subject: SUSE-SU-2016:2151-1: moderate: Security update for rsync Message-ID: <20160824170849.0EB3EFEB8@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2151-1 Rating: moderate References: #915410 Cross-References: CVE-2014-9512 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rsync was updated to fix one security issue. - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1267=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1267=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rsync-3.1.0-9.3 rsync-debuginfo-3.1.0-9.3 rsync-debugsource-3.1.0-9.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rsync-3.1.0-9.3 rsync-debuginfo-3.1.0-9.3 rsync-debugsource-3.1.0-9.3 References: https://www.suse.com/security/cve/CVE-2014-9512.html https://bugzilla.suse.com/915410 From sle-updates at lists.suse.com Wed Aug 24 12:08:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2016 20:08:55 +0200 (CEST) Subject: SUSE-RU-2016:2152-1: Recommended update for timezone Message-ID: <20160824180855.2A36AFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2152-1 Rating: low References: #988184 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone adds a positive leap second at the end of 2016-12-31. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-timezone-12709=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-timezone-12709=1 - SUSE Manager 2.1: zypper in -t patch sleman21-timezone-12709=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-12709=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-12709=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-12709=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-timezone-12709=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-12709=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-12709=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): timezone-2016f-0.32.1 - SUSE OpenStack Cloud 5 (noarch): timezone-java-2016f-0.32.1 - SUSE Manager Proxy 2.1 (noarch): timezone-java-2016f-0.32.1 - SUSE Manager Proxy 2.1 (x86_64): timezone-2016f-0.32.1 - SUSE Manager 2.1 (s390x x86_64): timezone-2016f-0.32.1 - SUSE Manager 2.1 (noarch): timezone-java-2016f-0.32.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2016f-0.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2016f-0.32.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2016f-0.32.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2016f-0.32.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2016f-0.32.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): timezone-2016f-0.32.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): timezone-java-2016f-0.32.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2016f-0.32.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2016f-0.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2016f-0.32.1 timezone-debugsource-2016f-0.32.1 References: https://bugzilla.suse.com/988184 From sle-updates at lists.suse.com Thu Aug 25 08:08:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2016 16:08:54 +0200 (CEST) Subject: SUSE-SU-2016:2154-1: moderate: Security update for xerces-c Message-ID: <20160825140854.E1958F7C5@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2154-1 Rating: moderate References: #979208 #985860 Cross-References: CVE-2016-2099 CVE-2016-4463 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: xerces-c was updated to fix one security issue. This security issue was fixed: - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). - CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1271=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1271=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxerces-c-devel-3.1.1-12.3 xerces-c-debuginfo-3.1.1-12.3 xerces-c-debugsource-3.1.1-12.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxerces-c-3_1-3.1.1-12.3 libxerces-c-3_1-debuginfo-3.1.1-12.3 xerces-c-debuginfo-3.1.1-12.3 xerces-c-debugsource-3.1.1-12.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxerces-c-3_1-32bit-3.1.1-12.3 libxerces-c-3_1-debuginfo-32bit-3.1.1-12.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxerces-c-3_1-3.1.1-12.3 libxerces-c-3_1-32bit-3.1.1-12.3 libxerces-c-3_1-debuginfo-3.1.1-12.3 libxerces-c-3_1-debuginfo-32bit-3.1.1-12.3 xerces-c-debuginfo-3.1.1-12.3 xerces-c-debugsource-3.1.1-12.3 References: https://www.suse.com/security/cve/CVE-2016-2099.html https://www.suse.com/security/cve/CVE-2016-4463.html https://bugzilla.suse.com/979208 https://bugzilla.suse.com/985860 From sle-updates at lists.suse.com Thu Aug 25 10:09:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2016 18:09:14 +0200 (CEST) Subject: SUSE-SU-2016:2155-1: moderate: Security update for curl Message-ID: <20160825160914.39799F7C5@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2155-1 Rating: moderate References: #991389 #991390 Cross-References: CVE-2016-5419 CVE-2016-5420 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-12713=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.42.1 References: https://www.suse.com/security/cve/CVE-2016-5419.html https://www.suse.com/security/cve/CVE-2016-5420.html https://bugzilla.suse.com/991389 https://bugzilla.suse.com/991390 From sle-updates at lists.suse.com Thu Aug 25 10:09:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2016 18:09:47 +0200 (CEST) Subject: SUSE-SU-2016:2156-1: moderate: Security update for glibc Message-ID: <20160825160947.A71FDF7CF@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2156-1 Rating: moderate References: #931399 #965699 #969727 #973010 #973164 #973179 #980483 #980854 #986302 Cross-References: CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has 5 fixes is now available. Description: This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-12712=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-12712=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-12712=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.102.1 glibc-info-2.11.3-17.102.1 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.102.1 glibc-devel-2.11.3-17.102.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.102.1 glibc-i18ndata-2.11.3-17.102.1 glibc-info-2.11.3-17.102.1 glibc-locale-2.11.3-17.102.1 glibc-profile-2.11.3-17.102.1 nscd-2.11.3-17.102.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.102.1 glibc-devel-32bit-2.11.3-17.102.1 glibc-locale-32bit-2.11.3-17.102.1 glibc-profile-32bit-2.11.3-17.102.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.102.1 glibc-profile-x86-2.11.3-17.102.1 glibc-x86-2.11.3-17.102.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.102.1 glibc-debugsource-2.11.3-17.102.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.102.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.102.1 References: https://www.suse.com/security/cve/CVE-2016-1234.html https://www.suse.com/security/cve/CVE-2016-3075.html https://www.suse.com/security/cve/CVE-2016-3706.html https://www.suse.com/security/cve/CVE-2016-4429.html https://bugzilla.suse.com/931399 https://bugzilla.suse.com/965699 https://bugzilla.suse.com/969727 https://bugzilla.suse.com/973010 https://bugzilla.suse.com/973164 https://bugzilla.suse.com/973179 https://bugzilla.suse.com/980483 https://bugzilla.suse.com/980854 https://bugzilla.suse.com/986302 From sle-updates at lists.suse.com Thu Aug 25 19:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 03:08:41 +0200 (CEST) Subject: SUSE-RU-2016:2157-1: moderate: Recommended update for krb5 Message-ID: <20160826010841.96EE6F7C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2157-1 Rating: moderate References: #954470 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes a few memory leaks: - If the system runs out of memory, gssint_convert_name_to_union_name() did not set the output error status and potentially caused callers to misbehave. - Function gss_accept_sec_context() calculated the display name from return value of gssint_convert_name_to_union_name(), however it did not always release the name. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-12715=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-12715=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-12715=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.112.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.112.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.112.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.112.1 krb5-apps-clients-1.6.3-133.49.112.1 krb5-apps-servers-1.6.3-133.49.112.1 krb5-client-1.6.3-133.49.112.1 krb5-server-1.6.3-133.49.112.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.112.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.112.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.112.1 krb5-debugsource-1.6.3-133.49.112.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.112.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.112.1 References: https://bugzilla.suse.com/954470 From sle-updates at lists.suse.com Thu Aug 25 19:09:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 03:09:11 +0200 (CEST) Subject: SUSE-RU-2016:2158-1: Recommended update for containerd, docker, runc Message-ID: <20160826010911.BA65AF7C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for containerd, docker, runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2158-1 Rating: low References: #974208 #978260 #980555 #983015 #984942 #987198 #988707 #989566 #993847 #994568 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update provides docker version 1.11.2 and splits containerd and runc in separate packages. Additionally, the following issues have been fixed: docker: - Explicitly state the version dependencies for runC and containerd, to avoid potential issues with incompatible component versions. (bsc#993847) - Add the ability to not restart the docker service during certain updates with long migration phases. (bsc#980555) - Remove kernel dependency. (bsc#987198) - Setting iptables option on ppc64le works now (bsc#988707) - Fix syntax error in audit.rules. (bsc#984942) - Update docker.service to fix latency issues when running containers. (bsc#983015) For a detailed description of all fixes and changes, please refer to the changelog. containerd: - Set --runtime option specifically to runC. (bsc#978260) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1276=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1276=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): containerd-0.2.2-4.1 containerd-debuginfo-0.2.2-4.1 containerd-debugsource-0.2.2-4.1 docker-1.11.2-76.1 docker-debuginfo-1.11.2-76.1 docker-debugsource-1.11.2-76.1 runc-0.1.1-4.1 runc-debuginfo-0.1.1-4.1 runc-debugsource-0.1.1-4.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-0.2.2-4.1 containerd-debuginfo-0.2.2-4.1 containerd-debugsource-0.2.2-4.1 docker-1.11.2-76.1 docker-debuginfo-1.11.2-76.1 docker-debugsource-1.11.2-76.1 runc-0.1.1-4.1 runc-debuginfo-0.1.1-4.1 runc-debugsource-0.1.1-4.1 References: https://bugzilla.suse.com/974208 https://bugzilla.suse.com/978260 https://bugzilla.suse.com/980555 https://bugzilla.suse.com/983015 https://bugzilla.suse.com/984942 https://bugzilla.suse.com/987198 https://bugzilla.suse.com/988707 https://bugzilla.suse.com/989566 https://bugzilla.suse.com/993847 https://bugzilla.suse.com/994568 From sle-updates at lists.suse.com Fri Aug 26 10:09:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 18:09:30 +0200 (CEST) Subject: SUSE-RU-2016:2159-1: Recommended update for libbluray Message-ID: <20160826160930.0A936F7C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for libbluray ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2159-1 Rating: low References: #981767 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libbluray prevents logging of debug messages to standard error. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1277=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1277=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1277=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libbluray-debugsource-0.4.0-5.1 libbluray-devel-0.4.0-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libbluray-debugsource-0.4.0-5.1 libbluray1-0.4.0-5.1 libbluray1-debuginfo-0.4.0-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libbluray-debugsource-0.4.0-5.1 libbluray1-0.4.0-5.1 libbluray1-debuginfo-0.4.0-5.1 References: https://bugzilla.suse.com/981767 From sle-updates at lists.suse.com Fri Aug 26 11:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 19:08:41 +0200 (CEST) Subject: SUSE-OU-2016:2160-1: Initial release of libsasl2-2 Message-ID: <20160826170841.1CDE3F7CF@maintenance.suse.de> SUSE Optional Update: Initial release of libsasl2-2 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2160-1 Rating: low References: #993074 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the libsasl2 library to support programs using SASL authentication built on SUSE Linux Enterprise 11 to be able to run on SUSE Linux Enterprise 12. (FATE#320304) Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1278=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): libsasl2-2-2.1.22-182.2.1 libsasl2-2-debuginfo-2.1.22-182.2.1 libsasl2-2-debugsource-2.1.22-182.2.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): libsasl2-2-32bit-2.1.22-182.2.1 libsasl2-2-debuginfo-32bit-2.1.22-182.2.1 References: https://bugzilla.suse.com/993074 From sle-updates at lists.suse.com Fri Aug 26 11:09:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 19:09:02 +0200 (CEST) Subject: SUSE-OU-2016:2161-1: Initial release of xalan-c Message-ID: <20160826170902.8A82EF7C6@maintenance.suse.de> SUSE Optional Update: Initial release of xalan-c ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2161-1 Rating: low References: #979090 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The Xalan-C XSLT Transformation Engine has been added to SUSE Linux Enterprise Software Development Kit 12 SP1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1279=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxalan-c-devel-1.11-2.1 libxalan-c111-1.11-2.1 libxalan-c111-debuginfo-1.11-2.1 xalan-c-1.11-2.1 xalan-c-debuginfo-1.11-2.1 xalan-c-debugsource-1.11-2.1 References: https://bugzilla.suse.com/979090 From sle-updates at lists.suse.com Fri Aug 26 12:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 20:08:33 +0200 (CEST) Subject: SUSE-RU-2016:2162-1: moderate: Recommended update for autofs Message-ID: <20160826180833.6E3FFF7C2@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2162-1 Rating: moderate References: #955477 #968791 #968918 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for AutoFS provides the following fixes and enhancements: - Add a new configuration option ($USE_HOSTNAME_FOR_MOUNTS) to enable the use of fully qualified domain names in mounts. (bsc#968791) - Link the LDAP lookup module against the reentrant version of the LDAP library (libldap_r), fixing some rare race conditions that could lead to segmentation faults. (bsc#955477) - Fix spurious ELOOP errors caused by incorrect error handling in the NSS lookup module. (bsc#968918) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-autofs-12716=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-autofs-12716=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): autofs-5.0.6-3.10.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): autofs-debuginfo-5.0.6-3.10.33.1 autofs-debugsource-5.0.6-3.10.33.1 References: https://bugzilla.suse.com/955477 https://bugzilla.suse.com/968791 https://bugzilla.suse.com/968918 From sle-updates at lists.suse.com Fri Aug 26 14:08:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 22:08:43 +0200 (CEST) Subject: SUSE-RU-2016:2163-1: Recommended update for release-notes-sles Message-ID: <20160826200843.79E8FF7C2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2163-1 Rating: low References: #994323 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP2: - New: Update ntp in SLE 11 SP2 to the version used in SLE 11 SP4. (fate#320917) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-release-notes-sles-12717=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): release-notes-sles-11.2.0.52-0.7.1 References: https://bugzilla.suse.com/994323 From sle-updates at lists.suse.com Fri Aug 26 15:08:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2016 23:08:55 +0200 (CEST) Subject: SUSE-RU-2016:2164-1: moderate: Recommended update for crowbar-barclamp-nova_dashboard Message-ID: <20160826210855.10FEDF7C2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova_dashboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2164-1 Rating: moderate References: #935462 #953786 #960006 #968102 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crowbar-barclamp-nova_dashboard fixes the following issues: - Improve reliability of Horizon deployment with HA (bsc#935462) - Improved checks when deploying with SSL (bsc#960006) - Ensure that timeout in Horizon is consistent with timeout in Keystone (bsc#968102) - Fix crash in Horizon when password validation hint is using non-ascii characters (bsc#953786) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-nova_dashboard-12718=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-nova_dashboard-1.9+git.1458309009.695853a-12.1 References: https://bugzilla.suse.com/935462 https://bugzilla.suse.com/953786 https://bugzilla.suse.com/960006 https://bugzilla.suse.com/968102 From sle-updates at lists.suse.com Mon Aug 29 07:09:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:09:24 +0200 (CEST) Subject: SUSE-SU-2016:2174-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 Message-ID: <20160829130924.2DDF7F7C2@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2174-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1288=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-6-17.2 kgraft-patch-3_12_49-11-xen-6-17.2 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 07:10:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:10:14 +0200 (CEST) Subject: SUSE-SU-2016:2175-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20160829131014.EE412F7C3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2175-1 Rating: important References: #986573 #991667 Cross-References: CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1283=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-3-2.1 kgraft-patch-3_12_59-60_45-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 07:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:11:15 +0200 (CEST) Subject: SUSE-SU-2016:2177-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20160829131115.8D0A7F7C3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2177-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1284=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-3-2.1 kgraft-patch-3_12_59-60_41-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 07:12:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:12:02 +0200 (CEST) Subject: SUSE-SU-2016:2178-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 Message-ID: <20160829131202.6D06FF7C3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2178-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1286=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-4-2.1 kgraft-patch-3_12_53-60_30-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 07:12:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:12:46 +0200 (CEST) Subject: SUSE-SU-2016:2179-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 Message-ID: <20160829131246.7E06DF7C3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2179-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1287=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-5-2.1 kgraft-patch-3_12_51-60_25-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 07:13:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:13:27 +0200 (CEST) Subject: SUSE-SU-2016:2180-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20160829131327.842DFF7C3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2180-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1285=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-3-2.1 kgraft-patch-3_12_57-60_35-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 07:14:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 15:14:12 +0200 (CEST) Subject: SUSE-SU-2016:2181-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 Message-ID: <20160829131412.513CFF7C3@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2181-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_20 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1289=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-6-2.1 kgraft-patch-3_12_51-60_20-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Aug 29 11:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2016 19:08:48 +0200 (CEST) Subject: SUSE-RU-2016:2183-1: Recommended update for ses-upgrade-helper Message-ID: <20160829170848.CCC06F7C4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-upgrade-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2183-1 Rating: low References: #981722 #982553 #982965 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides version 0.5 of ses-upgrade-helper and fixes the following issues: - Fixed coloring-issue where output was not readable (bsc#982965) - Fixed helper to not tell the user to re-run (auto-)skipped operations (bsc#981722) - Change user ceph to cephadm in /etc/sudoers (bsc#982553) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ses-upgrade-helper-0.5+git.1466668155.30ebc76-4.1 References: https://bugzilla.suse.com/981722 https://bugzilla.suse.com/982553 https://bugzilla.suse.com/982965 From sle-updates at lists.suse.com Tue Aug 30 05:09:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 13:09:08 +0200 (CEST) Subject: SUSE-SU-2016:2186-1: Security update for fontconfig Message-ID: <20160830110908.8FCCEF7C2@maintenance.suse.de> SUSE Security Update: Security update for fontconfig ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2186-1 Rating: low References: #992534 Cross-References: CVE-2016-5384 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-fontconfig-12719=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-fontconfig-12719=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-fontconfig-12719=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): fontconfig-devel-2.6.0-10.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): fontconfig-devel-32bit-2.6.0-10.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): fontconfig-2.6.0-10.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): fontconfig-32bit-2.6.0-10.19.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): fontconfig-x86-2.6.0-10.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): fontconfig-debuginfo-2.6.0-10.19.1 fontconfig-debugsource-2.6.0-10.19.1 References: https://www.suse.com/security/cve/CVE-2016-5384.html https://bugzilla.suse.com/992534 From sle-updates at lists.suse.com Tue Aug 30 05:09:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 13:09:37 +0200 (CEST) Subject: SUSE-SU-2016:2187-1: moderate: Security update for collectd Message-ID: <20160830110937.5F782F7C3@maintenance.suse.de> SUSE Security Update: Security update for collectd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2187-1 Rating: moderate References: #990853 Cross-References: CVE-2016-6254 Affected Products: SUSE Webyast 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for collectd fixes the following issues: - heap overflow in the network plug-in (bsc#990853, CVE-2016-6254) - add rrdcached plugin to filelist - disable ipvs plugin for now: does not build Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-collectd-12720=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-collectd-12720=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): collectd-4.9.4-0.25.1 libcollectdclient-devel-4.9.4-0.25.1 libcollectdclient0-4.9.4-0.25.1 - SUSE Lifecycle Management Server 1.3 (x86_64): collectd-4.9.4-0.25.1 libcollectdclient-devel-4.9.4-0.25.1 libcollectdclient0-4.9.4-0.25.1 References: https://www.suse.com/security/cve/CVE-2016-6254.html https://bugzilla.suse.com/990853 From sle-updates at lists.suse.com Tue Aug 30 05:10:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 13:10:03 +0200 (CEST) Subject: SUSE-SU-2016:2188-1: moderate: Security update for tomcat Message-ID: <20160830111003.41474F7C3@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2188-1 Rating: moderate References: #986359 #988489 Cross-References: CVE-2016-3092 CVE-2016-5388 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2016-3092: Usage of vulnerable FileUpload package can result in denial of service. (bsc#986359) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header. (bsc#988489) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): tomcat-8.0.32-8.7 tomcat-admin-webapps-8.0.32-8.7 tomcat-docs-webapp-8.0.32-8.7 tomcat-el-3_0-api-8.0.32-8.7 tomcat-javadoc-8.0.32-8.7 tomcat-jsp-2_3-api-8.0.32-8.7 tomcat-lib-8.0.32-8.7 tomcat-servlet-3_1-api-8.0.32-8.7 tomcat-webapps-8.0.32-8.7 References: https://www.suse.com/security/cve/CVE-2016-3092.html https://www.suse.com/security/cve/CVE-2016-5388.html https://bugzilla.suse.com/986359 https://bugzilla.suse.com/988489 From sle-updates at lists.suse.com Tue Aug 30 05:10:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 13:10:44 +0200 (CEST) Subject: SUSE-SU-2016:2189-1: moderate: Security update for libstorage Message-ID: <20160830111044.D3538F7C3@maintenance.suse.de> SUSE Security Update: Security update for libstorage ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2189-1 Rating: moderate References: #986971 Cross-References: CVE-2016-5746 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libstorage fixes the following issues: - Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1292=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1292=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libstorage-debugsource-2.25.35.1-3.1 libstorage-devel-2.25.35.1-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libstorage-debugsource-2.25.35.1-3.1 libstorage-ruby-2.25.35.1-3.1 libstorage-ruby-debuginfo-2.25.35.1-3.1 libstorage6-2.25.35.1-3.1 libstorage6-debuginfo-2.25.35.1-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libstorage-debugsource-2.25.35.1-3.1 libstorage-ruby-2.25.35.1-3.1 libstorage-ruby-debuginfo-2.25.35.1-3.1 libstorage6-2.25.35.1-3.1 libstorage6-debuginfo-2.25.35.1-3.1 References: https://www.suse.com/security/cve/CVE-2016-5746.html https://bugzilla.suse.com/986971 From sle-updates at lists.suse.com Tue Aug 30 05:11:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 13:11:09 +0200 (CEST) Subject: SUSE-SU-2016:2190-1: Security update for fontconfig Message-ID: <20160830111109.80B51F7C3@maintenance.suse.de> SUSE Security Update: Security update for fontconfig ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2190-1 Rating: low References: #992534 Cross-References: CVE-2016-5384 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1294=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1294=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): fontconfig-debuginfo-2.11.0-6.1 fontconfig-debugsource-2.11.0-6.1 fontconfig-devel-2.11.0-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): fontconfig-2.11.0-6.1 fontconfig-debuginfo-2.11.0-6.1 fontconfig-debugsource-2.11.0-6.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): fontconfig-32bit-2.11.0-6.1 fontconfig-debuginfo-32bit-2.11.0-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): fontconfig-2.11.0-6.1 fontconfig-32bit-2.11.0-6.1 fontconfig-debuginfo-2.11.0-6.1 fontconfig-debuginfo-32bit-2.11.0-6.1 fontconfig-debugsource-2.11.0-6.1 References: https://www.suse.com/security/cve/CVE-2016-5384.html https://bugzilla.suse.com/992534 From sle-updates at lists.suse.com Tue Aug 30 10:09:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 18:09:26 +0200 (CEST) Subject: SUSE-RU-2016:2191-1: Recommended update for release-notes-susemanager Message-ID: <20160830160926.5D479F7C2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2191-1 Rating: low References: #934560 #979288 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: SUSE Manager 3.0 Release Notes have been updated to document: - New features: + bootstrap UI - New channels available: + SLES 12 LTSS (bsc#979288) + OES 2015, OES 2015 SP1 incl. SP migration (bsc#934560) - Bugs fixed by latest updates: bsc#934560, bsc#940927, bsc#950184, bsc#962588, bsc#967803 bsc#969834, bsc#970669, bsc#971559, bsc#971622, bsc#972156 bsc#972311, bsc#975534, bsc#976184, bsc#977804, bsc#977888 bsc#978150, bsc#979288, bsc#979448, bsc#979745, bsc#980354 bsc#980482, bsc#981378, bsc#982373, bsc#982562, bsc#983017 bsc#983295, bsc#983297, bsc#983344, bsc#983512, bsc#983826 bsc#983916, bsc#984418, bsc#984622, bsc#984998, bsc#985661 bsc#985707, bsc#986955, bsc#987550, bsc#987614, bsc#987795 bsc#987870, bsc#988378, bsc#988506, bsc#988573, bsc#989193 bsc#989798 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): release-notes-susemanager-3.0.0-0.37.1 References: https://bugzilla.suse.com/934560 https://bugzilla.suse.com/979288 From sle-updates at lists.suse.com Tue Aug 30 11:08:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 19:08:43 +0200 (CEST) Subject: SUSE-SU-2016:2192-1: moderate: Security update for ocaml Message-ID: <20160830170843.11CA0F7C2@maintenance.suse.de> SUSE Security Update: Security update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2192-1 Rating: moderate References: #977990 Cross-References: CVE-2015-8869 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml fixes the following issue: Security issue fixed: - CVE-2015-8869: Prevent buffer overflow and information leak. (bsc#977990) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ocaml-12721=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ocaml-12721=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocaml-4.02.1-3.4 ocaml-compiler-libs-4.02.1-3.4 ocaml-runtime-4.02.1-3.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocaml-debuginfo-4.02.1-3.4 ocaml-debugsource-4.02.1-3.4 References: https://www.suse.com/security/cve/CVE-2015-8869.html https://bugzilla.suse.com/977990 From sle-updates at lists.suse.com Tue Aug 30 11:09:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 19:09:06 +0200 (CEST) Subject: SUSE-RU-2016:2193-1: Recommended update for release-notes-sles Message-ID: <20160830170906.4E412F7C3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2193-1 Rating: low References: #978022 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP3: - New: Update ntp in SLE 11 SP3 to the version used in SLE 11 SP4. (fate#320917) - New: Support for "ipset". (fate#313309) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-release-notes-sles-12723=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): release-notes-sles-11.3.45-0.22.1 References: https://bugzilla.suse.com/978022 From sle-updates at lists.suse.com Tue Aug 30 11:09:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 19:09:25 +0200 (CEST) Subject: SUSE-SU-2016:2194-1: moderate: Security update for ocaml Message-ID: <20160830170925.E9804F7C3@maintenance.suse.de> SUSE Security Update: Security update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2194-1 Rating: moderate References: #977990 Cross-References: CVE-2015-8869 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml fixes the following issue: Security issue fixed: - CVE-2015-8869: Prevent buffer overflow and information leak. (bsc#977990) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ocaml-4.02.3-6.6.14 ocaml-compiler-libs-4.02.3-6.6.14 ocaml-debuginfo-4.02.3-6.6.14 ocaml-debugsource-4.02.3-6.6.14 ocaml-runtime-4.02.3-6.6.14 ocaml-runtime-debuginfo-4.02.3-6.6.14 References: https://www.suse.com/security/cve/CVE-2015-8869.html https://bugzilla.suse.com/977990 From sle-updates at lists.suse.com Tue Aug 30 11:09:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2016 19:09:50 +0200 (CEST) Subject: SUSE-SU-2016:2195-1: important: Security update for MozillaFirefox Message-ID: <20160830170950.B9C83F7C3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2195-1 Rating: important References: #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12722=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12722=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12722=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12722=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12722=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12722=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-12722=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12722=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12722=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.3.0esr-50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-50.1 MozillaFirefox-debugsource-45.3.0esr-50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-50.1 MozillaFirefox-debugsource-45.3.0esr-50.1 References: https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 From sle-updates at lists.suse.com Wed Aug 31 07:09:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2016 15:09:17 +0200 (CEST) Subject: SUSE-RU-2016:2202-1: Recommended update for ceph-deploy Message-ID: <20160831130917.9B1F5F7C4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-deploy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2202-1 Rating: low References: #948375 #948577 #963022 #968123 #980269 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for ceph-deploy fixes the following issues: - zypper: Handle missing packages with --ignore-unknown (bsc#980269) - zypper: Handle ZYPPER_EXIT_INF_CAP_NOT_FOUND return code (bsc#968123) - Change default init system for SUSE platforms to systemd. (bsc#963022) - rgw: Add rgw_dns_name to rgw entity in ${CLUSTER}.conf to fix the s3 api response. (bsc#948577) - Decreased the number of placement groups for each pool created by ceph-deploy for the rgw to 16. (bsc#948375) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1301=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (noarch): ceph-deploy-1.5.25+git.1470908367.0f562a4-4.1 References: https://bugzilla.suse.com/948375 https://bugzilla.suse.com/948577 https://bugzilla.suse.com/963022 https://bugzilla.suse.com/968123 https://bugzilla.suse.com/980269 From sle-updates at lists.suse.com Wed Aug 31 13:08:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2016 21:08:45 +0200 (CEST) Subject: SUSE-SU-2016:2209-1: moderate: Security update for libtcnative-1-0 Message-ID: <20160831190845.497B5F7C3@maintenance.suse.de> SUSE Security Update: Security update for libtcnative-1-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2209-1 Rating: moderate References: #938945 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtcnative-1-0 fixes the following issues: - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 (bsc#938945) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1302=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtcnative-1-0-debuginfo-1.1.32-9.1 libtcnative-1-0-debugsource-1.1.32-9.1 libtcnative-1-0-devel-1.1.32-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtcnative-1-0-1.1.32-9.1 libtcnative-1-0-debuginfo-1.1.32-9.1 libtcnative-1-0-debugsource-1.1.32-9.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/938945