From sle-updates at lists.suse.com Thu Dec 1 06:07:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2016 14:07:40 +0100 (CET) Subject: SUSE-SU-2016:2958-1: moderate: Security update for mono-core Message-ID: <20161201130740.204B9FFC1@maintenance.suse.de> SUSE Security Update: Security update for mono-core ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2958-1 Rating: moderate References: #739119 #958097 Cross-References: CVE-2009-0689 CVE-2012-3543 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters. (bsc#739119) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mono-core-12866=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mono-core-12866=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mono-core-12866=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bytefx-data-mysql-2.6.7-0.18.1 mono-data-firebird-2.6.7-0.18.1 mono-data-oracle-2.6.7-0.18.1 mono-data-sybase-2.6.7-0.18.1 mono-devel-2.6.7-0.18.1 mono-extras-2.6.7-0.18.1 mono-jscript-2.6.7-0.18.1 mono-wcf-2.6.7-0.18.1 mono-winfxcore-2.6.7-0.18.1 monodoc-core-2.6.7-0.18.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): mono-core-2.6.7-0.18.1 mono-data-2.6.7-0.18.1 mono-data-postgresql-2.6.7-0.18.1 mono-data-sqlite-2.6.7-0.18.1 mono-locale-extras-2.6.7-0.18.1 mono-nunit-2.6.7-0.18.1 mono-web-2.6.7-0.18.1 mono-winforms-2.6.7-0.18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mono-core-2.6.7-0.18.1 mono-data-2.6.7-0.18.1 mono-data-postgresql-2.6.7-0.18.1 mono-data-sqlite-2.6.7-0.18.1 mono-locale-extras-2.6.7-0.18.1 mono-nunit-2.6.7-0.18.1 mono-web-2.6.7-0.18.1 mono-winforms-2.6.7-0.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): mono-core-2.6.7-0.18.1 mono-data-2.6.7-0.18.1 mono-data-postgresql-2.6.7-0.18.1 mono-data-sqlite-2.6.7-0.18.1 mono-locale-extras-2.6.7-0.18.1 mono-nunit-2.6.7-0.18.1 mono-web-2.6.7-0.18.1 mono-winforms-2.6.7-0.18.1 References: https://www.suse.com/security/cve/CVE-2009-0689.html https://www.suse.com/security/cve/CVE-2012-3543.html https://bugzilla.suse.com/739119 https://bugzilla.suse.com/958097 From sle-updates at lists.suse.com Thu Dec 1 06:08:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2016 14:08:26 +0100 (CET) Subject: SUSE-RU-2016:2959-1: Recommended update for timezone Message-ID: <20161201130826.F3575FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2959-1 Rating: low References: #1011797 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016j) for your system, including the following changes: - Saratov, Russia switches from +03 to +04 on 2016-12-04 at 02:00. This change introduces a new zone Europe/Saratov split from Europe/Volgograd. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2016-November/000044.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1734=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1734=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1734=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1734=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1734=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1734=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1734=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): timezone-java-2016j-0.66.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): timezone-java-2016j-0.66.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): timezone-java-2016j-0.66.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016j-0.66.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2016j-0.66.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): timezone-java-2016j-0.66.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016j-66.1 timezone-debuginfo-2016j-66.1 timezone-debugsource-2016j-66.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016j-0.66.1 References: https://bugzilla.suse.com/1011797 From sle-updates at lists.suse.com Thu Dec 1 09:07:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2016 17:07:22 +0100 (CET) Subject: SUSE-RU-2016:2963-1: moderate: Recommended update for sg3_utils Message-ID: <20161201160722.3646DFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2963-1 Rating: moderate References: #840054 #903332 #904008 #955222 #958369 #981452 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for sg3_utils provides the following fixes: - Fix handling of dmsetup output in rescan-scsi-bus.sh. (bsc#955222) - Sort output in rescan-scsi-bus.sh's doreportlun(). (bsc#958369) - Fix wrong bitmask when encoding target port group in sg_stpg. - Multiple fixes for rescan-scsi-bus.sh: (bsc#903332) - Interpret DID_NEXUS_FAILURE as 'reservation conflict'. - No space in SCSI type. - Wait up to 30 seconds for TUR. - Check for removable media in sg_turs loop. - Fix rescan-scsi-bus.sh to correctly resize multipath devices. (bsc#904008) - Fix rescan-scsi-bus.sh's 'resize' option and document '-m'. (bsc#904008) - Update rescan-scsi-bus.sh to version 20160511. (bsc#958369, bsc#981452) - Add 40-usb-blacklist.rules. (bsc#840054) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1735=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1735=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1735=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsgutils-devel-1.42-7.7.1 sg3_utils-debuginfo-1.42-7.7.1 sg3_utils-debugsource-1.42-7.7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsgutils2-2-1.42-7.7.1 libsgutils2-2-debuginfo-1.42-7.7.1 sg3_utils-1.42-7.7.1 sg3_utils-debuginfo-1.42-7.7.1 sg3_utils-debugsource-1.42-7.7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsgutils2-2-1.42-7.7.1 libsgutils2-2-debuginfo-1.42-7.7.1 sg3_utils-1.42-7.7.1 sg3_utils-debuginfo-1.42-7.7.1 sg3_utils-debugsource-1.42-7.7.1 References: https://bugzilla.suse.com/840054 https://bugzilla.suse.com/903332 https://bugzilla.suse.com/904008 https://bugzilla.suse.com/955222 https://bugzilla.suse.com/958369 https://bugzilla.suse.com/981452 From sle-updates at lists.suse.com Thu Dec 1 10:07:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2016 18:07:51 +0100 (CET) Subject: SUSE-SU-2016:2964-1: important: Security update for ImageMagick Message-ID: <20161201170751.1124DFFBF@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2964-1 Rating: important References: #1000399 #1000434 #1000436 #1000688 #1000689 #1000690 #1000691 #1000692 #1000693 #1000694 #1000695 #1000698 #1000699 #1000700 #1000701 #1000703 #1000704 #1000707 #1000709 #1000711 #1000713 #1000714 #1001066 #1001221 #1002209 #1002421 #1002422 #1003629 #1005123 #1005125 #1005127 #1007245 Cross-References: CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-5687 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7533 CVE-2016-7535 CVE-2016-7537 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12867=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12867=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12867=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.54.1 ImageMagick-devel-6.4.3.6-7.54.1 libMagick++-devel-6.4.3.6-7.54.1 libMagick++1-6.4.3.6-7.54.1 libMagickWand1-6.4.3.6-7.54.1 perl-PerlMagick-6.4.3.6-7.54.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.54.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.54.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.54.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.54.1 ImageMagick-debugsource-6.4.3.6-7.54.1 References: https://www.suse.com/security/cve/CVE-2014-9907.html https://www.suse.com/security/cve/CVE-2015-8957.html https://www.suse.com/security/cve/CVE-2015-8958.html https://www.suse.com/security/cve/CVE-2015-8959.html https://www.suse.com/security/cve/CVE-2016-5687.html https://www.suse.com/security/cve/CVE-2016-6823.html https://www.suse.com/security/cve/CVE-2016-7101.html https://www.suse.com/security/cve/CVE-2016-7514.html https://www.suse.com/security/cve/CVE-2016-7515.html https://www.suse.com/security/cve/CVE-2016-7516.html https://www.suse.com/security/cve/CVE-2016-7517.html https://www.suse.com/security/cve/CVE-2016-7518.html https://www.suse.com/security/cve/CVE-2016-7519.html https://www.suse.com/security/cve/CVE-2016-7522.html https://www.suse.com/security/cve/CVE-2016-7523.html https://www.suse.com/security/cve/CVE-2016-7524.html https://www.suse.com/security/cve/CVE-2016-7525.html https://www.suse.com/security/cve/CVE-2016-7526.html https://www.suse.com/security/cve/CVE-2016-7527.html https://www.suse.com/security/cve/CVE-2016-7528.html https://www.suse.com/security/cve/CVE-2016-7529.html https://www.suse.com/security/cve/CVE-2016-7530.html https://www.suse.com/security/cve/CVE-2016-7531.html https://www.suse.com/security/cve/CVE-2016-7533.html https://www.suse.com/security/cve/CVE-2016-7535.html https://www.suse.com/security/cve/CVE-2016-7537.html https://www.suse.com/security/cve/CVE-2016-7799.html https://www.suse.com/security/cve/CVE-2016-7800.html https://www.suse.com/security/cve/CVE-2016-7996.html https://www.suse.com/security/cve/CVE-2016-7997.html https://www.suse.com/security/cve/CVE-2016-8682.html https://www.suse.com/security/cve/CVE-2016-8683.html https://www.suse.com/security/cve/CVE-2016-8684.html https://www.suse.com/security/cve/CVE-2016-8862.html https://bugzilla.suse.com/1000399 https://bugzilla.suse.com/1000434 https://bugzilla.suse.com/1000436 https://bugzilla.suse.com/1000688 https://bugzilla.suse.com/1000689 https://bugzilla.suse.com/1000690 https://bugzilla.suse.com/1000691 https://bugzilla.suse.com/1000692 https://bugzilla.suse.com/1000693 https://bugzilla.suse.com/1000694 https://bugzilla.suse.com/1000695 https://bugzilla.suse.com/1000698 https://bugzilla.suse.com/1000699 https://bugzilla.suse.com/1000700 https://bugzilla.suse.com/1000701 https://bugzilla.suse.com/1000703 https://bugzilla.suse.com/1000704 https://bugzilla.suse.com/1000707 https://bugzilla.suse.com/1000709 https://bugzilla.suse.com/1000711 https://bugzilla.suse.com/1000713 https://bugzilla.suse.com/1000714 https://bugzilla.suse.com/1001066 https://bugzilla.suse.com/1001221 https://bugzilla.suse.com/1002209 https://bugzilla.suse.com/1002421 https://bugzilla.suse.com/1002422 https://bugzilla.suse.com/1003629 https://bugzilla.suse.com/1005123 https://bugzilla.suse.com/1005125 https://bugzilla.suse.com/1005127 https://bugzilla.suse.com/1007245 From sle-updates at lists.suse.com Fri Dec 2 07:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 15:07:56 +0100 (CET) Subject: SUSE-RU-2016:2968-1: Recommended update for aaa_base Message-ID: <20161202140756.87DBAFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2968-1 Rating: low References: #1011548 #996442 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for aaa_base fixes the following issues: - Use full path to lsinitrd(1), as /sbin might not be in the default $PATH. (bsc#1011548) - Do not list xinetd based services twice. (bsc#996442) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-aaa_base-12868=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-aaa_base-12868=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): aaa_base-11-6.115.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): aaa_base-debuginfo-11-6.115.1 References: https://bugzilla.suse.com/1011548 https://bugzilla.suse.com/996442 From sle-updates at lists.suse.com Fri Dec 2 07:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 15:08:38 +0100 (CET) Subject: SUSE-SU-2016:2969-1: moderate: Security update for libgit2 Message-ID: <20161202140838.D9B9FFFC1@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2969-1 Rating: moderate References: #1003810 Cross-References: CVE-2016-8568 CVE-2016-8569 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: libgit2 was updated to fix two security issues. These security issues were fixed: - CVE-2016-8568: Read out-of-bounds in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS caused by a NULL pointer dereference in git_commit_message (bsc#1003810). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1741=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): libgit2-24-0.24.1-3.1 libgit2-24-debuginfo-0.24.1-3.1 libgit2-debugsource-0.24.1-3.1 References: https://www.suse.com/security/cve/CVE-2016-8568.html https://www.suse.com/security/cve/CVE-2016-8569.html https://bugzilla.suse.com/1003810 From sle-updates at lists.suse.com Fri Dec 2 08:07:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 16:07:40 +0100 (CET) Subject: SUSE-SU-2016:2971-1: moderate: Security update for pcre Message-ID: <20161202150740.90BFDFFBF@maintenance.suse.de> SUSE Security Update: Security update for pcre ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2971-1 Rating: moderate References: #906574 #924960 #933288 #933878 #936227 #942865 #957566 #957567 #957598 #957600 #960837 #971741 #972127 Cross-References: CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed: - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed: - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1744=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1744=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1744=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1744=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1744=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1744=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1744=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1744=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1744=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1744=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1744=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcrecpp0-32bit-8.39-5.1 libpcrecpp0-8.39-5.1 libpcrecpp0-debuginfo-32bit-8.39-5.1 libpcrecpp0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpcrecpp0-32bit-8.39-5.1 libpcrecpp0-8.39-5.1 libpcrecpp0-debuginfo-32bit-8.39-5.1 libpcrecpp0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcrecpp0-8.39-5.1 libpcrecpp0-debuginfo-8.39-5.1 libpcreposix0-8.39-5.1 libpcreposix0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 pcre-devel-8.39-5.1 pcre-devel-static-8.39-5.1 pcre-tools-8.39-5.1 pcre-tools-debuginfo-8.39-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpcrecpp0-8.39-5.1 libpcrecpp0-debuginfo-8.39-5.1 libpcreposix0-8.39-5.1 libpcreposix0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 pcre-devel-8.39-5.1 pcre-devel-static-8.39-5.1 pcre-tools-8.39-5.1 pcre-tools-debuginfo-8.39-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcre1-8.39-5.1 libpcre1-debuginfo-8.39-5.1 libpcre16-0-8.39-5.1 libpcre16-0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpcre1-8.39-5.1 libpcre1-debuginfo-8.39-5.1 libpcre16-0-8.39-5.1 libpcre16-0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpcre1-32bit-8.39-5.1 libpcre1-debuginfo-32bit-8.39-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpcre1-8.39-5.1 libpcre1-debuginfo-8.39-5.1 libpcre16-0-8.39-5.1 libpcre16-0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpcre1-32bit-8.39-5.1 libpcre1-debuginfo-32bit-8.39-5.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): libpcreposix0-8.39-5.1 libpcreposix0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): libpcreposix0-8.39-5.1 libpcreposix0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcre1-32bit-8.39-5.1 libpcre1-8.39-5.1 libpcre1-debuginfo-32bit-8.39-5.1 libpcre1-debuginfo-8.39-5.1 libpcre16-0-8.39-5.1 libpcre16-0-debuginfo-8.39-5.1 libpcrecpp0-32bit-8.39-5.1 libpcrecpp0-8.39-5.1 libpcrecpp0-debuginfo-32bit-8.39-5.1 libpcrecpp0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpcre1-32bit-8.39-5.1 libpcre1-8.39-5.1 libpcre1-debuginfo-32bit-8.39-5.1 libpcre1-debuginfo-8.39-5.1 libpcre16-0-8.39-5.1 libpcre16-0-debuginfo-8.39-5.1 libpcrecpp0-32bit-8.39-5.1 libpcrecpp0-8.39-5.1 libpcrecpp0-debuginfo-32bit-8.39-5.1 libpcrecpp0-debuginfo-8.39-5.1 pcre-debugsource-8.39-5.1 References: https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2327.html https://www.suse.com/security/cve/CVE-2015-2328.html https://www.suse.com/security/cve/CVE-2015-3210.html https://www.suse.com/security/cve/CVE-2015-3217.html https://www.suse.com/security/cve/CVE-2015-5073.html https://www.suse.com/security/cve/CVE-2015-8380.html https://www.suse.com/security/cve/CVE-2015-8381.html https://www.suse.com/security/cve/CVE-2015-8382.html https://www.suse.com/security/cve/CVE-2015-8383.html https://www.suse.com/security/cve/CVE-2015-8384.html https://www.suse.com/security/cve/CVE-2015-8385.html https://www.suse.com/security/cve/CVE-2015-8386.html https://www.suse.com/security/cve/CVE-2015-8387.html https://www.suse.com/security/cve/CVE-2015-8388.html https://www.suse.com/security/cve/CVE-2015-8389.html https://www.suse.com/security/cve/CVE-2015-8390.html https://www.suse.com/security/cve/CVE-2015-8391.html https://www.suse.com/security/cve/CVE-2015-8392.html https://www.suse.com/security/cve/CVE-2015-8393.html https://www.suse.com/security/cve/CVE-2015-8394.html https://www.suse.com/security/cve/CVE-2015-8395.html https://www.suse.com/security/cve/CVE-2016-1283.html https://www.suse.com/security/cve/CVE-2016-3191.html https://bugzilla.suse.com/906574 https://bugzilla.suse.com/924960 https://bugzilla.suse.com/933288 https://bugzilla.suse.com/933878 https://bugzilla.suse.com/936227 https://bugzilla.suse.com/942865 https://bugzilla.suse.com/957566 https://bugzilla.suse.com/957567 https://bugzilla.suse.com/957598 https://bugzilla.suse.com/957600 https://bugzilla.suse.com/960837 https://bugzilla.suse.com/971741 https://bugzilla.suse.com/972127 From sle-updates at lists.suse.com Fri Dec 2 08:10:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 16:10:26 +0100 (CET) Subject: SUSE-OU-2016:2972-1: Initial release of libmemcached, memcached, php5-memcached Message-ID: <20161202151026.35C19FFBF@maintenance.suse.de> SUSE Optional Update: Initial release of libmemcached, memcached, php5-memcached ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2972-1 Rating: low References: #1011626 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update introduces three new packages to SUSE Linux Enterprise 12. Memcached, a high-performance, distributed memory object caching system and the libmemcached library have been added to SUSE Linux Enterprise Server 12 SP1 and 12-SP2. A PHP5 extension that uses the libmemcached library and provides an API for communicating with memcached servers has been added to the Web and Scripting Module 12. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1743=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1743=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1743=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1743=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1743=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1743=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmemcached-debuginfo-1.0.18-2.2 libmemcached-debugsource-1.0.18-2.2 libmemcached-devel-1.0.18-2.2 memcached-debuginfo-1.4.33-3.1 memcached-debugsource-1.4.33-3.1 memcached-devel-1.4.33-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmemcached-debuginfo-1.0.18-2.2 libmemcached-debugsource-1.0.18-2.2 libmemcached-devel-1.0.18-2.2 memcached-debuginfo-1.4.33-3.1 memcached-debugsource-1.4.33-3.1 memcached-devel-1.4.33-3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmemcached-1.0.18-2.2 libmemcached-debuginfo-1.0.18-2.2 libmemcached-debugsource-1.0.18-2.2 libmemcached11-1.0.18-2.2 libmemcached11-debuginfo-1.0.18-2.2 libmemcachedutil2-1.0.18-2.2 libmemcachedutil2-debuginfo-1.0.18-2.2 memcached-1.4.33-3.1 memcached-debuginfo-1.4.33-3.1 memcached-debugsource-1.4.33-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmemcached-1.0.18-2.2 libmemcached-debuginfo-1.0.18-2.2 libmemcached-debugsource-1.0.18-2.2 libmemcached11-1.0.18-2.2 libmemcached11-debuginfo-1.0.18-2.2 libmemcachedutil2-1.0.18-2.2 libmemcachedutil2-debuginfo-1.0.18-2.2 memcached-1.4.33-3.1 memcached-debuginfo-1.4.33-3.1 memcached-debugsource-1.4.33-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmemcached-1.0.18-2.2 libmemcached-debuginfo-1.0.18-2.2 libmemcached-debugsource-1.0.18-2.2 libmemcached11-1.0.18-2.2 libmemcached11-debuginfo-1.0.18-2.2 libmemcachedutil2-1.0.18-2.2 libmemcachedutil2-debuginfo-1.0.18-2.2 memcached-1.4.33-3.1 memcached-debuginfo-1.4.33-3.1 memcached-debugsource-1.4.33-3.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): php5-memcached-2.2.0-2.4 php5-memcached-debuginfo-2.2.0-2.4 php5-memcached-debugsource-2.2.0-2.4 References: https://bugzilla.suse.com/1011626 From sle-updates at lists.suse.com Fri Dec 2 08:10:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 16:10:56 +0100 (CET) Subject: SUSE-RU-2016:2973-1: moderate: Recommended update for autoyast2, yast2-services-manager Message-ID: <20161202151056.7F589FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2, yast2-services-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2973-1 Rating: moderate References: #1008301 #887115 #985621 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides fixes for autoyast2 and yast2-services-manager. autoyast2: - Do not crash when services manager configuration is missing. (bsc#887115) - Hiding a module in its .desktop file (Hidden=true) won't prevent it from being cloned anymore. (bsc#1008301) - Add support to specify resource aliases using the key X-SuSE-YaST-AutoInstResourceAliases in desktop files. (bsc#887115) - Add missed desktop file for "clone_system" in order to show it in the control center and command line calls. (bsc#985621) yast2-services-manager: - Use the X-SuSE-YaST-AutoInstResourceAliases key to allow removal of the runlevel.desktop file. (bsc#887115, bsc#1008301) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1737=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1737=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1737=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): autoyast2-3.1.154-36.3.2 autoyast2-installation-3.1.154-36.3.2 yast2-services-manager-3.1.43-6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): autoyast2-3.1.154-36.3.2 autoyast2-installation-3.1.154-36.3.2 yast2-services-manager-3.1.43-6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): autoyast2-3.1.154-36.3.2 autoyast2-installation-3.1.154-36.3.2 yast2-services-manager-3.1.43-6.1 References: https://bugzilla.suse.com/1008301 https://bugzilla.suse.com/887115 https://bugzilla.suse.com/985621 From sle-updates at lists.suse.com Fri Dec 2 08:11:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 16:11:50 +0100 (CET) Subject: SUSE-SU-2016:2974-1: moderate: Security update for pacemaker Message-ID: <20161202151150.E51E9FFC1@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2974-1 Rating: moderate References: #1000743 #1002767 #1003565 #1007433 #1009076 #967388 #986644 #987348 #995365 Cross-References: CVE-2016-7035 CVE-2016-7797 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update for pacemaker fixes the following issues: - remote: Allow cluster and remote LRM API versions to diverge (bsc#1009076) - libcrmcommon: fix CVE-2016-7035 (improper IPC guarding) (bsc#1007433) - sysconfig: minor tweaks (typo, wording) - spec: more robust check for systemd being in use - spec: defines instead of some globals + error suppression - various: issues discovered via valgrind and coverity - attrd_updater: fix usage of HAVE_ATOMIC_ATTRD - crmd: cl#5185 - Record pending operations in the CIB before they are performed (bsc#1003565) - ClusterMon: fix to avoid matching other process with the same PID - mcp: improve comments for sysconfig options - remove openssl-devel and libselinux-devel as build dependencies - tools: crm_standby --version/--help should work without cluster - libpengine: only log startup-fencing warning once - pacemaker.service: do not mistakenly suggest killing fenced - libcrmcommon: report errors consistently when waiting for data on connection (bsc#986644) - remote: Correctly calculate the remaining timeouts when receiving messages (bsc#986644) - libfencing: report added node ID correctly - crm_mon: Do not call setenv with null value - pengine: Do not fence a maintenance node if it shuts down cleanly (bsc#1000743) - ping: Avoid temporary files for fping check (bsc#987348) - all: clarify licensing and copyrights - crmd: Resend the shutdown request if the DC forgets - ping: Avoid temp files in fping_check (bsc#987348) - crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down - crmd: clear remote node operation history only when it comes up - libcib,libfencing,libtransition: handle memory allocation errors without CRM_CHECK() - tools: make crm_mon XML schema handle resources with multiple active - pengine: set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources - pengine: avoid null dereference in new same-node ordering option - lrmd,libcluster: ensure g_hash_table_foreach() is never passed a null table - crmd: don't log warning if abort_unless_down() can't find down event - lib: Correction of the deletion of the notice registration. - stonithd: Correction of the wrong connection process name. - crmd: Keep a state of LRMD in the DC node latest. - pengine: avoid transition loop for start-then-stop + unfencing - libpengine: allow pe_order_same_node option for constraints - cts: Restart systemd-journald with "systemctl restart systemd-journald.socket" (bsc#995365) - libcrmcommon: properly handle XML comments when comparing v2 patchset diffs - crmd: don't abort transitions for CIB comment changes - libcrmcommon: log XML comments correctly - libcrmcommon: remove extraneous format specifier from log message - remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767, CVE-2016-7797) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1742=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1742=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpacemaker-devel-1.1.13-20.1 pacemaker-cts-1.1.13-20.1 pacemaker-cts-debuginfo-1.1.13-20.1 pacemaker-debuginfo-1.1.13-20.1 pacemaker-debugsource-1.1.13-20.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): libpacemaker3-1.1.13-20.1 libpacemaker3-debuginfo-1.1.13-20.1 pacemaker-1.1.13-20.1 pacemaker-cli-1.1.13-20.1 pacemaker-cli-debuginfo-1.1.13-20.1 pacemaker-cts-1.1.13-20.1 pacemaker-cts-debuginfo-1.1.13-20.1 pacemaker-debuginfo-1.1.13-20.1 pacemaker-debugsource-1.1.13-20.1 pacemaker-remote-1.1.13-20.1 pacemaker-remote-debuginfo-1.1.13-20.1 References: https://www.suse.com/security/cve/CVE-2016-7035.html https://www.suse.com/security/cve/CVE-2016-7797.html https://bugzilla.suse.com/1000743 https://bugzilla.suse.com/1002767 https://bugzilla.suse.com/1003565 https://bugzilla.suse.com/1007433 https://bugzilla.suse.com/1009076 https://bugzilla.suse.com/967388 https://bugzilla.suse.com/986644 https://bugzilla.suse.com/987348 https://bugzilla.suse.com/995365 From sle-updates at lists.suse.com Fri Dec 2 08:13:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 16:13:55 +0100 (CET) Subject: SUSE-SU-2016:2975-1: moderate: Security update for php5 Message-ID: <20161202151355.9CE6DFFC5@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2975-1 Rating: moderate References: #1008029 #986247 Cross-References: CVE-2016-5773 CVE-2016-9137 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php5 fixes the following issues: - CVE-2016-9137: Use After Free in unserialize() (bsc#1008029) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC (bsc#986247) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1740=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1740=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1740=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1740=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1740=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1740=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1740=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): imap-debuginfo-2007e_suse-22.1 imap-debugsource-2007e_suse-22.1 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): imap-debuginfo-2007e_suse-22.1 imap-debugsource-2007e_suse-22.1 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): imap-debuginfo-2007e_suse-22.1 imap-debugsource-2007e_suse-22.1 imap-devel-2007e_suse-22.1 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 php5-debuginfo-5.5.14-86.2 php5-debugsource-5.5.14-86.2 php5-devel-5.5.14-86.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): imap-debuginfo-2007e_suse-22.1 imap-debugsource-2007e_suse-22.1 imap-devel-2007e_suse-22.1 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 php5-debuginfo-5.5.14-86.2 php5-debugsource-5.5.14-86.2 php5-devel-5.5.14-86.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-86.2 apache2-mod_php5-debuginfo-5.5.14-86.2 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 php5-5.5.14-86.2 php5-bcmath-5.5.14-86.2 php5-bcmath-debuginfo-5.5.14-86.2 php5-bz2-5.5.14-86.2 php5-bz2-debuginfo-5.5.14-86.2 php5-calendar-5.5.14-86.2 php5-calendar-debuginfo-5.5.14-86.2 php5-ctype-5.5.14-86.2 php5-ctype-debuginfo-5.5.14-86.2 php5-curl-5.5.14-86.2 php5-curl-debuginfo-5.5.14-86.2 php5-dba-5.5.14-86.2 php5-dba-debuginfo-5.5.14-86.2 php5-debuginfo-5.5.14-86.2 php5-debugsource-5.5.14-86.2 php5-dom-5.5.14-86.2 php5-dom-debuginfo-5.5.14-86.2 php5-enchant-5.5.14-86.2 php5-enchant-debuginfo-5.5.14-86.2 php5-exif-5.5.14-86.2 php5-exif-debuginfo-5.5.14-86.2 php5-fastcgi-5.5.14-86.2 php5-fastcgi-debuginfo-5.5.14-86.2 php5-fileinfo-5.5.14-86.2 php5-fileinfo-debuginfo-5.5.14-86.2 php5-fpm-5.5.14-86.2 php5-fpm-debuginfo-5.5.14-86.2 php5-ftp-5.5.14-86.2 php5-ftp-debuginfo-5.5.14-86.2 php5-gd-5.5.14-86.2 php5-gd-debuginfo-5.5.14-86.2 php5-gettext-5.5.14-86.2 php5-gettext-debuginfo-5.5.14-86.2 php5-gmp-5.5.14-86.2 php5-gmp-debuginfo-5.5.14-86.2 php5-iconv-5.5.14-86.2 php5-iconv-debuginfo-5.5.14-86.2 php5-imap-5.5.14-86.2 php5-imap-debuginfo-5.5.14-86.2 php5-intl-5.5.14-86.2 php5-intl-debuginfo-5.5.14-86.2 php5-json-5.5.14-86.2 php5-json-debuginfo-5.5.14-86.2 php5-ldap-5.5.14-86.2 php5-ldap-debuginfo-5.5.14-86.2 php5-mbstring-5.5.14-86.2 php5-mbstring-debuginfo-5.5.14-86.2 php5-mcrypt-5.5.14-86.2 php5-mcrypt-debuginfo-5.5.14-86.2 php5-mysql-5.5.14-86.2 php5-mysql-debuginfo-5.5.14-86.2 php5-odbc-5.5.14-86.2 php5-odbc-debuginfo-5.5.14-86.2 php5-opcache-5.5.14-86.2 php5-opcache-debuginfo-5.5.14-86.2 php5-openssl-5.5.14-86.2 php5-openssl-debuginfo-5.5.14-86.2 php5-pcntl-5.5.14-86.2 php5-pcntl-debuginfo-5.5.14-86.2 php5-pdo-5.5.14-86.2 php5-pdo-debuginfo-5.5.14-86.2 php5-pgsql-5.5.14-86.2 php5-pgsql-debuginfo-5.5.14-86.2 php5-phar-5.5.14-86.2 php5-phar-debuginfo-5.5.14-86.2 php5-posix-5.5.14-86.2 php5-posix-debuginfo-5.5.14-86.2 php5-pspell-5.5.14-86.2 php5-pspell-debuginfo-5.5.14-86.2 php5-shmop-5.5.14-86.2 php5-shmop-debuginfo-5.5.14-86.2 php5-snmp-5.5.14-86.2 php5-snmp-debuginfo-5.5.14-86.2 php5-soap-5.5.14-86.2 php5-soap-debuginfo-5.5.14-86.2 php5-sockets-5.5.14-86.2 php5-sockets-debuginfo-5.5.14-86.2 php5-sqlite-5.5.14-86.2 php5-sqlite-debuginfo-5.5.14-86.2 php5-suhosin-5.5.14-86.2 php5-suhosin-debuginfo-5.5.14-86.2 php5-sysvmsg-5.5.14-86.2 php5-sysvmsg-debuginfo-5.5.14-86.2 php5-sysvsem-5.5.14-86.2 php5-sysvsem-debuginfo-5.5.14-86.2 php5-sysvshm-5.5.14-86.2 php5-sysvshm-debuginfo-5.5.14-86.2 php5-tokenizer-5.5.14-86.2 php5-tokenizer-debuginfo-5.5.14-86.2 php5-wddx-5.5.14-86.2 php5-wddx-debuginfo-5.5.14-86.2 php5-xmlreader-5.5.14-86.2 php5-xmlreader-debuginfo-5.5.14-86.2 php5-xmlrpc-5.5.14-86.2 php5-xmlrpc-debuginfo-5.5.14-86.2 php5-xmlwriter-5.5.14-86.2 php5-xmlwriter-debuginfo-5.5.14-86.2 php5-xsl-5.5.14-86.2 php5-xsl-debuginfo-5.5.14-86.2 php5-zip-5.5.14-86.2 php5-zip-debuginfo-5.5.14-86.2 php5-zlib-5.5.14-86.2 php5-zlib-debuginfo-5.5.14-86.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-86.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): imap-debuginfo-2007e_suse-22.1 imap-debugsource-2007e_suse-22.1 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): imap-debuginfo-2007e_suse-22.1 imap-debugsource-2007e_suse-22.1 libc-client2007e_suse-2007e_suse-22.1 libc-client2007e_suse-debuginfo-2007e_suse-22.1 References: https://www.suse.com/security/cve/CVE-2016-5773.html https://www.suse.com/security/cve/CVE-2016-9137.html https://bugzilla.suse.com/1008029 https://bugzilla.suse.com/986247 From sle-updates at lists.suse.com Fri Dec 2 08:14:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 16:14:41 +0100 (CET) Subject: SUSE-SU-2016:2976-1: important: Security update for the Linux Kernel Message-ID: <20161202151441.EDC68FFC5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2976-1 Rating: important References: #1000189 #1001419 #1002165 #1003077 #1003344 #1003568 #1003677 #1003866 #1003925 #1004517 #1004520 #1005857 #1005896 #1005903 #1006917 #1006919 #1007944 #763198 #771065 #799133 #803320 #839104 #843236 #860441 #863873 #865783 #871728 #907611 #908458 #908684 #909077 #909350 #909484 #909618 #909994 #911687 #915183 #920016 #922634 #922947 #928138 #929141 #934760 #951392 #956514 #960689 #963655 #967716 #968010 #968014 #971975 #971989 #973203 #974620 #976867 #977687 #979514 #979595 #979681 #980371 #982218 #982783 #983535 #983619 #984102 #984194 #984992 #985206 #986337 #986362 #986365 #986445 #987565 #988440 #989152 #989261 #989764 #989779 #991608 #991665 #991923 #992566 #993127 #993890 #993891 #994296 #994436 #994618 #994759 #994926 #995968 #996329 #996664 #997708 #998399 #998689 #999584 #999600 #999907 #999932 Cross-References: CVE-2013-4312 CVE-2015-7513 CVE-2015-8956 CVE-2016-0823 CVE-2016-3841 CVE-2016-4998 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 87 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new "bigmem" flavor has been added to support big Power machines. (FATE#319026) The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104 bsc#922947 bsc#968014). The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg (fate#319286). - ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (fate#319286). - alsa: hda - Add Intel Lewisburg device IDs Audio (fate#319286). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - avoid dentry crash triggered by NFS (bsc#984194). - bigmem: Add switch to configure bigmem patches (bsc#928138,fate#319026). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bnx2x: fix lockdep splat (bsc#908684 FATE#317539). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() (FATE#313903). - dm thin: fix race condition when destroying thin pool workqueue (FATE#313903). - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - drivers: hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - drivers: hv: vmbus: handle various crash scenarios (bnc#986337). - drivers: hv: vmbus: remove code duplication in message handling (bnc#986337). - drivers: hv: vss: run only on supported host versions (bnc#986337). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - i2c: i801: add Intel Lewisburg device IDs (fate#319286). - i40e: fix an uninitialized variable bug (bsc#909484 FATE#317397). - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - introduce SIZE_MAX (bsc#1000189). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi: Import kabi files from 3.0.101-80 - kabi-fix for flock_owner addition (bsc#998689). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: sanity check cpu number extracted from xid (bsc#988440). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - bigmem: make bigmem patches configurable (bsc#928138,fate#319026). - md: check command validity early in md_ioctl() (bsc#1004520). - md: Drop sending a change uevent when stopping (bsc#1003568). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - md: lockless I/O submission for RAID1 (bsc#982783). - md/raid10: always set reshape_safe when initializing reshape_position (fate#311379). - md/raid10: Fix memory leak when raid10 reshape completes (fate#311379). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - Move patches that create ppc64-bigmem to the powerpc section. Add comments that outline the procedure and warn the unsuspecting. - move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - oom: print nodemask in the oom report (bnc#1003866). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - pciback: return proper values during BAR sizing. - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models (fate#321400). - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - ppp: defer netns reference release for ppp channel (bsc#980371). - qlcnic: fix a timeout loop (bsc#909350 FATE#317546) - random32: add prandom_u32_max (bsc#989152). - remove problematic preprocessor constructs (bsc#928138,fate#319026). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - rpm/package-descriptions: add -bigmem description - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - sata: Adding Intel Lewisburg device IDs for SATA (fate#319286). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scripts/bigmem-generate-ifdef-guard: auto-regen patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: Include this script to regenerate patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: make executable - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618 FATE#317521). - sort hyperv patches properly in series.conf - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458 FATE#317507). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, a.o.). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: do not deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support (fate#321400). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors (fate#321400). - x86/gart: Check for GART support before accessing GART registers (fate#321400). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - zfcp: close window with unblocked rport during rport gone (bnc#1003677, LTC#144310). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677, LTC#144312). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677, LTC#144308). - zfcp: fix payload trace length for SAN request&response (bnc#1003677, LTC#144312). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677, LTC#144312). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677, LTC#144312). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677, LTC#144312). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677, LTC#144312). - zfcp: trace on request for open and close of WKA port (bnc#1003677, LTC#144312). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-12869=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-12869=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-12869=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-12869=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-88.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-88.1 kernel-default-base-3.0.101-88.1 kernel-default-devel-3.0.101-88.1 kernel-source-3.0.101-88.1 kernel-syms-3.0.101-88.1 kernel-trace-3.0.101-88.1 kernel-trace-base-3.0.101-88.1 kernel-trace-devel-3.0.101-88.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-88.1 kernel-ec2-base-3.0.101-88.1 kernel-ec2-devel-3.0.101-88.1 kernel-xen-3.0.101-88.1 kernel-xen-base-3.0.101-88.1 kernel-xen-devel-3.0.101-88.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-88.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-88.1 kernel-bigmem-base-3.0.101-88.1 kernel-bigmem-devel-3.0.101-88.1 kernel-ppc64-3.0.101-88.1 kernel-ppc64-base-3.0.101-88.1 kernel-ppc64-devel-3.0.101-88.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-88.1 kernel-pae-base-3.0.101-88.1 kernel-pae-devel-3.0.101-88.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-88.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-88.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-88.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-88.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-88.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-88.1 kernel-default-debugsource-3.0.101-88.1 kernel-trace-debuginfo-3.0.101-88.1 kernel-trace-debugsource-3.0.101-88.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-88.1 kernel-trace-devel-debuginfo-3.0.101-88.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-88.1 kernel-ec2-debugsource-3.0.101-88.1 kernel-xen-debuginfo-3.0.101-88.1 kernel-xen-debugsource-3.0.101-88.1 kernel-xen-devel-debuginfo-3.0.101-88.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-88.1 kernel-bigmem-debugsource-3.0.101-88.1 kernel-ppc64-debuginfo-3.0.101-88.1 kernel-ppc64-debugsource-3.0.101-88.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-88.1 kernel-pae-debugsource-3.0.101-88.1 kernel-pae-devel-debuginfo-3.0.101-88.1 References: https://www.suse.com/security/cve/CVE-2013-4312.html https://www.suse.com/security/cve/CVE-2015-7513.html https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2016-0823.html https://www.suse.com/security/cve/CVE-2016-3841.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-7425.html https://bugzilla.suse.com/1000189 https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1003344 https://bugzilla.suse.com/1003568 https://bugzilla.suse.com/1003677 https://bugzilla.suse.com/1003866 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1004520 https://bugzilla.suse.com/1005857 https://bugzilla.suse.com/1005896 https://bugzilla.suse.com/1005903 https://bugzilla.suse.com/1006917 https://bugzilla.suse.com/1006919 https://bugzilla.suse.com/1007944 https://bugzilla.suse.com/763198 https://bugzilla.suse.com/771065 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/803320 https://bugzilla.suse.com/839104 https://bugzilla.suse.com/843236 https://bugzilla.suse.com/860441 https://bugzilla.suse.com/863873 https://bugzilla.suse.com/865783 https://bugzilla.suse.com/871728 https://bugzilla.suse.com/907611 https://bugzilla.suse.com/908458 https://bugzilla.suse.com/908684 https://bugzilla.suse.com/909077 https://bugzilla.suse.com/909350 https://bugzilla.suse.com/909484 https://bugzilla.suse.com/909618 https://bugzilla.suse.com/909994 https://bugzilla.suse.com/911687 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/922947 https://bugzilla.suse.com/928138 https://bugzilla.suse.com/929141 https://bugzilla.suse.com/934760 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/960689 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/967716 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968014 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/973203 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/976867 https://bugzilla.suse.com/977687 https://bugzilla.suse.com/979514 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/982218 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/983535 https://bugzilla.suse.com/983619 https://bugzilla.suse.com/984102 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/984992 https://bugzilla.suse.com/985206 https://bugzilla.suse.com/986337 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/987565 https://bugzilla.suse.com/988440 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989261 https://bugzilla.suse.com/989764 https://bugzilla.suse.com/989779 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/991923 https://bugzilla.suse.com/992566 https://bugzilla.suse.com/993127 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994436 https://bugzilla.suse.com/994618 https://bugzilla.suse.com/994759 https://bugzilla.suse.com/994926 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/996329 https://bugzilla.suse.com/996664 https://bugzilla.suse.com/997708 https://bugzilla.suse.com/998399 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/999584 https://bugzilla.suse.com/999600 https://bugzilla.suse.com/999907 https://bugzilla.suse.com/999932 From sle-updates at lists.suse.com Fri Dec 2 09:07:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 17:07:24 +0100 (CET) Subject: SUSE-RU-2016:2977-1: Recommended update for libpciaccess Message-ID: <20161202160724.553DDFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpciaccess ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2977-1 Rating: low References: #1006827 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libpciaccess provides the following fixes: - Ignore 32bit PCI domains. They are now supported by the Linux kernel but not by the user land library, and this inconsistency can lead to problems such as startx(1) terminating with a segmentation fault. 32-bit PCI domains are not needed to start the X server. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1746=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1746=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1746=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1746=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1746=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1746=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1746=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess-devel-0.13.2-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess-devel-0.13.2-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess0-0.13.2-5.1 libpciaccess0-debuginfo-0.13.2-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess0-0.13.2-5.1 libpciaccess0-debuginfo-0.13.2-5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpciaccess0-32bit-0.13.2-5.1 libpciaccess0-debuginfo-32bit-0.13.2-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess0-0.13.2-5.1 libpciaccess0-debuginfo-0.13.2-5.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpciaccess0-32bit-0.13.2-5.1 libpciaccess0-debuginfo-32bit-0.13.2-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess0-0.13.2-5.1 libpciaccess0-32bit-0.13.2-5.1 libpciaccess0-debuginfo-0.13.2-5.1 libpciaccess0-debuginfo-32bit-0.13.2-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpciaccess-debugsource-0.13.2-5.1 libpciaccess0-0.13.2-5.1 libpciaccess0-32bit-0.13.2-5.1 libpciaccess0-debuginfo-0.13.2-5.1 libpciaccess0-debuginfo-32bit-0.13.2-5.1 References: https://bugzilla.suse.com/1006827 From sle-updates at lists.suse.com Fri Dec 2 12:06:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 20:06:51 +0100 (CET) Subject: SUSE-RU-2016:2987-1: Recommended update for ispell Message-ID: <20161202190651.2D3FAFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ispell ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2987-1 Rating: low References: #1010330 #966124 #981024 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ispell removes a few incorrect words from the English dictionary. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1747=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1747=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1747=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1747=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1747=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1747=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ispell-3.3.02-113.1 ispell-american-3.3.02-113.1 ispell-british-3.3.02-113.1 ispell-debuginfo-3.3.02-113.1 ispell-debugsource-3.3.02-113.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ispell-3.3.02-113.1 ispell-american-3.3.02-113.1 ispell-british-3.3.02-113.1 ispell-debuginfo-3.3.02-113.1 ispell-debugsource-3.3.02-113.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ispell-3.3.02-113.1 ispell-american-3.3.02-113.1 ispell-british-3.3.02-113.1 ispell-debuginfo-3.3.02-113.1 ispell-debugsource-3.3.02-113.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ispell-3.3.02-113.1 ispell-american-3.3.02-113.1 ispell-british-3.3.02-113.1 ispell-debuginfo-3.3.02-113.1 ispell-debugsource-3.3.02-113.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ispell-3.3.02-113.1 ispell-american-3.3.02-113.1 ispell-british-3.3.02-113.1 ispell-debuginfo-3.3.02-113.1 ispell-debugsource-3.3.02-113.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ispell-3.3.02-113.1 ispell-american-3.3.02-113.1 ispell-british-3.3.02-113.1 ispell-debuginfo-3.3.02-113.1 ispell-debugsource-3.3.02-113.1 References: https://bugzilla.suse.com/1010330 https://bugzilla.suse.com/966124 https://bugzilla.suse.com/981024 From sle-updates at lists.suse.com Fri Dec 2 13:06:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2016 21:06:54 +0100 (CET) Subject: SUSE-SU-2016:2988-1: important: Security update for qemu Message-ID: <20161202200654.E35ACFFC1@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2988-1 Rating: important References: #1000345 #1001151 #1002116 #1002550 #1002557 #1003878 #1003893 #1003894 #1004702 #1004707 #1006536 #1006538 #1007391 #1007450 #1007454 #1007493 #1007494 #1007495 #996524 #998516 #999661 Cross-References: CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7466 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1 - Change package post script udevadm trigger calls to be device specific (bsc#1002116) - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151) * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345) * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) - Fix case of disk corruption with migration due to improper internal state tracking (bsc#996524) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1748=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1748=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-24.6 qemu-block-curl-2.3.1-24.6 qemu-block-curl-debuginfo-2.3.1-24.6 qemu-debugsource-2.3.1-24.6 qemu-guest-agent-2.3.1-24.6 qemu-guest-agent-debuginfo-2.3.1-24.6 qemu-lang-2.3.1-24.6 qemu-tools-2.3.1-24.6 qemu-tools-debuginfo-2.3.1-24.6 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-24.6 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-24.6 qemu-ppc-debuginfo-2.3.1-24.6 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-24.6 qemu-block-rbd-debuginfo-2.3.1-24.6 qemu-x86-2.3.1-24.6 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-24.6 qemu-seabios-1.8.1-24.6 qemu-sgabios-8-24.6 qemu-vgabios-1.8.1-24.6 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-24.6 qemu-s390-debuginfo-2.3.1-24.6 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-24.6 qemu-seabios-1.8.1-24.6 qemu-sgabios-8-24.6 qemu-vgabios-1.8.1-24.6 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-24.6 qemu-block-curl-2.3.1-24.6 qemu-block-curl-debuginfo-2.3.1-24.6 qemu-debugsource-2.3.1-24.6 qemu-kvm-2.3.1-24.6 qemu-tools-2.3.1-24.6 qemu-tools-debuginfo-2.3.1-24.6 qemu-x86-2.3.1-24.6 References: https://www.suse.com/security/cve/CVE-2016-7161.html https://www.suse.com/security/cve/CVE-2016-7170.html https://www.suse.com/security/cve/CVE-2016-7421.html https://www.suse.com/security/cve/CVE-2016-7466.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8577.html https://www.suse.com/security/cve/CVE-2016-8578.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9102.html https://www.suse.com/security/cve/CVE-2016-9103.html https://www.suse.com/security/cve/CVE-2016-9104.html https://www.suse.com/security/cve/CVE-2016-9105.html https://www.suse.com/security/cve/CVE-2016-9106.html https://bugzilla.suse.com/1000345 https://bugzilla.suse.com/1001151 https://bugzilla.suse.com/1002116 https://bugzilla.suse.com/1002550 https://bugzilla.suse.com/1002557 https://bugzilla.suse.com/1003878 https://bugzilla.suse.com/1003893 https://bugzilla.suse.com/1003894 https://bugzilla.suse.com/1004702 https://bugzilla.suse.com/1004707 https://bugzilla.suse.com/1006536 https://bugzilla.suse.com/1006538 https://bugzilla.suse.com/1007391 https://bugzilla.suse.com/1007450 https://bugzilla.suse.com/1007454 https://bugzilla.suse.com/1007493 https://bugzilla.suse.com/1007494 https://bugzilla.suse.com/1007495 https://bugzilla.suse.com/996524 https://bugzilla.suse.com/998516 https://bugzilla.suse.com/999661 From sle-updates at lists.suse.com Mon Dec 5 05:07:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 13:07:26 +0100 (CET) Subject: SUSE-SU-2016:3001-1: moderate: Security update for libX11 Message-ID: <20161205120726.38A41FFC1@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3001-1 Rating: moderate References: #1002991 Cross-References: CVE-2016-7942 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libX11 was updated to fix a memory leak that was introduced with the security fix for CVE-2016-7942. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1749=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1749=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1749=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1749=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1749=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1749=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-11.1 libX11-devel-1.6.2-11.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libX11-debugsource-1.6.2-11.1 libX11-devel-1.6.2-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libX11-6-1.6.2-11.1 libX11-6-debuginfo-1.6.2-11.1 libX11-debugsource-1.6.2-11.1 libX11-xcb1-1.6.2-11.1 libX11-xcb1-debuginfo-1.6.2-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libX11-data-1.6.2-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libX11-6-1.6.2-11.1 libX11-6-debuginfo-1.6.2-11.1 libX11-debugsource-1.6.2-11.1 libX11-xcb1-1.6.2-11.1 libX11-xcb1-debuginfo-1.6.2-11.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libX11-6-32bit-1.6.2-11.1 libX11-6-debuginfo-32bit-1.6.2-11.1 libX11-xcb1-32bit-1.6.2-11.1 libX11-xcb1-debuginfo-32bit-1.6.2-11.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libX11-data-1.6.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libX11-6-1.6.2-11.1 libX11-6-debuginfo-1.6.2-11.1 libX11-debugsource-1.6.2-11.1 libX11-xcb1-1.6.2-11.1 libX11-xcb1-debuginfo-1.6.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libX11-6-32bit-1.6.2-11.1 libX11-6-debuginfo-32bit-1.6.2-11.1 libX11-xcb1-32bit-1.6.2-11.1 libX11-xcb1-debuginfo-32bit-1.6.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libX11-data-1.6.2-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libX11-data-1.6.2-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libX11-6-1.6.2-11.1 libX11-6-32bit-1.6.2-11.1 libX11-6-debuginfo-1.6.2-11.1 libX11-6-debuginfo-32bit-1.6.2-11.1 libX11-debugsource-1.6.2-11.1 libX11-xcb1-1.6.2-11.1 libX11-xcb1-32bit-1.6.2-11.1 libX11-xcb1-debuginfo-1.6.2-11.1 libX11-xcb1-debuginfo-32bit-1.6.2-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libX11-data-1.6.2-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libX11-6-1.6.2-11.1 libX11-6-32bit-1.6.2-11.1 libX11-6-debuginfo-1.6.2-11.1 libX11-6-debuginfo-32bit-1.6.2-11.1 libX11-debugsource-1.6.2-11.1 libX11-xcb1-1.6.2-11.1 libX11-xcb1-32bit-1.6.2-11.1 libX11-xcb1-debuginfo-1.6.2-11.1 libX11-xcb1-debuginfo-32bit-1.6.2-11.1 References: https://www.suse.com/security/cve/CVE-2016-7942.html https://bugzilla.suse.com/1002991 From sle-updates at lists.suse.com Mon Dec 5 05:12:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 13:12:17 +0100 (CET) Subject: SUSE-OU-2016:3008-1: Initial release of SAPHanaSR-ScaleOut Message-ID: <20161205121217.10435FFC3@maintenance.suse.de> SUSE Optional Update: Initial release of SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3008-1 Rating: low References: #989162 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update brings support for SAP HANA System Replication for scale-out in the performance optimized scenario. A new package (SAPHanaSR-ScaleOut) has been added to the product. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1750=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): SAPHanaSR-ScaleOut-0.161.1-2.1 References: https://bugzilla.suse.com/989162 From sle-updates at lists.suse.com Mon Dec 5 10:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 18:07:45 +0100 (CET) Subject: SUSE-SU-2016:3010-1: important: Security update for java-1_6_0-ibm Message-ID: <20161205170745.2B827FFC1@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3010-1 Rating: important References: #1009280 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1752=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.35-43.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-43.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-43.2 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.35-43.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 From sle-updates at lists.suse.com Mon Dec 5 12:07:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 20:07:20 +0100 (CET) Subject: SUSE-RU-2016:3012-1: Recommended update for sle-ha-manuals_en Message-ID: <20161205190720.DEA3CFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3012-1 Rating: low References: #1011671 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the Administration Guide for SUSE Linux Enterprise High Availability Extension 11 SP4. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-sle-ha-manuals_en-12870=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sle-ha-manuals_en-12870=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (noarch): sle-ha-guide_en-pdf-11.4-0.23.1 sle-ha-manuals_en-11.4-0.23.1 sle-ha-nfs-quick_en-pdf-11.4-0.23.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (noarch): sle-ha-guide_en-pdf-11.4-0.23.1 sle-ha-manuals_en-11.4-0.23.1 sle-ha-nfs-quick_en-pdf-11.4-0.23.1 References: https://bugzilla.suse.com/1011671 From sle-updates at lists.suse.com Mon Dec 5 13:07:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 21:07:09 +0100 (CET) Subject: SUSE-SU-2016:3014-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20161205200709.AFEE1FFC1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3014-1 Rating: important References: #1009026 #1010395 #1010401 #1010402 #1010404 #1010410 #1010422 #1010427 #1010517 #992549 Cross-References: CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026): - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1754=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1754=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1754=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1754=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1754=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1754=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1754=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1754=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1754=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-devel-45.5.0esr-88.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-devel-3.21.3-50.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-devel-45.5.0esr-88.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-devel-3.21.3-50.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-32bit-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-debuginfo-32bit-3.21.3-50.1 libfreebl3-hmac-3.21.3-50.1 libfreebl3-hmac-32bit-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-32bit-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-debuginfo-32bit-3.21.3-50.1 libsoftokn3-hmac-3.21.3-50.1 libsoftokn3-hmac-32bit-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-32bit-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-32bit-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-32bit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-hmac-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-hmac-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-hmac-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-hmac-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libfreebl3-32bit-3.21.3-50.1 libfreebl3-debuginfo-32bit-3.21.3-50.1 libfreebl3-hmac-32bit-3.21.3-50.1 libsoftokn3-32bit-3.21.3-50.1 libsoftokn3-debuginfo-32bit-3.21.3-50.1 libsoftokn3-hmac-32bit-3.21.3-50.1 mozilla-nss-32bit-3.21.3-50.1 mozilla-nss-certs-32bit-3.21.3-50.1 mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debuginfo-32bit-3.21.3-50.1 mozilla-nss-sysinit-32bit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-hmac-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-hmac-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.21.3-50.1 libfreebl3-debuginfo-32bit-3.21.3-50.1 libfreebl3-hmac-32bit-3.21.3-50.1 libsoftokn3-32bit-3.21.3-50.1 libsoftokn3-debuginfo-32bit-3.21.3-50.1 libsoftokn3-hmac-32bit-3.21.3-50.1 mozilla-nss-32bit-3.21.3-50.1 mozilla-nss-certs-32bit-3.21.3-50.1 mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debuginfo-32bit-3.21.3-50.1 mozilla-nss-sysinit-32bit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-hmac-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-hmac-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.21.3-50.1 libfreebl3-debuginfo-32bit-3.21.3-50.1 libfreebl3-hmac-32bit-3.21.3-50.1 libsoftokn3-32bit-3.21.3-50.1 libsoftokn3-debuginfo-32bit-3.21.3-50.1 libsoftokn3-hmac-32bit-3.21.3-50.1 mozilla-nss-32bit-3.21.3-50.1 mozilla-nss-certs-32bit-3.21.3-50.1 mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debuginfo-32bit-3.21.3-50.1 mozilla-nss-sysinit-32bit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-32bit-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-debuginfo-32bit-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-32bit-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-debuginfo-32bit-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-32bit-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-32bit-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-32bit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.5.0esr-88.1 MozillaFirefox-debuginfo-45.5.0esr-88.1 MozillaFirefox-debugsource-45.5.0esr-88.1 MozillaFirefox-translations-45.5.0esr-88.1 libfreebl3-3.21.3-50.1 libfreebl3-32bit-3.21.3-50.1 libfreebl3-debuginfo-3.21.3-50.1 libfreebl3-debuginfo-32bit-3.21.3-50.1 libsoftokn3-3.21.3-50.1 libsoftokn3-32bit-3.21.3-50.1 libsoftokn3-debuginfo-3.21.3-50.1 libsoftokn3-debuginfo-32bit-3.21.3-50.1 mozilla-nss-3.21.3-50.1 mozilla-nss-32bit-3.21.3-50.1 mozilla-nss-certs-3.21.3-50.1 mozilla-nss-certs-32bit-3.21.3-50.1 mozilla-nss-certs-debuginfo-3.21.3-50.1 mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debuginfo-3.21.3-50.1 mozilla-nss-debuginfo-32bit-3.21.3-50.1 mozilla-nss-debugsource-3.21.3-50.1 mozilla-nss-sysinit-3.21.3-50.1 mozilla-nss-sysinit-32bit-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-3.21.3-50.1 mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1 mozilla-nss-tools-3.21.3-50.1 mozilla-nss-tools-debuginfo-3.21.3-50.1 References: https://www.suse.com/security/cve/CVE-2016-5285.html https://www.suse.com/security/cve/CVE-2016-5290.html https://www.suse.com/security/cve/CVE-2016-5291.html https://www.suse.com/security/cve/CVE-2016-5296.html https://www.suse.com/security/cve/CVE-2016-5297.html https://www.suse.com/security/cve/CVE-2016-9064.html https://www.suse.com/security/cve/CVE-2016-9066.html https://www.suse.com/security/cve/CVE-2016-9074.html https://bugzilla.suse.com/1009026 https://bugzilla.suse.com/1010395 https://bugzilla.suse.com/1010401 https://bugzilla.suse.com/1010402 https://bugzilla.suse.com/1010404 https://bugzilla.suse.com/1010410 https://bugzilla.suse.com/1010422 https://bugzilla.suse.com/1010427 https://bugzilla.suse.com/1010517 https://bugzilla.suse.com/992549 From sle-updates at lists.suse.com Mon Dec 5 15:07:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 23:07:17 +0100 (CET) Subject: SUSE-OU-2016:3016-1: Initial release of sapinit-systemd-compat Message-ID: <20161205220717.16CB5FFC3@maintenance.suse.de> SUSE Optional Update: Initial release of sapinit-systemd-compat ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3016-1 Rating: low References: #988154 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds sapinit-systemd-compat to SUSE Linux Enterprise Server 12 SP1. The package helps systemd to work with sapinit (SAP Host Agent) by introducing a drop-in unit configuration file. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1756=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1756=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1756=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): sapinit-systemd-compat-1.0-2.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): sapinit-systemd-compat-1.0-2.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): sapinit-systemd-compat-1.0-2.1 References: https://bugzilla.suse.com/988154 From sle-updates at lists.suse.com Mon Dec 5 15:07:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 23:07:48 +0100 (CET) Subject: SUSE-RU-2016:3017-1: Recommended update for SLES for SAP 12 SP1 Message-ID: <20161205220748.33E36FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES for SAP 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3017-1 Rating: low References: #1009297 #967069 #972098 #977644 #981446 #982355 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: The following packages have been updated on SUSE Linux Enterprise Server for SAP Applications 12 SP1 on the ppc64le architecture: release-notes-sles-for-sap: - A Release Notes document has been added to SUSE Linux Enterprise Server for SAP Applications 12 SP1. (bsc#967069) SAPHanaSR: - Adapt to changed landscapeHostConfiguration.py interface beginning with SPS12 rev 120. (bsc#982355) - Adapt to removal of interface hdbnsutil -sr_state beginning from rev 112.03. (bsc#981446) - SAPHana resource with Virtual IP not migrating from master to secondary node correctly. (bsc#977644) patterns-sap: - Fix typo in BusinessOne pattern name. (bsc#972098) The following packages have been rebuilt for synchronization of version numbers: yast2-sap-scp, yast2-sap-scp-prodlist, clone-master-clean-up. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1757=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): patterns-sap-b1-12.1-14.1 patterns-sap-hana-12.1-14.1 patterns-sap-nw-12.1-14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): SAPHanaSR-0.152.17-19.2 SAPHanaSR-doc-0.152.17-19.2 clone-master-clean-up-1.0-8.2 release-notes-sles-for-sap-12.1.20160304-5.2.7 yast2-sap-scp-1.0.3-11.2 yast2-sap-scp-prodlist-1.0.2-4.2 References: https://bugzilla.suse.com/1009297 https://bugzilla.suse.com/967069 https://bugzilla.suse.com/972098 https://bugzilla.suse.com/977644 https://bugzilla.suse.com/981446 https://bugzilla.suse.com/982355 From sle-updates at lists.suse.com Mon Dec 5 15:09:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2016 23:09:17 +0100 (CET) Subject: SUSE-RU-2016:3018-1: Recommended update for saptune Message-ID: <20161205220917.84999FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3018-1 Rating: low References: #1009529 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update enhances saptune to tune PowerPC little endian systems in a way similar to x86_64 systems. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2016-1755=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): saptune-1.0.5-3.1 saptune-debuginfo-1.0.5-3.1 saptune-debugsource-1.0.5-3.1 References: https://bugzilla.suse.com/1009529 From sle-updates at lists.suse.com Tue Dec 6 07:07:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2016 15:07:10 +0100 (CET) Subject: SUSE-OU-2016:3022-1: Optional update for python-pyinotify Message-ID: <20161206140710.3C190FFC1@maintenance.suse.de> SUSE Optional Update: Optional update for python-pyinotify ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3022-1 Rating: low References: #1006802 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: python-pyinotify, a Python module for watching filesystems changes has been added to the SUSE Manager Tools 12 Module. This module can be used when setting up Beacons on Salt minions. For more details see https://docs.saltstack.com/en/2015.8/topics/beacons/ Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1759=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): python-pyinotify-0.9.6-8.1 References: https://bugzilla.suse.com/1006802 From sle-updates at lists.suse.com Tue Dec 6 07:07:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2016 15:07:37 +0100 (CET) Subject: SUSE-OU-2016:3023-1: Initial release of compat-libgcrypt11 Message-ID: <20161206140737.D955FFFC3@maintenance.suse.de> SUSE Optional Update: Initial release of compat-libgcrypt11 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3023-1 Rating: low References: #1011556 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for compat-libgcrypt11 fixes the following issues: - package compat-libgcrypt11 for SLE-12 (fate#320852) (bsc#1011556) Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1758=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-libgcrypt11-1.5.0-0.3.1 compat-libgcrypt11-debuginfo-1.5.0-0.3.1 compat-libgcrypt11-debugsource-1.5.0-0.3.1 References: https://bugzilla.suse.com/1011556 From sle-updates at lists.suse.com Tue Dec 6 09:07:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2016 17:07:03 +0100 (CET) Subject: SUSE-RU-2016:3029-1: Recommended update for sleshammer Message-ID: <20161206160703.6DC5DFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3029-1 Rating: low References: #1010038 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - Improve software RAID handling. - Support new version of libgcrypt11- add mdadm, needed for wiping software RAIDs. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-sleshammer-12871=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): sleshammer-0.5-0.19.1 References: https://bugzilla.suse.com/1010038 From sle-updates at lists.suse.com Wed Dec 7 05:07:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 13:07:08 +0100 (CET) Subject: SUSE-RU-2016:3030-1: Recommended update for pidgin Message-ID: <20161207120708.3BC8BFFCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3030-1 Rating: low References: #1009974 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pidgin fixes the following issues: - Pidgin failed to connect to IRC servers that advertise SASL EXTERNAL as the preferred fingerprint authentication mechanism. (bsc#1009974) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1761=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1761=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1761=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): finch-2.11.0-14.1 finch-debuginfo-2.11.0-14.1 libpurple-2.11.0-14.1 libpurple-debuginfo-2.11.0-14.1 libpurple-meanwhile-2.11.0-14.1 libpurple-meanwhile-debuginfo-2.11.0-14.1 libpurple-tcl-2.11.0-14.1 libpurple-tcl-debuginfo-2.11.0-14.1 pidgin-2.11.0-14.1 pidgin-debuginfo-2.11.0-14.1 pidgin-debugsource-2.11.0-14.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): libpurple-lang-2.11.0-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): finch-devel-2.11.0-14.1 libpurple-2.11.0-14.1 libpurple-debuginfo-2.11.0-14.1 libpurple-devel-2.11.0-14.1 pidgin-debuginfo-2.11.0-14.1 pidgin-debugsource-2.11.0-14.1 pidgin-devel-2.11.0-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libpurple-lang-2.11.0-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libpurple-lang-2.11.0-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): finch-2.11.0-14.1 finch-debuginfo-2.11.0-14.1 libpurple-2.11.0-14.1 libpurple-debuginfo-2.11.0-14.1 libpurple-meanwhile-2.11.0-14.1 libpurple-meanwhile-debuginfo-2.11.0-14.1 libpurple-tcl-2.11.0-14.1 libpurple-tcl-debuginfo-2.11.0-14.1 pidgin-2.11.0-14.1 pidgin-debuginfo-2.11.0-14.1 pidgin-debugsource-2.11.0-14.1 References: https://bugzilla.suse.com/1009974 From sle-updates at lists.suse.com Wed Dec 7 09:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 17:08:31 +0100 (CET) Subject: SUSE-SU-2016:3039-1: important: Security update for the Linux Kernel Message-ID: <20161207160831.47C38FFCE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3039-1 Rating: important References: #1008831 #1011685 #1012754 Cross-References: CVE-2016-8632 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various critical security fixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1762=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1762=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1762=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1762=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1762=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1762=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.67-60.64.21.1 kernel-default-debugsource-3.12.67-60.64.21.1 kernel-default-extra-3.12.67-60.64.21.1 kernel-default-extra-debuginfo-3.12.67-60.64.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.67-60.64.21.1 kernel-obs-build-debugsource-3.12.67-60.64.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.67-60.64.21.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.67-60.64.21.1 kernel-default-base-3.12.67-60.64.21.1 kernel-default-base-debuginfo-3.12.67-60.64.21.1 kernel-default-debuginfo-3.12.67-60.64.21.1 kernel-default-debugsource-3.12.67-60.64.21.1 kernel-default-devel-3.12.67-60.64.21.1 kernel-syms-3.12.67-60.64.21.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.67-60.64.21.1 kernel-xen-base-3.12.67-60.64.21.1 kernel-xen-base-debuginfo-3.12.67-60.64.21.1 kernel-xen-debuginfo-3.12.67-60.64.21.1 kernel-xen-debugsource-3.12.67-60.64.21.1 kernel-xen-devel-3.12.67-60.64.21.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.67-60.64.21.1 kernel-macros-3.12.67-60.64.21.1 kernel-source-3.12.67-60.64.21.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.67-60.64.21.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.67-60.64.21.1 kernel-ec2-debuginfo-3.12.67-60.64.21.1 kernel-ec2-debugsource-3.12.67-60.64.21.1 kernel-ec2-devel-3.12.67-60.64.21.1 kernel-ec2-extra-3.12.67-60.64.21.1 kernel-ec2-extra-debuginfo-3.12.67-60.64.21.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-1-2.1 kgraft-patch-3_12_67-60_64_21-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.67-60.64.21.1 kernel-default-debuginfo-3.12.67-60.64.21.1 kernel-default-debugsource-3.12.67-60.64.21.1 kernel-default-devel-3.12.67-60.64.21.1 kernel-default-extra-3.12.67-60.64.21.1 kernel-default-extra-debuginfo-3.12.67-60.64.21.1 kernel-syms-3.12.67-60.64.21.1 kernel-xen-3.12.67-60.64.21.1 kernel-xen-debuginfo-3.12.67-60.64.21.1 kernel-xen-debugsource-3.12.67-60.64.21.1 kernel-xen-devel-3.12.67-60.64.21.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.67-60.64.21.1 kernel-macros-3.12.67-60.64.21.1 kernel-source-3.12.67-60.64.21.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1012754 From sle-updates at lists.suse.com Wed Dec 7 10:07:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 18:07:55 +0100 (CET) Subject: SUSE-SU-2016:3040-1: important: Security update for java-1_6_0-ibm Message-ID: <20161207170755.C0BE7FFCE@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3040-1 Rating: important References: #1009280 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_6_0-ibm-12872=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_6_0-ibm-12872=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_6_0-ibm-12872=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-12872=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12872=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_6_0-ibm-12872=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_6_0-ibm-1.6.0_sr16.35-78.2 java-1_6_0-ibm-devel-1.6.0_sr16.35-78.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-78.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-78.2 java-1_6_0-ibm-plugin-1.6.0_sr16.35-78.2 - SUSE Manager Proxy 2.1 (x86_64): java-1_6_0-ibm-1.6.0_sr16.35-78.2 java-1_6_0-ibm-devel-1.6.0_sr16.35-78.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-78.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-78.2 java-1_6_0-ibm-plugin-1.6.0_sr16.35-78.2 - SUSE Manager 2.1 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.35-78.2 java-1_6_0-ibm-devel-1.6.0_sr16.35-78.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-78.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-78.2 - SUSE Manager 2.1 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.35-78.2 java-1_6_0-ibm-devel-1.6.0_sr16.35-78.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-78.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.35-78.2 java-1_6_0-ibm-devel-1.6.0_sr16.35-78.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-78.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.35-78.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_6_0-ibm-1.6.0_sr16.35-78.2 java-1_6_0-ibm-alsa-1.6.0_sr16.35-78.2 java-1_6_0-ibm-devel-1.6.0_sr16.35-78.2 java-1_6_0-ibm-fonts-1.6.0_sr16.35-78.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.35-78.2 java-1_6_0-ibm-plugin-1.6.0_sr16.35-78.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 From sle-updates at lists.suse.com Wed Dec 7 10:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 18:08:22 +0100 (CET) Subject: SUSE-SU-2016:3041-1: important: Security update for java-1_7_1-ibm Message-ID: <20161207170822.21A41FFD2@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3041-1 Rating: important References: #1009280 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12873=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12873=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.60-19.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 From sle-updates at lists.suse.com Wed Dec 7 11:07:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 19:07:23 +0100 (CET) Subject: SUSE-RU-2016:3042-1: Recommended update for the SUSE Manager Proxy 3.0 release notes Message-ID: <20161207180723.39590FFCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager Proxy 3.0 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3042-1 Rating: low References: #1007029 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager Proxy 3.0 Release Notes have been updated to document: - New features: + New versioning scheme + Support for Salt minions + Salt on expanded support platform - Bugs fixed by latest updates: bsc#980678, bsc#986447, bsc#986770, bsc#989701, bsc#990029 bsc#990202, bsc#990439, bsc#990440, bsc#990738, bsc#991048 bsc#992987, bsc#993039, bsc#993549, bsc#994578, bsc#994619 bsc#996455, bsc#998185, bsc#1001361, bsc#1002529, bsc#1003123 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1765=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (x86_64): release-notes-susemanager-proxy-3.0.1-0.18.1 References: https://bugzilla.suse.com/1007029 From sle-updates at lists.suse.com Wed Dec 7 12:07:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 20:07:13 +0100 (CET) Subject: SUSE-SU-2016:3043-1: important: Security update for java-1_7_1-ibm Message-ID: <20161207190713.B209DFFCF@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3043-1 Rating: important References: #1009280 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 (bsc#1009280) Fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1770=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1770=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1770=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1770=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1770=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1770=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_1-ibm-1.7.1_sr3.60-31.2 java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2 java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2 java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr3.60-31.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2 java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.60-31.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2 java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.60-31.2 java-1_7_1-ibm-devel-1.7.1_sr3.60-31.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-31.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.60-31.2 java-1_7_1-ibm-plugin-1.7.1_sr3.60-31.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 From sle-updates at lists.suse.com Wed Dec 7 12:07:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 20:07:43 +0100 (CET) Subject: SUSE-SU-2016:3044-1: important: Security update for xen Message-ID: <20161207190743.11008FFD2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3044-1 Rating: important References: #1000106 #1000893 #1003030 #1003032 #1005004 #1005005 #1007157 #1009100 #1009103 #1009107 #1009109 #1009111 #1011652 #990843 Cross-References: CVE-2016-6351 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: xen was updated to fix several security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652). - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) This non-security issue was fixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-xen-12874=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-xen-12874=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): xen-devel-4.1.6_08-32.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.44-32.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.44-32.1 xen-libs-4.1.6_08-32.1 xen-tools-domU-4.1.6_08-32.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64): xen-4.1.6_08-32.1 xen-doc-html-4.1.6_08-32.1 xen-doc-pdf-4.1.6_08-32.1 xen-libs-32bit-4.1.6_08-32.1 xen-tools-4.1.6_08-32.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.44-32.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): xen-debuginfo-4.1.6_08-32.1 xen-debugsource-4.1.6_08-32.1 References: https://www.suse.com/security/cve/CVE-2016-6351.html https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1000893 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 https://bugzilla.suse.com/990843 From sle-updates at lists.suse.com Wed Dec 7 12:10:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 20:10:19 +0100 (CET) Subject: SUSE-RU-2016:3045-1: moderate: Recommended update for lrbd Message-ID: <20161207191019.80345FFD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3045-1 Rating: moderate References: #991482 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lrbd fixes the following issues: - Disable tpg until fully configured (bsc#991482) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1766=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): lrbd-1.1.2-11.1 References: https://bugzilla.suse.com/991482 From sle-updates at lists.suse.com Wed Dec 7 12:10:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 20:10:52 +0100 (CET) Subject: SUSE-SU-2016:3046-1: moderate: Security update for w3m Message-ID: <20161207191052.5C3B5FFD2@maintenance.suse.de> SUSE Security Update: Security update for w3m ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3046-1 Rating: moderate References: #1011269 #1011270 #1011271 #1011272 #1011283 #1011284 #1011285 #1011286 #1011287 #1011288 #1011289 #1011290 #1011291 #1011292 #1011293 #1012020 #1012021 #1012022 #1012023 #1012024 #1012025 #1012026 #1012027 #1012028 #1012029 #1012030 #1012031 #1012032 Cross-References: CVE-2010-2074 CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-w3m-12875=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-w3m-12875=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): w3m-0.5.3.git20161120-4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): w3m-debuginfo-0.5.3.git20161120-4.1 w3m-debugsource-0.5.3.git20161120-4.1 References: https://www.suse.com/security/cve/CVE-2010-2074.html https://www.suse.com/security/cve/CVE-2016-9422.html https://www.suse.com/security/cve/CVE-2016-9423.html https://www.suse.com/security/cve/CVE-2016-9424.html https://www.suse.com/security/cve/CVE-2016-9425.html https://www.suse.com/security/cve/CVE-2016-9434.html https://www.suse.com/security/cve/CVE-2016-9435.html https://www.suse.com/security/cve/CVE-2016-9436.html https://www.suse.com/security/cve/CVE-2016-9437.html https://www.suse.com/security/cve/CVE-2016-9438.html https://www.suse.com/security/cve/CVE-2016-9439.html https://www.suse.com/security/cve/CVE-2016-9440.html https://www.suse.com/security/cve/CVE-2016-9441.html https://www.suse.com/security/cve/CVE-2016-9442.html https://www.suse.com/security/cve/CVE-2016-9443.html https://www.suse.com/security/cve/CVE-2016-9621.html https://www.suse.com/security/cve/CVE-2016-9622.html https://www.suse.com/security/cve/CVE-2016-9623.html https://www.suse.com/security/cve/CVE-2016-9624.html https://www.suse.com/security/cve/CVE-2016-9625.html https://www.suse.com/security/cve/CVE-2016-9626.html https://www.suse.com/security/cve/CVE-2016-9627.html https://www.suse.com/security/cve/CVE-2016-9628.html https://www.suse.com/security/cve/CVE-2016-9629.html https://www.suse.com/security/cve/CVE-2016-9630.html https://www.suse.com/security/cve/CVE-2016-9631.html https://www.suse.com/security/cve/CVE-2016-9632.html https://www.suse.com/security/cve/CVE-2016-9633.html https://bugzilla.suse.com/1011269 https://bugzilla.suse.com/1011270 https://bugzilla.suse.com/1011271 https://bugzilla.suse.com/1011272 https://bugzilla.suse.com/1011283 https://bugzilla.suse.com/1011284 https://bugzilla.suse.com/1011285 https://bugzilla.suse.com/1011286 https://bugzilla.suse.com/1011287 https://bugzilla.suse.com/1011288 https://bugzilla.suse.com/1011289 https://bugzilla.suse.com/1011290 https://bugzilla.suse.com/1011291 https://bugzilla.suse.com/1011292 https://bugzilla.suse.com/1011293 https://bugzilla.suse.com/1012020 https://bugzilla.suse.com/1012021 https://bugzilla.suse.com/1012022 https://bugzilla.suse.com/1012023 https://bugzilla.suse.com/1012024 https://bugzilla.suse.com/1012025 https://bugzilla.suse.com/1012026 https://bugzilla.suse.com/1012027 https://bugzilla.suse.com/1012028 https://bugzilla.suse.com/1012029 https://bugzilla.suse.com/1012030 https://bugzilla.suse.com/1012031 https://bugzilla.suse.com/1012032 From sle-updates at lists.suse.com Wed Dec 7 12:15:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 20:15:30 +0100 (CET) Subject: SUSE-SU-2016:3047-1: moderate: Security update for libXi Message-ID: <20161207191530.60160FFD2@maintenance.suse.de> SUSE Security Update: Security update for libXi ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3047-1 Rating: moderate References: #1002998 Cross-References: CVE-2016-7945 CVE-2016-7946 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: libXi was updated to fix two security issues. These security issues were fixed: - CVE-2016-7945: Integer overflows in libXI can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998). - CVE-2016-7946: Insufficient validation of data in libXI can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1767=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1767=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1767=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1767=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1767=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1767=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1767=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libXi-debugsource-1.7.4-17.1 libXi-devel-1.7.4-17.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libXi-debugsource-1.7.4-17.1 libXi-devel-1.7.4-17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libXi-debugsource-1.7.4-17.1 libXi6-1.7.4-17.1 libXi6-debuginfo-1.7.4-17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libXi-debugsource-1.7.4-17.1 libXi6-1.7.4-17.1 libXi6-debuginfo-1.7.4-17.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libXi6-32bit-1.7.4-17.1 libXi6-debuginfo-32bit-1.7.4-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libXi-debugsource-1.7.4-17.1 libXi6-1.7.4-17.1 libXi6-debuginfo-1.7.4-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libXi6-32bit-1.7.4-17.1 libXi6-debuginfo-32bit-1.7.4-17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libXi-debugsource-1.7.4-17.1 libXi6-1.7.4-17.1 libXi6-32bit-1.7.4-17.1 libXi6-debuginfo-1.7.4-17.1 libXi6-debuginfo-32bit-1.7.4-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libXi-debugsource-1.7.4-17.1 libXi6-1.7.4-17.1 libXi6-32bit-1.7.4-17.1 libXi6-debuginfo-1.7.4-17.1 libXi6-debuginfo-32bit-1.7.4-17.1 References: https://www.suse.com/security/cve/CVE-2016-7945.html https://www.suse.com/security/cve/CVE-2016-7946.html https://bugzilla.suse.com/1002998 From sle-updates at lists.suse.com Wed Dec 7 13:07:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 21:07:02 +0100 (CET) Subject: SUSE-SU-2016:3048-1: important: Security update for MozillaFirefox Message-ID: <20161207200702.2C27DF7CA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3048-1 Rating: important References: #1012964 Cross-References: CVE-2016-9079 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes security issues. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bbsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation could be used for code execution (MFSA 2016-92 bsc#1012964) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1771=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1771=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1771=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1771=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1771=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1771=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1771=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1771=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1771=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-devel-45.5.1esr-93.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-devel-45.5.1esr-93.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.5.1esr-93.1 MozillaFirefox-debuginfo-45.5.1esr-93.1 MozillaFirefox-debugsource-45.5.1esr-93.1 MozillaFirefox-translations-45.5.1esr-93.1 References: https://www.suse.com/security/cve/CVE-2016-9079.html https://bugzilla.suse.com/1012964 From sle-updates at lists.suse.com Wed Dec 7 15:07:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2016 23:07:03 +0100 (CET) Subject: SUSE-SU-2016:3049-1: important: Security update for the Linux Kernel Message-ID: <20161207220703.3E18FF7B7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3049-1 Rating: important References: #1008831 #1011685 #1012754 Cross-References: CVE-2016-8632 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive critical security fixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1772=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1772=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1772=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1772=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1772=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1772=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1772=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.21-84.1 kernel-default-debugsource-4.4.21-84.1 kernel-default-extra-4.4.21-84.1 kernel-default-extra-debuginfo-4.4.21-84.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.21-84.1 kernel-obs-build-debugsource-4.4.21-84.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.21-84.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.21-84.1 kernel-default-base-4.4.21-84.1 kernel-default-base-debuginfo-4.4.21-84.1 kernel-default-debuginfo-4.4.21-84.1 kernel-default-debugsource-4.4.21-84.1 kernel-default-devel-4.4.21-84.1 kernel-syms-4.4.21-84.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.21-84.1 kernel-macros-4.4.21-84.1 kernel-source-4.4.21-84.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.21-84.1 kernel-default-base-4.4.21-84.1 kernel-default-base-debuginfo-4.4.21-84.1 kernel-default-debuginfo-4.4.21-84.1 kernel-default-debugsource-4.4.21-84.1 kernel-default-devel-4.4.21-84.1 kernel-syms-4.4.21-84.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.21-84.1 kernel-macros-4.4.21-84.1 kernel-source-4.4.21-84.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.21-84.1 cluster-md-kmp-default-debuginfo-4.4.21-84.1 cluster-network-kmp-default-4.4.21-84.1 cluster-network-kmp-default-debuginfo-4.4.21-84.1 dlm-kmp-default-4.4.21-84.1 dlm-kmp-default-debuginfo-4.4.21-84.1 gfs2-kmp-default-4.4.21-84.1 gfs2-kmp-default-debuginfo-4.4.21-84.1 kernel-default-debuginfo-4.4.21-84.1 kernel-default-debugsource-4.4.21-84.1 ocfs2-kmp-default-4.4.21-84.1 ocfs2-kmp-default-debuginfo-4.4.21-84.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.21-84.1 kernel-default-debuginfo-4.4.21-84.1 kernel-default-debugsource-4.4.21-84.1 kernel-default-devel-4.4.21-84.1 kernel-default-extra-4.4.21-84.1 kernel-default-extra-debuginfo-4.4.21-84.1 kernel-syms-4.4.21-84.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.21-84.1 kernel-macros-4.4.21-84.1 kernel-source-4.4.21-84.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1012754 From sle-updates at lists.suse.com Thu Dec 8 06:07:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 14:07:44 +0100 (CET) Subject: SUSE-SU-2016:3052-1: moderate: Security update for perl-SOAP-Lite Message-ID: <20161208130744.41341F7C7@maintenance.suse.de> SUSE Security Update: Security update for perl-SOAP-Lite ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3052-1 Rating: moderate References: #1011836 Cross-References: CVE-2015-8978 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-SOAP-Lite fixes the following issue: Security issue fixed: - CVE-2015-8978: XML exponential entity expansion denial-of-service (bsc#1011836) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-SOAP-Lite-12876=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-SOAP-Lite-0.710.08-3.1 References: https://www.suse.com/security/cve/CVE-2015-8978.html https://bugzilla.suse.com/1011836 From sle-updates at lists.suse.com Thu Dec 8 06:08:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 14:08:14 +0100 (CET) Subject: SUSE-SU-2016:3053-1: moderate: Security update for w3m Message-ID: <20161208130814.D8CFFF7CA@maintenance.suse.de> SUSE Security Update: Security update for w3m ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3053-1 Rating: moderate References: #1011283 #1011284 #1011285 #1011286 #1011287 #1011288 #1011289 #1011290 #1011291 #1011292 #1011293 #1012021 #1012022 #1012023 #1012024 #1012025 #1012026 #1012027 #1012028 #1012029 #1012030 #1012031 #1012032 Cross-References: CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1774=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1774=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1774=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1774=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1774=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): w3m-0.5.3.git20161120-160.1 w3m-debuginfo-0.5.3.git20161120-160.1 w3m-debugsource-0.5.3.git20161120-160.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): w3m-0.5.3.git20161120-160.1 w3m-debuginfo-0.5.3.git20161120-160.1 w3m-debugsource-0.5.3.git20161120-160.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): w3m-0.5.3.git20161120-160.1 w3m-debuginfo-0.5.3.git20161120-160.1 w3m-debugsource-0.5.3.git20161120-160.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): w3m-0.5.3.git20161120-160.1 w3m-debuginfo-0.5.3.git20161120-160.1 w3m-debugsource-0.5.3.git20161120-160.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): w3m-0.5.3.git20161120-160.1 w3m-debuginfo-0.5.3.git20161120-160.1 w3m-debugsource-0.5.3.git20161120-160.1 References: https://www.suse.com/security/cve/CVE-2016-9434.html https://www.suse.com/security/cve/CVE-2016-9435.html https://www.suse.com/security/cve/CVE-2016-9436.html https://www.suse.com/security/cve/CVE-2016-9437.html https://www.suse.com/security/cve/CVE-2016-9438.html https://www.suse.com/security/cve/CVE-2016-9439.html https://www.suse.com/security/cve/CVE-2016-9440.html https://www.suse.com/security/cve/CVE-2016-9441.html https://www.suse.com/security/cve/CVE-2016-9442.html https://www.suse.com/security/cve/CVE-2016-9443.html https://www.suse.com/security/cve/CVE-2016-9621.html https://www.suse.com/security/cve/CVE-2016-9622.html https://www.suse.com/security/cve/CVE-2016-9623.html https://www.suse.com/security/cve/CVE-2016-9624.html https://www.suse.com/security/cve/CVE-2016-9625.html https://www.suse.com/security/cve/CVE-2016-9626.html https://www.suse.com/security/cve/CVE-2016-9627.html https://www.suse.com/security/cve/CVE-2016-9628.html https://www.suse.com/security/cve/CVE-2016-9629.html https://www.suse.com/security/cve/CVE-2016-9630.html https://www.suse.com/security/cve/CVE-2016-9631.html https://www.suse.com/security/cve/CVE-2016-9632.html https://www.suse.com/security/cve/CVE-2016-9633.html https://bugzilla.suse.com/1011283 https://bugzilla.suse.com/1011284 https://bugzilla.suse.com/1011285 https://bugzilla.suse.com/1011286 https://bugzilla.suse.com/1011287 https://bugzilla.suse.com/1011288 https://bugzilla.suse.com/1011289 https://bugzilla.suse.com/1011290 https://bugzilla.suse.com/1011291 https://bugzilla.suse.com/1011292 https://bugzilla.suse.com/1011293 https://bugzilla.suse.com/1012021 https://bugzilla.suse.com/1012022 https://bugzilla.suse.com/1012023 https://bugzilla.suse.com/1012024 https://bugzilla.suse.com/1012025 https://bugzilla.suse.com/1012026 https://bugzilla.suse.com/1012027 https://bugzilla.suse.com/1012028 https://bugzilla.suse.com/1012029 https://bugzilla.suse.com/1012030 https://bugzilla.suse.com/1012031 https://bugzilla.suse.com/1012032 From sle-updates at lists.suse.com Thu Dec 8 06:12:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 14:12:41 +0100 (CET) Subject: SUSE-SU-2016:3054-1: moderate: Security update for xorg-x11-libX11 Message-ID: <20161208131241.09EAEF7C7@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3054-1 Rating: moderate References: #1002991 Cross-References: CVE-2016-7942 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak (bsc#1002991, CVE-2016-7942) - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (bsc#1002991, CVE-2016-7942) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libX11-12877=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libX11-12877=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-12877=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.65.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.65.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.65.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.65.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.65.1 xorg-x11-libX11-debugsource-7.4-5.11.65.1 References: https://www.suse.com/security/cve/CVE-2016-7942.html https://bugzilla.suse.com/1002991 From sle-updates at lists.suse.com Thu Dec 8 06:13:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 14:13:13 +0100 (CET) Subject: SUSE-RU-2016:3055-1: moderate: Recommended update for wicked Message-ID: <20161208131313.E804AF7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3055-1 Rating: moderate References: #972471 #975466 #988794 #988954 #997027 #998413 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides Wicked 0.6.39, which brings the following fixes and enhancements: - dhcp: Support to define and request custom options, documented in wicked-config(5) and ifcfg-dhcp(5) manual pages. (bsc#988954) - dhcp6: Fix refresh on newprefix workaround. (bsc#972471) - dhcp4: Do not fail in capture on link type change. (bsc#975466) - dhcp4: Ignore invalid options, do not discard complete message. - dhcp4: Log and add sender (server or relay) ethernet hw-address to the lease. - ifdown: Show reasons to skip an action. (bsc#997027) - ifconfig: Fix to consider address scope in dbus model. (bsc#988794) - bonding: Set the primary slave in the master at enslave of the primary when it were not yet ready while setting up bond. (bsc#998413) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1778=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1778=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1778=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwicked-0-6-0.6.39-34.1 libwicked-0-6-debuginfo-0.6.39-34.1 wicked-0.6.39-34.1 wicked-debuginfo-0.6.39-34.1 wicked-debugsource-0.6.39-34.1 wicked-service-0.6.39-34.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libwicked-0-6-0.6.39-34.1 libwicked-0-6-debuginfo-0.6.39-34.1 wicked-0.6.39-34.1 wicked-debuginfo-0.6.39-34.1 wicked-debugsource-0.6.39-34.1 wicked-service-0.6.39-34.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwicked-0-6-0.6.39-34.1 libwicked-0-6-debuginfo-0.6.39-34.1 wicked-0.6.39-34.1 wicked-debuginfo-0.6.39-34.1 wicked-debugsource-0.6.39-34.1 wicked-service-0.6.39-34.1 References: https://bugzilla.suse.com/972471 https://bugzilla.suse.com/975466 https://bugzilla.suse.com/988794 https://bugzilla.suse.com/988954 https://bugzilla.suse.com/997027 https://bugzilla.suse.com/998413 From sle-updates at lists.suse.com Thu Dec 8 06:15:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 14:15:18 +0100 (CET) Subject: SUSE-SU-2016:3056-1: Security update for crowbar-barclamp-trove Message-ID: <20161208131518.80F59F7C8@maintenance.suse.de> SUSE Security Update: Security update for crowbar-barclamp-trove ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3056-1 Rating: low References: #991729 Cross-References: CVE-2016-6829 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crowbar-barclamp-trove fixes the following issues: - Fix initial migration and schema revision. - Set the trove service password to random. (bsc#991729, CVE-2016-6829) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-trove-12878=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-trove-1.9+git.1473844105.932298f-9.1 References: https://www.suse.com/security/cve/CVE-2016-6829.html https://bugzilla.suse.com/991729 From sle-updates at lists.suse.com Thu Dec 8 06:16:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 14:16:00 +0100 (CET) Subject: SUSE-SU-2016:3057-1: moderate: Security update for gc Message-ID: <20161208131600.45301F7CB@maintenance.suse.de> SUSE Security Update: Security update for gc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3057-1 Rating: moderate References: #1011276 Cross-References: CVE-2016-9427 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gc fixes the following issues: - integer overflow in GC_MALLOC_ATOMIC() (CVE-2016-9427, bsc#1011276) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1775=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1775=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1775=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1775=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1775=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1775=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1775=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gc-debugsource-7.2d-5.1 gc-devel-7.2d-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gc-debugsource-7.2d-5.1 gc-devel-7.2d-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gc-debugsource-7.2d-5.1 libgc1-7.2d-5.1 libgc1-debuginfo-7.2d-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gc-debugsource-7.2d-5.1 libgc1-7.2d-5.1 libgc1-debuginfo-7.2d-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gc-debugsource-7.2d-5.1 libgc1-7.2d-5.1 libgc1-debuginfo-7.2d-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gc-debugsource-7.2d-5.1 libgc1-7.2d-5.1 libgc1-debuginfo-7.2d-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gc-debugsource-7.2d-5.1 libgc1-7.2d-5.1 libgc1-debuginfo-7.2d-5.1 References: https://www.suse.com/security/cve/CVE-2016-9427.html https://bugzilla.suse.com/1011276 From sle-updates at lists.suse.com Thu Dec 8 13:07:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2016 21:07:06 +0100 (CET) Subject: SUSE-RU-2016:3062-1: moderate: Recommended update for hawk2 Message-ID: <20161208200706.AA915F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3062-1 Rating: moderate References: #1001357 #1002369 #1006169 #1006831 #1008104 #1008268 #1008321 #1009748 #1009866 #1009867 #1009869 #1009880 #1010602 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for hawk2 provides the following fixes: - Dashboard: Try persisted session before login (bsc#1009880) - Group: Don't duplicate object list on errors (bsc#1009748) - Reports: Show diff from the past, not to the future (bsc#1010602) - UI: Fix typos in RC description for m/s (bsc#1009867) - UI: Hide ACL in mainnav if offline (bsc#1009869) - Batch Mode: Handle CSRF token (bsc#1009866) - Persist session across cluster nodes using attrd_updater (bsc#1009880) - Installation and Setup Quick Start (bsc#1006831) - UI: Use Recent events for both resources and nodes (bsc#1008268) - Cib: Add only node name to feature set map (bsc#1008321) - High: Catch div by 0 when utilization attribute has no value set (bsc#1008104) - UI: Clearer error when creating group with no children (bsc#1006169) - UI: Fix issues with larger markers (bsc#1001357) - Support for configuring event-based alerts (fate#321118) - Increase size of eventcontrol markers (bsc#1001357) - Fix crash when creating alert with recipients (fate#321118) - Set "verify_mode: none" to workaround puma bug in 3.6.0 (bsc#1002369) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1780=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): hawk2-2.0.0+git.1480940121.2c59e4e-34.1 hawk2-debuginfo-2.0.0+git.1480940121.2c59e4e-34.1 hawk2-debugsource-2.0.0+git.1480940121.2c59e4e-34.1 References: https://bugzilla.suse.com/1001357 https://bugzilla.suse.com/1002369 https://bugzilla.suse.com/1006169 https://bugzilla.suse.com/1006831 https://bugzilla.suse.com/1008104 https://bugzilla.suse.com/1008268 https://bugzilla.suse.com/1008321 https://bugzilla.suse.com/1009748 https://bugzilla.suse.com/1009866 https://bugzilla.suse.com/1009867 https://bugzilla.suse.com/1009869 https://bugzilla.suse.com/1009880 https://bugzilla.suse.com/1010602 From sle-updates at lists.suse.com Fri Dec 9 05:07:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 13:07:11 +0100 (CET) Subject: SUSE-SU-2016:3063-1: important: Security update for the Linux Kernel Message-ID: <20161209120711.52089F7C7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3063-1 Rating: important References: #1008831 #1011685 #1012754 Cross-References: CVE-2016-8632 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive critical security fixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1781=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1781=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1781=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.60-52.60.1 kernel-macros-3.12.60-52.60.1 kernel-source-3.12.60-52.60.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.60-52.60.1 kernel-default-base-3.12.60-52.60.1 kernel-default-base-debuginfo-3.12.60-52.60.1 kernel-default-debuginfo-3.12.60-52.60.1 kernel-default-debugsource-3.12.60-52.60.1 kernel-default-devel-3.12.60-52.60.1 kernel-syms-3.12.60-52.60.1 kernel-xen-3.12.60-52.60.1 kernel-xen-base-3.12.60-52.60.1 kernel-xen-base-debuginfo-3.12.60-52.60.1 kernel-xen-debuginfo-3.12.60-52.60.1 kernel-xen-debugsource-3.12.60-52.60.1 kernel-xen-devel-3.12.60-52.60.1 kgraft-patch-3_12_60-52_60-default-1-2.1 kgraft-patch-3_12_60-52_60-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.60-52.60.1 kernel-default-base-3.12.60-52.60.1 kernel-default-base-debuginfo-3.12.60-52.60.1 kernel-default-debuginfo-3.12.60-52.60.1 kernel-default-debugsource-3.12.60-52.60.1 kernel-default-devel-3.12.60-52.60.1 kernel-syms-3.12.60-52.60.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.60-52.60.1 kernel-macros-3.12.60-52.60.1 kernel-source-3.12.60-52.60.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.60-52.60.1 kernel-xen-base-3.12.60-52.60.1 kernel-xen-base-debuginfo-3.12.60-52.60.1 kernel-xen-debuginfo-3.12.60-52.60.1 kernel-xen-debugsource-3.12.60-52.60.1 kernel-xen-devel-3.12.60-52.60.1 kgraft-patch-3_12_60-52_60-default-1-2.1 kgraft-patch-3_12_60-52_60-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.60-52.60.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.60-52.60.1 kernel-ec2-debuginfo-3.12.60-52.60.1 kernel-ec2-debugsource-3.12.60-52.60.1 kernel-ec2-devel-3.12.60-52.60.1 kernel-ec2-extra-3.12.60-52.60.1 kernel-ec2-extra-debuginfo-3.12.60-52.60.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1012754 From sle-updates at lists.suse.com Fri Dec 9 09:07:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 17:07:07 +0100 (CET) Subject: SUSE-RU-2016:3064-1: Recommended update for hawk2 Message-ID: <20161209160707.AEBB3F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3064-1 Rating: low References: #1006169 #1008268 #1009748 #1009867 #1009869 #1010602 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for hawk2 fixes the following issues: - UI: Clearer error when creating group with no children (bsc#1006169) - UI: Use Recent events for both resources and nodes (bsc#1008268) - UI: Fix typos in RC description for m/s (bsc#1009867) - UI: Hide ACL in mainnav if offline (bsc#1009869) - Group: Don't duplicate object list on errors (bsc#1009748) - Reports: Show diff from the past, not to the future (bsc#1010602) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1783=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): hawk2-1.0.1+git.1456406635.49e230d-18.1 hawk2-debuginfo-1.0.1+git.1456406635.49e230d-18.1 hawk2-debugsource-1.0.1+git.1456406635.49e230d-18.1 References: https://bugzilla.suse.com/1006169 https://bugzilla.suse.com/1008268 https://bugzilla.suse.com/1009748 https://bugzilla.suse.com/1009867 https://bugzilla.suse.com/1009869 https://bugzilla.suse.com/1010602 From sle-updates at lists.suse.com Fri Dec 9 09:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 17:08:18 +0100 (CET) Subject: SUSE-RU-2016:3065-1: moderate: Recommended update for haproxy Message-ID: <20161209160818.53513F7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3065-1 Rating: moderate References: #1003264 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides haproxy version 1.6.9, which brings fixes and enhancements: - Properly mark the server address as unset on connect retry. - Fix possible crash when using sc_trackers with wrong table. - Fix random problems with the "sni" directive. - Initialize avail_in/next_in even during flush. - Fix listening IP address storage for frontends. - Fix breakage of "reqdeny" causing random crashes. - Use asynchronous signal delivery and do not unblock undesired signals. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1784=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): haproxy-1.6.9-7.3 haproxy-debuginfo-1.6.9-7.3 haproxy-debugsource-1.6.9-7.3 References: https://bugzilla.suse.com/1003264 From sle-updates at lists.suse.com Fri Dec 9 09:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 17:08:42 +0100 (CET) Subject: SUSE-RU-2016:3066-1: moderate: Recommended update for systemd Message-ID: <20161209160842.140F7F7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3066-1 Rating: moderate References: #1001790 #1004289 #1005404 #1006372 #1006690 #989831 #991443 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - Allow to redirect confirmation messages to a different console. (bsc#1006690) - Do not bind a mount unit to a device, if it was from mountinfo. (bsc#989831) - Decrease systemd-nspawn's non-fatal mount errors to debug level. (bsc#1004289) - Don't emit space usage message right after opening the persistent journal. (bsc#991443) - Change owner of /var/log/journal/remote and create /var/lib/systemd/journal-upload. (bsc#1006372) - Document that *KeyIgnoreInhibited only apply to a subset of locks. - Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf". (bsc#1001790, bsc#1005404) - Revert "kbd-model-map: add more mappings offered by Yast". - Don't busy loop when we get a notification message we can't process. - Rename kbd-model-map-extra into kbd-model-map.legacy. - Add kbd-model-map-extra file which contains the additional maps needed by YaST. - Drop localfs.service: unused and not needed anymore. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1782=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1782=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1782=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1782=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-121.1 systemd-debuginfo-228-121.1 systemd-debugsource-228-121.1 systemd-devel-228-121.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-121.1 libsystemd0-debuginfo-228-121.1 libudev1-228-121.1 libudev1-debuginfo-228-121.1 systemd-228-121.1 systemd-debuginfo-228-121.1 systemd-debugsource-228-121.1 systemd-sysvinit-228-121.1 udev-228-121.1 udev-debuginfo-228-121.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-121.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsystemd0-228-121.1 libsystemd0-debuginfo-228-121.1 libudev1-228-121.1 libudev1-debuginfo-228-121.1 systemd-228-121.1 systemd-debuginfo-228-121.1 systemd-debugsource-228-121.1 systemd-sysvinit-228-121.1 udev-228-121.1 udev-debuginfo-228-121.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-121.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsystemd0-32bit-228-121.1 libsystemd0-debuginfo-32bit-228-121.1 libudev1-32bit-228-121.1 libudev1-debuginfo-32bit-228-121.1 systemd-32bit-228-121.1 systemd-debuginfo-32bit-228-121.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-121.1 libsystemd0-32bit-228-121.1 libsystemd0-debuginfo-228-121.1 libsystemd0-debuginfo-32bit-228-121.1 libudev1-228-121.1 libudev1-32bit-228-121.1 libudev1-debuginfo-228-121.1 libudev1-debuginfo-32bit-228-121.1 systemd-228-121.1 systemd-32bit-228-121.1 systemd-debuginfo-228-121.1 systemd-debuginfo-32bit-228-121.1 systemd-debugsource-228-121.1 systemd-sysvinit-228-121.1 udev-228-121.1 udev-debuginfo-228-121.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-121.1 References: https://bugzilla.suse.com/1001790 https://bugzilla.suse.com/1004289 https://bugzilla.suse.com/1005404 https://bugzilla.suse.com/1006372 https://bugzilla.suse.com/1006690 https://bugzilla.suse.com/989831 https://bugzilla.suse.com/991443 From sle-updates at lists.suse.com Fri Dec 9 10:07:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 18:07:26 +0100 (CET) Subject: SUSE-SU-2016:3067-1: important: Security update for xen Message-ID: <20161209170726.7DD8BF7CB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3067-1 Rating: important References: #1000106 #1003030 #1003032 #1004981 #1005004 #1005005 #1007157 #1007941 #1009100 #1009103 #1009104 #1009105 #1009107 #1009108 #1009109 #1009111 #1011652 Cross-References: CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652). - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100). - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103). - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104). - CVE-2016-9384: Guest 32-bit ELF symbol table load leaking host data to unprivileged guest users (bsc#1009105). - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107). - CVE-2016-9377: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108). - CVE-2016-9378: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109). - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111). - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111). - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106). - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004). - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030). - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032). These non-security issues were fixed: - bsc#1004981: Xen RPM didn't contain debug hypervisor for EFI systems - bsc#1007941: Xen tools limited the number of vcpus to 256 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1785=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1785=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1785=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.1_02-25.1 xen-devel-4.7.1_02-25.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.1_02-25.1 xen-debugsource-4.7.1_02-25.1 xen-doc-html-4.7.1_02-25.1 xen-libs-32bit-4.7.1_02-25.1 xen-libs-4.7.1_02-25.1 xen-libs-debuginfo-32bit-4.7.1_02-25.1 xen-libs-debuginfo-4.7.1_02-25.1 xen-tools-4.7.1_02-25.1 xen-tools-debuginfo-4.7.1_02-25.1 xen-tools-domU-4.7.1_02-25.1 xen-tools-domU-debuginfo-4.7.1_02-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.1_02-25.1 xen-debugsource-4.7.1_02-25.1 xen-libs-32bit-4.7.1_02-25.1 xen-libs-4.7.1_02-25.1 xen-libs-debuginfo-32bit-4.7.1_02-25.1 xen-libs-debuginfo-4.7.1_02-25.1 References: https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9377.html https://www.suse.com/security/cve/CVE-2016-9378.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9384.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1004981 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007941 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009105 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009108 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 From sle-updates at lists.suse.com Fri Dec 9 10:10:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 18:10:37 +0100 (CET) Subject: SUSE-SU-2016:3068-1: important: Security update for java-1_7_0-ibm Message-ID: <20161209171037.457BAF7C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3068-1 Rating: important References: #1009280 #992537 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12879=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-12879=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-12879=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-12879=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12879=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-12879=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Fri Dec 9 10:11:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 18:11:18 +0100 (CET) Subject: SUSE-SU-2016:3069-1: important: Security update for the Linux Kernel Message-ID: <20161209171118.D8155F7CA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3069-1 Rating: important References: #1000189 #1001419 #1002165 #1004418 #732582 #839104 #843236 #909994 #911687 #915183 #920016 #934760 #951392 #956514 #960689 #963655 #971975 #971989 #974620 #976867 #977687 #979514 #979595 #979681 #980371 #982218 #982783 #983535 #983619 #984102 #984194 #984992 #985206 #986362 #986365 #986445 #987565 #988440 #989152 #989261 #989779 #991608 #991665 #991923 #992566 #993127 #993890 #993891 #994296 #994436 #994618 #994759 #994926 #996329 #996664 #997708 #998399 #999584 #999600 #999932 Cross-References: CVE-2013-4312 CVE-2015-7513 CVE-2016-0823 CVE-2016-3841 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 CVE-2016-7425 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. This feature was added: - Support for the 2017 Intel Purley platform. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296) - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608) - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932) The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg. - AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs. - ALSA: hda - Add Intel Lewisburg device IDs Audio. - avoid dentry crash triggered by NFS (bsc#984194). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514) - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - fs/select: introduce SIZE_MAX (bsc#1000189). - i2c: i801: add Intel Lewisburg device IDs. - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - KVM: x86: SYSENTER emulation is broken (bsc#994618). - libfc: sanity check cpu number extracted from xid (bsc#988440). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - md: lockless I/O submission for RAID1 (bsc#982783). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - ppp: defer netns reference release for ppp channel (bsc#980371). - random32: add prandom_u32_max (bsc#989152). - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - s390/dasd: fix hanging device after clear subchannel (bnc#994436). - sata: Adding Intel Lewisburg device IDs for SATA. - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print "reservation conflict" for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list- are.patch (add bsc#732582 reference). - USB: fix typo in wMaxPacketSize validation (bsc#991665). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: don't deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-source-12880=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-12880=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-65.1 kernel-rt-base-3.0.101.rt130-65.1 kernel-rt-devel-3.0.101.rt130-65.1 kernel-rt_trace-3.0.101.rt130-65.1 kernel-rt_trace-base-3.0.101.rt130-65.1 kernel-rt_trace-devel-3.0.101.rt130-65.1 kernel-source-rt-3.0.101.rt130-65.1 kernel-syms-rt-3.0.101.rt130-65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-65.1 kernel-rt-debugsource-3.0.101.rt130-65.1 kernel-rt_debug-debuginfo-3.0.101.rt130-65.1 kernel-rt_debug-debugsource-3.0.101.rt130-65.1 kernel-rt_trace-debuginfo-3.0.101.rt130-65.1 kernel-rt_trace-debugsource-3.0.101.rt130-65.1 References: https://www.suse.com/security/cve/CVE-2013-4312.html https://www.suse.com/security/cve/CVE-2015-7513.html https://www.suse.com/security/cve/CVE-2016-0823.html https://www.suse.com/security/cve/CVE-2016-3841.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7425.html https://bugzilla.suse.com/1000189 https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1004418 https://bugzilla.suse.com/732582 https://bugzilla.suse.com/839104 https://bugzilla.suse.com/843236 https://bugzilla.suse.com/909994 https://bugzilla.suse.com/911687 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/934760 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/960689 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/976867 https://bugzilla.suse.com/977687 https://bugzilla.suse.com/979514 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/982218 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/983535 https://bugzilla.suse.com/983619 https://bugzilla.suse.com/984102 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/984992 https://bugzilla.suse.com/985206 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/987565 https://bugzilla.suse.com/988440 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989261 https://bugzilla.suse.com/989779 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/991923 https://bugzilla.suse.com/992566 https://bugzilla.suse.com/993127 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994436 https://bugzilla.suse.com/994618 https://bugzilla.suse.com/994759 https://bugzilla.suse.com/994926 https://bugzilla.suse.com/996329 https://bugzilla.suse.com/996664 https://bugzilla.suse.com/997708 https://bugzilla.suse.com/998399 https://bugzilla.suse.com/999584 https://bugzilla.suse.com/999600 https://bugzilla.suse.com/999932 From sle-updates at lists.suse.com Fri Dec 9 12:07:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2016 20:07:22 +0100 (CET) Subject: SUSE-RU-2016:3070-1: moderate: Recommended update for systemd Message-ID: <20161209190723.0582EF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3070-1 Rating: moderate References: #1001790 #1005404 #1005497 #964168 #968183 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - Rename kbd-model-map-extra into kbd-model-map.legacy. - Document that *KeyIgnoreInhibited only apply to a subset of locks. - Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf". (bsc#1001790, bsc#1005404) - Make sure 'systemctl list-jobs' doesn't return failure on success. (bsc#1005497) - Don't busy loop when we get a notification message we can't process. - Disable seccomp for ppc64le. (bsc#964168) - Add "mac-us" in kbd-model-map-extra. (bsc#968183) - Add kbd-model-map-extra file which contains the additional maps needed by YaST. - Drop localfs.service: unused and not needed anymore. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1788=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1788=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1788=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-116.3.3 libudev-devel-210-116.3.3 systemd-debuginfo-210-116.3.3 systemd-debugsource-210-116.3.3 systemd-devel-210-116.3.3 typelib-1_0-GUdev-1_0-210-116.3.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-116.3.3 libgudev-1_0-0-debuginfo-210-116.3.3 libudev1-210-116.3.3 libudev1-debuginfo-210-116.3.3 systemd-210-116.3.3 systemd-debuginfo-210-116.3.3 systemd-debugsource-210-116.3.3 systemd-sysvinit-210-116.3.3 udev-210-116.3.3 udev-debuginfo-210-116.3.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-116.3.3 libgudev-1_0-0-debuginfo-32bit-210-116.3.3 libudev1-32bit-210-116.3.3 libudev1-debuginfo-32bit-210-116.3.3 systemd-32bit-210-116.3.3 systemd-debuginfo-32bit-210-116.3.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-116.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-116.3.3 libgudev-1_0-0-32bit-210-116.3.3 libgudev-1_0-0-debuginfo-210-116.3.3 libgudev-1_0-0-debuginfo-32bit-210-116.3.3 libudev1-210-116.3.3 libudev1-32bit-210-116.3.3 libudev1-debuginfo-210-116.3.3 libudev1-debuginfo-32bit-210-116.3.3 systemd-210-116.3.3 systemd-32bit-210-116.3.3 systemd-debuginfo-210-116.3.3 systemd-debuginfo-32bit-210-116.3.3 systemd-debugsource-210-116.3.3 systemd-sysvinit-210-116.3.3 udev-210-116.3.3 udev-debuginfo-210-116.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-116.3.3 References: https://bugzilla.suse.com/1001790 https://bugzilla.suse.com/1005404 https://bugzilla.suse.com/1005497 https://bugzilla.suse.com/964168 https://bugzilla.suse.com/968183 From sle-updates at lists.suse.com Fri Dec 9 17:07:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2016 01:07:07 +0100 (CET) Subject: SUSE-RU-2016:3076-1: moderate: Recommended update for dbus-1 Message-ID: <20161210000707.C4A0EF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3076-1 Rating: moderate References: #1010769 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dbus-1 fixes a rare race condition that could lead to dbus-launch(1) killing unrelated processes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-dbus-1-12881=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-dbus-1-12881=1 - SUSE Manager 2.1: zypper in -t patch sleman21-dbus-1-12881=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dbus-1-12881=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dbus-1-12881=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-dbus-1-12881=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-dbus-1-12881=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dbus-1-12881=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dbus-1-12881=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dbus-1-12881=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-dbus-1-12881=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): dbus-1-1.2.10-3.33.1 dbus-1-32bit-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Manager Proxy 2.1 (x86_64): dbus-1-1.2.10-3.33.1 dbus-1-32bit-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Manager 2.1 (s390x x86_64): dbus-1-1.2.10-3.33.1 dbus-1-32bit-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): dbus-1-devel-1.2.10-3.33.1 dbus-1-devel-doc-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dbus-1-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): dbus-1-32bit-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): dbus-1-x86-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): dbus-1-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): dbus-1-32bit-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): dbus-1-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): dbus-1-32bit-1.2.10-3.33.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dbus-1-1.2.10-3.33.1 dbus-1-x11-1.2.10-3.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dbus-1-debuginfo-1.2.10-3.33.1 dbus-1-debugsource-1.2.10-3.33.1 dbus-1-x11-debuginfo-1.2.10-3.33.1 dbus-1-x11-debugsource-1.2.10-3.33.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dbus-1-debuginfo-1.2.10-3.33.1 dbus-1-debugsource-1.2.10-3.33.1 dbus-1-x11-debuginfo-1.2.10-3.33.1 dbus-1-x11-debugsource-1.2.10-3.33.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): dbus-1-debuginfo-1.2.10-3.33.1 dbus-1-debugsource-1.2.10-3.33.1 dbus-1-x11-debuginfo-1.2.10-3.33.1 dbus-1-x11-debugsource-1.2.10-3.33.1 References: https://bugzilla.suse.com/1010769 From sle-updates at lists.suse.com Sat Dec 10 15:07:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2016 23:07:21 +0100 (CET) Subject: SUSE-SU-2016:3078-1: important: Security update for java-1_8_0-ibm Message-ID: <20161210220721.370B3F7C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3078-1 Rating: important References: #1009280 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - CVE-2016-5568: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT - CVE-2016-5556: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D - CVE-2016-5573: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot - CVE-2016-5597: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to Networking - CVE-2016-5554: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to JMX - CVE-2016-5542: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to Libraries Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1792=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1792=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1792=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1792=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr3.21-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr3.21-20.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr3.21-20.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr3.21-20.1 java-1_8_0-ibm-plugin-1.8.0_sr3.21-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr3.21-20.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr3.21-20.1 java-1_8_0-ibm-plugin-1.8.0_sr3.21-20.1 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 From sle-updates at lists.suse.com Sat Dec 10 15:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2016 23:07:49 +0100 (CET) Subject: SUSE-SU-2016:3079-1: important: Security update for tomcat Message-ID: <20161210220749.21DA2F7CB@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3079-1 Rating: important References: #1002639 #1004728 #1007853 #1007854 #1007855 #1007857 #1007858 #1010893 #1011805 #1011812 #974407 Cross-References: CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has four fixes is now available. Description: This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bugs fixed: - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728) - Enabled optional setenv.sh script. See section '(3.4) Using the "setenv" script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt. (bsc#1002639) - Fixed regression caused by CVE-2016-6816. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1791=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): tomcat-8.0.32-10.13.2 tomcat-admin-webapps-8.0.32-10.13.2 tomcat-docs-webapp-8.0.32-10.13.2 tomcat-el-3_0-api-8.0.32-10.13.2 tomcat-javadoc-8.0.32-10.13.2 tomcat-jsp-2_3-api-8.0.32-10.13.2 tomcat-lib-8.0.32-10.13.2 tomcat-servlet-3_1-api-8.0.32-10.13.2 tomcat-webapps-8.0.32-10.13.2 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://bugzilla.suse.com/1002639 https://bugzilla.suse.com/1004728 https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1010893 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/974407 From sle-updates at lists.suse.com Sat Dec 10 15:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2016 23:09:48 +0100 (CET) Subject: SUSE-SU-2016:3080-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20161210220948.C1605F7C7@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3080-1 Rating: important References: #1000751 #1009026 #1010395 #1010401 #1010402 #1010404 #1010410 #1010422 #1010427 #1010517 #1012964 #992549 Cross-References: CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has three fixes is now available. Description: This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-mfsa2016-90-12882=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-mfsa2016-90-12882=1 - SUSE Manager 2.1: zypper in -t patch sleman21-mfsa2016-90-12882=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mfsa2016-90-12882=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mfsa2016-90-12882=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mfsa2016-90-12882=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mfsa2016-90-12882=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mfsa2016-90-12882=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mfsa2016-90-12882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.5.1esr-59.1 MozillaFirefox-translations-45.5.1esr-59.1 libfreebl3-3.21.3-39.1 libfreebl3-32bit-3.21.3-39.1 libsoftokn3-3.21.3-39.1 libsoftokn3-32bit-3.21.3-39.1 mozilla-nss-3.21.3-39.1 mozilla-nss-32bit-3.21.3-39.1 mozilla-nss-tools-3.21.3-39.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.5.1esr-59.1 MozillaFirefox-translations-45.5.1esr-59.1 libfreebl3-3.21.3-39.1 libfreebl3-32bit-3.21.3-39.1 libsoftokn3-3.21.3-39.1 libsoftokn3-32bit-3.21.3-39.1 mozilla-nss-3.21.3-39.1 mozilla-nss-32bit-3.21.3-39.1 mozilla-nss-tools-3.21.3-39.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.5.1esr-59.1 MozillaFirefox-translations-45.5.1esr-59.1 libfreebl3-3.21.3-39.1 libfreebl3-32bit-3.21.3-39.1 libsoftokn3-3.21.3-39.1 libsoftokn3-32bit-3.21.3-39.1 mozilla-nss-3.21.3-39.1 mozilla-nss-32bit-3.21.3-39.1 mozilla-nss-tools-3.21.3-39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.5.1esr-59.1 mozilla-nss-devel-3.21.3-39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.5.1esr-59.1 MozillaFirefox-translations-45.5.1esr-59.1 libfreebl3-3.21.3-39.1 libsoftokn3-3.21.3-39.1 mozilla-nss-3.21.3-39.1 mozilla-nss-tools-3.21.3-39.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.21.3-39.1 libsoftokn3-32bit-3.21.3-39.1 mozilla-nss-32bit-3.21.3-39.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.21.3-39.1 libsoftokn3-x86-3.21.3-39.1 mozilla-nss-x86-3.21.3-39.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.5.1esr-59.1 MozillaFirefox-translations-45.5.1esr-59.1 libfreebl3-3.21.3-39.1 libsoftokn3-3.21.3-39.1 mozilla-nss-3.21.3-39.1 mozilla-nss-tools-3.21.3-39.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.21.3-39.1 libsoftokn3-32bit-3.21.3-39.1 mozilla-nss-32bit-3.21.3-39.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.5.1esr-59.1 MozillaFirefox-translations-45.5.1esr-59.1 libfreebl3-3.21.3-39.1 libsoftokn3-3.21.3-39.1 mozilla-nss-3.21.3-39.1 mozilla-nss-tools-3.21.3-39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.5.1esr-59.1 MozillaFirefox-debugsource-45.5.1esr-59.1 mozilla-nss-debuginfo-3.21.3-39.1 mozilla-nss-debugsource-3.21.3-39.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.5.1esr-59.1 MozillaFirefox-debugsource-45.5.1esr-59.1 mozilla-nss-debuginfo-3.21.3-39.1 mozilla-nss-debugsource-3.21.3-39.1 References: https://www.suse.com/security/cve/CVE-2016-5285.html https://www.suse.com/security/cve/CVE-2016-5290.html https://www.suse.com/security/cve/CVE-2016-5291.html https://www.suse.com/security/cve/CVE-2016-5296.html https://www.suse.com/security/cve/CVE-2016-5297.html https://www.suse.com/security/cve/CVE-2016-9064.html https://www.suse.com/security/cve/CVE-2016-9066.html https://www.suse.com/security/cve/CVE-2016-9074.html https://www.suse.com/security/cve/CVE-2016-9079.html https://bugzilla.suse.com/1000751 https://bugzilla.suse.com/1009026 https://bugzilla.suse.com/1010395 https://bugzilla.suse.com/1010401 https://bugzilla.suse.com/1010402 https://bugzilla.suse.com/1010404 https://bugzilla.suse.com/1010410 https://bugzilla.suse.com/1010422 https://bugzilla.suse.com/1010427 https://bugzilla.suse.com/1010517 https://bugzilla.suse.com/1012964 https://bugzilla.suse.com/992549 From sle-updates at lists.suse.com Sat Dec 10 15:11:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2016 23:11:57 +0100 (CET) Subject: SUSE-SU-2016:3081-1: important: Security update for tomcat Message-ID: <20161210221157.883D2F7C7@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3081-1 Rating: important References: #1002639 #1007853 #1007854 #1007855 #1007857 #1007858 #1010893 #1011805 #1011812 Cross-References: CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Security Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bug fixes: - Enabled optional setenv.sh script. See section '(3.4) Using the "setenv" script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt. (bsc#1002639) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1790=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1790=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): tomcat-8.0.36-17.1 tomcat-admin-webapps-8.0.36-17.1 tomcat-docs-webapp-8.0.36-17.1 tomcat-el-3_0-api-8.0.36-17.1 tomcat-javadoc-8.0.36-17.1 tomcat-jsp-2_3-api-8.0.36-17.1 tomcat-lib-8.0.36-17.1 tomcat-servlet-3_1-api-8.0.36-17.1 tomcat-webapps-8.0.36-17.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): tomcat-8.0.36-17.1 tomcat-admin-webapps-8.0.36-17.1 tomcat-docs-webapp-8.0.36-17.1 tomcat-el-3_0-api-8.0.36-17.1 tomcat-javadoc-8.0.36-17.1 tomcat-jsp-2_3-api-8.0.36-17.1 tomcat-lib-8.0.36-17.1 tomcat-servlet-3_1-api-8.0.36-17.1 tomcat-webapps-8.0.36-17.1 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://bugzilla.suse.com/1002639 https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1010893 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 From sle-updates at lists.suse.com Mon Dec 12 05:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 13:07:57 +0100 (CET) Subject: SUSE-SU-2016:3083-1: important: Security update for xen Message-ID: <20161212120757.9F632FF5D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3083-1 Rating: important References: #1000106 #1003030 #1003032 #1003870 #1004016 #1005004 #1005005 #1007157 #1007160 #1009100 #1009103 #1009104 #1009107 #1009108 #1009109 #1009111 #1011652 Cross-References: CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-7995 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for xen to version 4.5.5 fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9378: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108) - CVE-2016-9377: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7995: A memory leak in ehci_process_itd allowed a privileged user inside guest to DoS the host (bsc#1003870). - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1004016). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1795=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1795=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1795=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.5_02-22.3.1 xen-devel-4.5.5_02-22.3.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.5_02-22.3.1 xen-debugsource-4.5.5_02-22.3.1 xen-doc-html-4.5.5_02-22.3.1 xen-kmp-default-4.5.5_02_k3.12.67_60.64.18-22.3.1 xen-kmp-default-debuginfo-4.5.5_02_k3.12.67_60.64.18-22.3.1 xen-libs-32bit-4.5.5_02-22.3.1 xen-libs-4.5.5_02-22.3.1 xen-libs-debuginfo-32bit-4.5.5_02-22.3.1 xen-libs-debuginfo-4.5.5_02-22.3.1 xen-tools-4.5.5_02-22.3.1 xen-tools-debuginfo-4.5.5_02-22.3.1 xen-tools-domU-4.5.5_02-22.3.1 xen-tools-domU-debuginfo-4.5.5_02-22.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.5_02-22.3.1 xen-debugsource-4.5.5_02-22.3.1 xen-kmp-default-4.5.5_02_k3.12.67_60.64.18-22.3.1 xen-kmp-default-debuginfo-4.5.5_02_k3.12.67_60.64.18-22.3.1 xen-libs-32bit-4.5.5_02-22.3.1 xen-libs-4.5.5_02-22.3.1 xen-libs-debuginfo-32bit-4.5.5_02-22.3.1 xen-libs-debuginfo-4.5.5_02-22.3.1 References: https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-7995.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9377.html https://www.suse.com/security/cve/CVE-2016-9378.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1003870 https://bugzilla.suse.com/1004016 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009108 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 From sle-updates at lists.suse.com Mon Dec 12 05:11:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 13:11:09 +0100 (CET) Subject: SUSE-SU-2016:3084-1: moderate: Security update for Docker and dependencies Message-ID: <20161212121109.3936CFF5D@maintenance.suse.de> SUSE Security Update: Security update for Docker and dependencies ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3084-1 Rating: moderate References: #1004490 #1006368 #1007249 #1009961 #974208 #978260 #983015 #987198 #988408 #989566 #995058 #995102 #995620 #996015 #999582 Cross-References: CVE-2016-8867 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that solves one vulnerability and has 14 fixes is now available. Description: This update for Docker and its dependencies fixes the following issues: - fix runc and containerd revisions (bsc#1009961) docker: - Updates version 1.11.2 to 1.12.3 (bsc#1004490, bsc#996015, bsc#995058) - Fix ambient capability usage in containers (bsc#1007249, CVE-2016-8867) - Change the internal mountpoint name to not use ":" as that character can be considered a special character by other tools. (bsc#999582) - Add dockerd(8) man page. - Package docker-proxy (which was split out of the docker binary in 1.12). (bsc#995620) - Docker "migrator" prevents installing "docker", if docker 1.9 was installed before but there were no images. (bsc#995102) - Specify an "OCI" runtime for our runc package explicitly. (bsc#978260) - Use gcc6-go instead of gcc5-go (bsc#988408) For a detailed description of all fixes and improvements, please refer to: https://github.com/docker/docker/releases/tag/v1.12.3 https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md https://github.com/docker/docker/releases/tag/v1.12.1 https://github.com/docker/docker/releases/tag/v1.12.0 containerd: - Update to current version required from Docker 1.12.3. - Add missing Requires(post): %fillup_prereq. (bsc#1006368) - Use gcc6-go instead of gcc5-go. (bsc#988408) runc: - Update to current version required from Docker 1.12.3. - Use gcc6-go instead of gcc5-go. (bsc#988408) rubygem-excon: - Updates version from 0.39.6 to 0.52.0. For a detailed description of all fixes and improvements, please refer to the installed changelog.txt. rubygem-docker-api: - Updated version from 1.17.0 to 1.31.0. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1794=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1794=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): containerd-0.2.4+gitr565_0366d7e-9.1 containerd-debuginfo-0.2.4+gitr565_0366d7e-9.1 containerd-debugsource-0.2.4+gitr565_0366d7e-9.1 docker-1.12.3-81.2 docker-debuginfo-1.12.3-81.2 docker-debugsource-1.12.3-81.2 runc-0.1.1+gitr2816_02f8fa7-9.1 runc-debuginfo-0.1.1+gitr2816_02f8fa7-9.1 runc-debugsource-0.1.1+gitr2816_02f8fa7-9.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-0.2.4+gitr565_0366d7e-9.1 containerd-debuginfo-0.2.4+gitr565_0366d7e-9.1 containerd-debugsource-0.2.4+gitr565_0366d7e-9.1 docker-1.12.3-81.2 docker-debuginfo-1.12.3-81.2 docker-debugsource-1.12.3-81.2 ruby2.1-rubygem-docker-api-1.31.0-11.2 ruby2.1-rubygem-excon-0.52.0-9.1 runc-0.1.1+gitr2816_02f8fa7-9.1 runc-debuginfo-0.1.1+gitr2816_02f8fa7-9.1 runc-debugsource-0.1.1+gitr2816_02f8fa7-9.1 References: https://www.suse.com/security/cve/CVE-2016-8867.html https://bugzilla.suse.com/1004490 https://bugzilla.suse.com/1006368 https://bugzilla.suse.com/1007249 https://bugzilla.suse.com/1009961 https://bugzilla.suse.com/974208 https://bugzilla.suse.com/978260 https://bugzilla.suse.com/983015 https://bugzilla.suse.com/987198 https://bugzilla.suse.com/988408 https://bugzilla.suse.com/989566 https://bugzilla.suse.com/995058 https://bugzilla.suse.com/995102 https://bugzilla.suse.com/995620 https://bugzilla.suse.com/996015 https://bugzilla.suse.com/999582 From sle-updates at lists.suse.com Mon Dec 12 11:07:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 19:07:33 +0100 (CET) Subject: SUSE-SU-2016:3093-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 Message-ID: <20161212180733.382E3FF5D@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3093-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1799=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-7-2.1 kgraft-patch-3_12_51-60_25-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Mon Dec 12 11:08:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 19:08:21 +0100 (CET) Subject: SUSE-SU-2016:3094-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 Message-ID: <20161212180821.927CFFF8A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3094-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1797=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-8-23.2 kgraft-patch-3_12_49-11-xen-8-23.2 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Mon Dec 12 11:09:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 19:09:40 +0100 (CET) Subject: SUSE-SU-2016:3096-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20161212180940.6C3CAFF8A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3096-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1802=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-5-2.1 kgraft-patch-3_12_59-60_45-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Mon Dec 12 11:10:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 19:10:39 +0100 (CET) Subject: SUSE-SU-2016:3098-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 Message-ID: <20161212181039.BB9D2FF8A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3098-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1800=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-6-2.1 kgraft-patch-3_12_53-60_30-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Mon Dec 12 11:14:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 19:14:11 +0100 (CET) Subject: SUSE-SU-2016:3100-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 Message-ID: <20161212181411.D73D4FF5D@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3100-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_20 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1798=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-8-2.1 kgraft-patch-3_12_51-60_20-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Mon Dec 12 11:22:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2016 19:22:19 +0100 (CET) Subject: SUSE-SU-2016:3104-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20161212182219.C8537FF5D@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3104-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1801=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-5-2.1 kgraft-patch-3_12_57-60_35-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 05:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 13:07:49 +0100 (CET) Subject: SUSE-SU-2016:3105-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20161213120749.81178FF05@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3105-1 Rating: important References: #1000751 #1009026 #1010395 #1010401 #1010402 #1010404 #1010410 #1010422 #1010427 #1010517 #1012964 #992549 Cross-References: CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has three fixes is now available. Description: This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026): - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-mfs2016-90-12883=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-mfs2016-90-12883=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-45.5.1esr-63.1 MozillaFirefox-translations-45.5.1esr-63.1 libfreebl3-3.21.3-30.1 mozilla-nss-3.21.3-30.1 mozilla-nss-devel-3.21.3-30.1 mozilla-nss-tools-3.21.3-30.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.21.3-30.1 mozilla-nss-32bit-3.21.3-30.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.5.1esr-63.1 MozillaFirefox-debugsource-45.5.1esr-63.1 mozilla-nss-debuginfo-3.21.3-30.1 mozilla-nss-debugsource-3.21.3-30.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): mozilla-nss-debuginfo-32bit-3.21.3-30.1 References: https://www.suse.com/security/cve/CVE-2016-5285.html https://www.suse.com/security/cve/CVE-2016-5290.html https://www.suse.com/security/cve/CVE-2016-5291.html https://www.suse.com/security/cve/CVE-2016-5296.html https://www.suse.com/security/cve/CVE-2016-5297.html https://www.suse.com/security/cve/CVE-2016-9064.html https://www.suse.com/security/cve/CVE-2016-9066.html https://www.suse.com/security/cve/CVE-2016-9074.html https://www.suse.com/security/cve/CVE-2016-9079.html https://bugzilla.suse.com/1000751 https://bugzilla.suse.com/1009026 https://bugzilla.suse.com/1010395 https://bugzilla.suse.com/1010401 https://bugzilla.suse.com/1010402 https://bugzilla.suse.com/1010404 https://bugzilla.suse.com/1010410 https://bugzilla.suse.com/1010422 https://bugzilla.suse.com/1010427 https://bugzilla.suse.com/1010517 https://bugzilla.suse.com/1012964 https://bugzilla.suse.com/992549 From sle-updates at lists.suse.com Tue Dec 13 05:10:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 13:10:11 +0100 (CET) Subject: SUSE-SU-2016:3107-1: moderate: Security update for libass Message-ID: <20161213121011.31CE1FF36@maintenance.suse.de> SUSE Security Update: Security update for libass ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3107-1 Rating: moderate References: #1002982 Cross-References: CVE-2016-7969 CVE-2016-7970 CVE-2016-7971 CVE-2016-7972 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libass fixes the following issues: CVE-2016-7969, CVE-2016-7970, CVE-2016-7971, CVE-2016-7972: Fixed multiple memory allocation issues found by fuzzing (bsc#1002982). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1804=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1804=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1804=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1804=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1804=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1804=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1804=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libass-debugsource-0.10.2-3.1 libass-devel-0.10.2-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libass-debugsource-0.10.2-3.1 libass-devel-0.10.2-3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libass-debugsource-0.10.2-3.1 libass5-0.10.2-3.1 libass5-debuginfo-0.10.2-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libass-debugsource-0.10.2-3.1 libass5-0.10.2-3.1 libass5-debuginfo-0.10.2-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libass-debugsource-0.10.2-3.1 libass5-0.10.2-3.1 libass5-debuginfo-0.10.2-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libass-debugsource-0.10.2-3.1 libass5-0.10.2-3.1 libass5-debuginfo-0.10.2-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libass-debugsource-0.10.2-3.1 libass5-0.10.2-3.1 libass5-debuginfo-0.10.2-3.1 References: https://www.suse.com/security/cve/CVE-2016-7969.html https://www.suse.com/security/cve/CVE-2016-7970.html https://www.suse.com/security/cve/CVE-2016-7971.html https://www.suse.com/security/cve/CVE-2016-7972.html https://bugzilla.suse.com/1002982 From sle-updates at lists.suse.com Tue Dec 13 08:07:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:07:17 +0100 (CET) Subject: SUSE-SU-2016:3109-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20161213150717.373B7FF05@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3109-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1809=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1809=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-4-2.1 kgraft-patch-3_12_55-52_45-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-4-2.1 kgraft-patch-3_12_55-52_45-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 08:08:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:08:09 +0100 (CET) Subject: SUSE-SU-2016:3110-1: moderate: Security update for xorg-x11-libXv Message-ID: <20161213150809.40D36FF36@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXv ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3110-1 Rating: moderate References: #1003017 Cross-References: CVE-2016-5407 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption (bsc#1003017, CVE-2016-5407) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libXv-12884=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libXv-12884=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libXv-12884=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-devel-7.4-1.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXv-devel-32bit-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXv-32bit-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libXv-x86-7.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-debuginfo-7.4-1.20.1 xorg-x11-libXv-debugsource-7.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXv-debuginfo-32bit-7.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): xorg-x11-libXv-debuginfo-x86-7.4-1.20.1 References: https://www.suse.com/security/cve/CVE-2016-5407.html https://bugzilla.suse.com/1003017 From sle-updates at lists.suse.com Tue Dec 13 08:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:08:42 +0100 (CET) Subject: SUSE-SU-2016:3111-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 Message-ID: <20161213150842.5043BFF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3111-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1806=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1806=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_31-default-7-2.1 kgraft-patch-3_12_51-52_31-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_31-default-7-2.1 kgraft-patch-3_12_51-52_31-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 08:09:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:09:23 +0100 (CET) Subject: SUSE-SU-2016:3112-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 Message-ID: <20161213150923.CAF3FFF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3112-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1807=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1807=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-4-2.1 kgraft-patch-3_12_55-52_42-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-4-2.1 kgraft-patch-3_12_55-52_42-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 08:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:10:10 +0100 (CET) Subject: SUSE-SU-2016:3113-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20161213151010.DE5B8FF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3113-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1808=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1808=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-4-2.1 kgraft-patch-3_12_60-52_49-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-4-2.1 kgraft-patch-3_12_60-52_49-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 08:10:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:10:51 +0100 (CET) Subject: SUSE-RU-2016:3114-1: Recommended update for release-notes-sles-for-sap Message-ID: <20161213151051.E700EFF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3114-1 Rating: low References: #1013752 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server for SAP 12 SP2 have been updated to document the requirements for installation of SAP HANA SPS 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2016-1805=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): release-notes-sles-for-sap-12.2.20161205-11.3.1 References: https://bugzilla.suse.com/1013752 From sle-updates at lists.suse.com Tue Dec 13 08:11:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 16:11:21 +0100 (CET) Subject: SUSE-SU-2016:3115-1: moderate: Security update for xorg-x11-libXrender Message-ID: <20161213151121.DADD8FF36@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXrender ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3115-1 Rating: moderate References: #1003002 Cross-References: CVE-2016-7949 CVE-2016-7950 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libXrender-12885=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libXrender-12885=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libXrender-12885=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-devel-7.4-1.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXrender-devel-32bit-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXrender-32bit-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libXrender-x86-7.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-debuginfo-7.4-1.20.1 xorg-x11-libXrender-debugsource-7.4-1.20.1 References: https://www.suse.com/security/cve/CVE-2016-7949.html https://www.suse.com/security/cve/CVE-2016-7950.html https://bugzilla.suse.com/1003002 From sle-updates at lists.suse.com Tue Dec 13 09:07:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 17:07:11 +0100 (CET) Subject: SUSE-SU-2016:3116-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20161213160711.511E7FF05@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3116-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1813=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-3-2.1 kgraft-patch-3_12_62-60_64_8-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 09:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 17:07:45 +0100 (CET) Subject: SUSE-SU-2016:3117-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20161213160745.025C4FF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3117-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1812=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-5-2.1 kgraft-patch-3_12_59-60_41-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 10:07:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2016 18:07:51 +0100 (CET) Subject: SUSE-SU-2016:3119-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 Message-ID: <20161213170751.33292FF05@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3119-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1814=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1814=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_39-default-6-2.1 kgraft-patch-3_12_51-52_39-xen-6-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_39-default-6-2.1 kgraft-patch-3_12_51-52_39-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 13 18:07:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 02:07:06 +0100 (CET) Subject: SUSE-SU-2016:3146-1: important: Security update for the Linux Kernel Message-ID: <20161214010706.94F1BF7CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3146-1 Rating: important References: #1013533 #1013604 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1815=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1815=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1815=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1815=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1815=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1815=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1815=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.21-90.1 kernel-default-debugsource-4.4.21-90.1 kernel-default-extra-4.4.21-90.1 kernel-default-extra-debuginfo-4.4.21-90.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.21-90.1 kernel-obs-build-debugsource-4.4.21-90.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.21-90.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.21-90.1 kernel-default-base-4.4.21-90.1 kernel-default-base-debuginfo-4.4.21-90.1 kernel-default-debuginfo-4.4.21-90.1 kernel-default-debugsource-4.4.21-90.1 kernel-default-devel-4.4.21-90.1 kernel-syms-4.4.21-90.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.21-90.1 kernel-macros-4.4.21-90.1 kernel-source-4.4.21-90.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.21-90.1 kernel-default-base-4.4.21-90.1 kernel-default-base-debuginfo-4.4.21-90.1 kernel-default-debuginfo-4.4.21-90.1 kernel-default-debugsource-4.4.21-90.1 kernel-default-devel-4.4.21-90.1 kernel-syms-4.4.21-90.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.21-90.1 kernel-macros-4.4.21-90.1 kernel-source-4.4.21-90.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-1-2.3 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.21-90.1 cluster-md-kmp-default-debuginfo-4.4.21-90.1 cluster-network-kmp-default-4.4.21-90.1 cluster-network-kmp-default-debuginfo-4.4.21-90.1 dlm-kmp-default-4.4.21-90.1 dlm-kmp-default-debuginfo-4.4.21-90.1 gfs2-kmp-default-4.4.21-90.1 gfs2-kmp-default-debuginfo-4.4.21-90.1 kernel-default-debuginfo-4.4.21-90.1 kernel-default-debugsource-4.4.21-90.1 ocfs2-kmp-default-4.4.21-90.1 ocfs2-kmp-default-debuginfo-4.4.21-90.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.21-90.1 kernel-default-debuginfo-4.4.21-90.1 kernel-default-debugsource-4.4.21-90.1 kernel-default-devel-4.4.21-90.1 kernel-default-extra-4.4.21-90.1 kernel-default-extra-debuginfo-4.4.21-90.1 kernel-syms-4.4.21-90.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.21-90.1 kernel-macros-4.4.21-90.1 kernel-source-4.4.21-90.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013604 From sle-updates at lists.suse.com Wed Dec 14 07:07:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 15:07:39 +0100 (CET) Subject: SUSE-SU-2016:3148-1: critical: Security update for flash-player Message-ID: <20161214140739.1DD53FEB8@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3148-1 Rating: critical References: #1015379 Cross-References: CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-7878 CVE-2016-7879 CVE-2016-7880 CVE-2016-7881 CVE-2016-7890 CVE-2016-7892 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 24.0.0.186 (bsc#1015379) APSB16-39: * These updates resolve use-after-free vulnerabilities that could have lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892). * These updates resolve buffer overflow vulnerabilities that could have lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870). * These updates resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876). * These updates resolve a security bypass vulnerability (CVE-2016-7890). - Keep standalone flashplayer at version 11, no newer version exists (INSECURE!). - Update EULA to version 24.0. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1816=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1816=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-24.0.0.186-152.1 flash-player-gnome-24.0.0.186-152.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-24.0.0.186-152.1 flash-player-gnome-24.0.0.186-152.1 References: https://www.suse.com/security/cve/CVE-2016-7867.html https://www.suse.com/security/cve/CVE-2016-7868.html https://www.suse.com/security/cve/CVE-2016-7869.html https://www.suse.com/security/cve/CVE-2016-7870.html https://www.suse.com/security/cve/CVE-2016-7871.html https://www.suse.com/security/cve/CVE-2016-7872.html https://www.suse.com/security/cve/CVE-2016-7873.html https://www.suse.com/security/cve/CVE-2016-7874.html https://www.suse.com/security/cve/CVE-2016-7875.html https://www.suse.com/security/cve/CVE-2016-7876.html https://www.suse.com/security/cve/CVE-2016-7877.html https://www.suse.com/security/cve/CVE-2016-7878.html https://www.suse.com/security/cve/CVE-2016-7879.html https://www.suse.com/security/cve/CVE-2016-7880.html https://www.suse.com/security/cve/CVE-2016-7881.html https://www.suse.com/security/cve/CVE-2016-7890.html https://www.suse.com/security/cve/CVE-2016-7892.html https://bugzilla.suse.com/1015379 From sle-updates at lists.suse.com Wed Dec 14 08:07:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:07:37 +0100 (CET) Subject: SUSE-RU-2016:3149-1: Recommended update for openstack-aodh Message-ID: <20161214150737.0B252F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-aodh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3149-1 Rating: low References: #991985 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-aodh fixes the following issues: - Improve systemd integration. (bsc#991985) - Add openstack-aodh-expirer cron job. - Improve partition coordinator. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1821=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-aodh-1.1.2-3.1 openstack-aodh-api-1.1.2-3.1 openstack-aodh-doc-1.1.2-3.1 openstack-aodh-evaluator-1.1.2-3.1 openstack-aodh-expirer-1.1.2-3.1 openstack-aodh-listener-1.1.2-3.1 openstack-aodh-notifier-1.1.2-3.1 python-aodh-1.1.2-3.1 References: https://bugzilla.suse.com/991985 From sle-updates at lists.suse.com Wed Dec 14 08:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:08:10 +0100 (CET) Subject: SUSE-RU-2016:3150-1: Recommended update for openstack-resource-agents Message-ID: <20161214150810.4A1EBFEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3150-1 Rating: low References: #1010466 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-resource-agents fixes the following issues: - Update to latest code from OpenStack Liberty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1819=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-resource-agents-1.0+git.1473437442.597077e-10.1 References: https://bugzilla.suse.com/1010466 From sle-updates at lists.suse.com Wed Dec 14 08:08:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:08:34 +0100 (CET) Subject: SUSE-RU-2016:3151-1: Recommended update for openstack-sahara, -ironic and -trove Message-ID: <20161214150834.7C06FFEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-sahara, -ironic and -trove ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3151-1 Rating: low References: #1010466 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-sahara, -ironic and -trove fixes the following issues: - Update to latest code from OpenStack Liberty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1823=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-ironic-4.2.6~a0~dev3-12.1 openstack-ironic-api-4.2.6~a0~dev3-12.1 openstack-ironic-conductor-4.2.6~a0~dev3-12.1 openstack-ironic-doc-4.2.6~a0~dev3-12.3 openstack-sahara-3.0.3~a0~dev4-12.1 openstack-sahara-api-3.0.3~a0~dev4-12.1 openstack-sahara-doc-3.0.3~a0~dev4-12.1 openstack-sahara-engine-3.0.3~a0~dev4-12.1 openstack-trove-4.0.2~a0~dev4-14.1 openstack-trove-api-4.0.2~a0~dev4-14.1 openstack-trove-conductor-4.0.2~a0~dev4-14.1 openstack-trove-doc-4.0.2~a0~dev4-14.1 openstack-trove-guestagent-4.0.2~a0~dev4-14.1 openstack-trove-taskmanager-4.0.2~a0~dev4-14.1 python-ironic-4.2.6~a0~dev3-12.1 python-sahara-3.0.3~a0~dev4-12.1 python-trove-4.0.2~a0~dev4-14.1 References: https://bugzilla.suse.com/1010466 From sle-updates at lists.suse.com Wed Dec 14 08:08:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:08:59 +0100 (CET) Subject: SUSE-RU-2016:3152-1: Recommended update for openstack-designate Message-ID: <20161214150859.9B1AEFEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-designate ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3152-1 Rating: low References: #996526 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-designate fixes the following issues: - Improve mdns and pool-manager support. (bsc#996526) - Allow designate to run rootwrap. (bsc#996526) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1820=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-designate-1.0.3~a0~dev11-12.1 openstack-designate-agent-1.0.3~a0~dev11-12.1 openstack-designate-api-1.0.3~a0~dev11-12.1 openstack-designate-central-1.0.3~a0~dev11-12.1 openstack-designate-doc-1.0.3~a0~dev11-12.2 openstack-designate-sink-1.0.3~a0~dev11-12.1 python-designate-1.0.3~a0~dev11-12.1 References: https://bugzilla.suse.com/996526 From sle-updates at lists.suse.com Wed Dec 14 08:09:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:09:28 +0100 (CET) Subject: SUSE-RU-2016:3153-1: moderate: Recommended update for several OpenStack components Message-ID: <20161214150928.1E052FEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for several OpenStack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3153-1 Rating: moderate References: #991985 #999251 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-manila, -dashboard, -heat-templates and -keystone fixes the following issues: - manila, keystone: Improve systemd integration. (bsc#991985) - dashboard: Skip checking flavor's disk when booting from volume. (bsc#999251) - Update to latest code from OpenStack Liberty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-dashboard-8.0.2~a0~dev36-11.1 openstack-heat-templates-0.0.0+git.1479135562.af01bb9-3.1 openstack-keystone-8.1.3~a0~dev1-6.1 openstack-keystone-doc-8.1.3~a0~dev1-6.2 openstack-manila-1.0.2~a0~dev19-12.1 openstack-manila-api-1.0.2~a0~dev19-12.1 openstack-manila-doc-1.0.2~a0~dev19-12.1 openstack-manila-scheduler-1.0.2~a0~dev19-12.1 openstack-manila-share-1.0.2~a0~dev19-12.1 python-horizon-8.0.2~a0~dev36-11.1 python-keystone-8.1.3~a0~dev1-6.1 python-manila-1.0.2~a0~dev19-12.1 References: https://bugzilla.suse.com/991985 https://bugzilla.suse.com/999251 From sle-updates at lists.suse.com Wed Dec 14 08:10:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:10:04 +0100 (CET) Subject: SUSE-RU-2016:3154-1: moderate: Recommended update for crowbar Message-ID: <20161214151004.B2BF8FEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3154-1 Rating: moderate References: #1004020 #983837 #998968 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar fixes the following issues: - Improve handling if a chef user already exists. (bsc#1004020) - Set no_proxy in while crowbar installation. (bsc#998968) - Remove deprecated requirement on /etc/sysconfig/clock. (bsc#983837) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1817=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1817=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-3.0+git.1479136691.a628fde-17.1 crowbar-devel-3.0+git.1479136691.a628fde-17.1 - SUSE Enterprise Storage 2.1 (noarch): crowbar-3.0+git.1479136691.a628fde-17.1 References: https://bugzilla.suse.com/1004020 https://bugzilla.suse.com/983837 https://bugzilla.suse.com/998968 From sle-updates at lists.suse.com Wed Dec 14 08:11:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 16:11:03 +0100 (CET) Subject: SUSE-RU-2016:3155-1: moderate: Recommended update for several OpenStack components Message-ID: <20161214151103.DF00DFEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for several OpenStack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3155-1 Rating: moderate References: #991985 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-ceilometer, -glance, -heat and -neutron-zvm-agent fixes the following issues: - Improve systemd integration (bsc#991985) - Update to latest code from OpenStack Liberty Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1818=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-ceilometer-5.0.4~a0~dev6-9.1 openstack-ceilometer-agent-central-5.0.4~a0~dev6-9.1 openstack-ceilometer-agent-compute-5.0.4~a0~dev6-9.1 openstack-ceilometer-agent-ipmi-5.0.4~a0~dev6-9.1 openstack-ceilometer-agent-notification-5.0.4~a0~dev6-9.1 openstack-ceilometer-alarm-evaluator-5.0.4~a0~dev6-9.1 openstack-ceilometer-alarm-notifier-5.0.4~a0~dev6-9.1 openstack-ceilometer-api-5.0.4~a0~dev6-9.1 openstack-ceilometer-collector-5.0.4~a0~dev6-9.1 openstack-ceilometer-doc-5.0.4~a0~dev6-9.2 openstack-ceilometer-polling-5.0.4~a0~dev6-9.1 openstack-glance-11.0.2~a0~dev16-10.1 openstack-glance-doc-11.0.2~a0~dev16-10.1 openstack-heat-5.0.4~a0~dev1-12.1 openstack-heat-api-5.0.4~a0~dev1-12.1 openstack-heat-api-cfn-5.0.4~a0~dev1-12.1 openstack-heat-api-cloudwatch-5.0.4~a0~dev1-12.1 openstack-heat-doc-5.0.4~a0~dev1-12.2 openstack-heat-engine-5.0.4~a0~dev1-12.1 openstack-heat-plugin-heat_docker-5.0.4~a0~dev1-12.1 openstack-neutron-zvm-agent-5.0.3~a0~dev4-9.1 python-ceilometer-5.0.4~a0~dev6-9.1 python-glance-11.0.2~a0~dev16-10.1 python-heat-5.0.4~a0~dev1-12.1 References: https://bugzilla.suse.com/991985 From sle-updates at lists.suse.com Wed Dec 14 10:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 18:07:53 +0100 (CET) Subject: SUSE-SU-2016:3156-1: important: Security update for xen Message-ID: <20161214170753.CE5CAFF05@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3156-1 Rating: important References: #1000106 #1003030 #1003032 #1004016 #1005004 #1005005 #1007157 #1007160 #1009100 #1009103 #1009104 #1009107 #1009109 #1009111 #1011652 #953518 Cross-References: CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1004016) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) These non-security issues were fixed: - bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#953518: Unplug also SCSI disks in qemu-xen Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1825=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1825=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_05-22.25.1 xen-debugsource-4.4.4_05-22.25.1 xen-doc-html-4.4.4_05-22.25.1 xen-kmp-default-4.4.4_05_k3.12.60_52.57-22.25.1 xen-kmp-default-debuginfo-4.4.4_05_k3.12.60_52.57-22.25.1 xen-libs-32bit-4.4.4_05-22.25.1 xen-libs-4.4.4_05-22.25.1 xen-libs-debuginfo-32bit-4.4.4_05-22.25.1 xen-libs-debuginfo-4.4.4_05-22.25.1 xen-tools-4.4.4_05-22.25.1 xen-tools-debuginfo-4.4.4_05-22.25.1 xen-tools-domU-4.4.4_05-22.25.1 xen-tools-domU-debuginfo-4.4.4_05-22.25.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_05-22.25.1 xen-debugsource-4.4.4_05-22.25.1 xen-doc-html-4.4.4_05-22.25.1 xen-kmp-default-4.4.4_05_k3.12.60_52.57-22.25.1 xen-kmp-default-debuginfo-4.4.4_05_k3.12.60_52.57-22.25.1 xen-libs-32bit-4.4.4_05-22.25.1 xen-libs-4.4.4_05-22.25.1 xen-libs-debuginfo-32bit-4.4.4_05-22.25.1 xen-libs-debuginfo-4.4.4_05-22.25.1 xen-tools-4.4.4_05-22.25.1 xen-tools-debuginfo-4.4.4_05-22.25.1 xen-tools-domU-4.4.4_05-22.25.1 xen-tools-domU-debuginfo-4.4.4_05-22.25.1 References: https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1004016 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 https://bugzilla.suse.com/953518 From sle-updates at lists.suse.com Wed Dec 14 12:07:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2016 20:07:30 +0100 (CET) Subject: SUSE-RU-2016:3159-1: important: Recommended update for xorg-x11-libXrender Message-ID: <20161214190730.24B0AF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-libXrender ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3159-1 Rating: important References: #1015442 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-libXrender fixes a regression caused by the previous security update (bsc#1003002), which prevented YaST2 GUI from starting (bsc#1015442) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libXrender-12887=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libXrender-12887=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libXrender-12887=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-devel-7.4-1.23.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXrender-devel-32bit-7.4-1.23.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-7.4-1.23.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXrender-32bit-7.4-1.23.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libXrender-x86-7.4-1.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-debuginfo-7.4-1.23.1 xorg-x11-libXrender-debugsource-7.4-1.23.1 References: https://bugzilla.suse.com/1015442 From sle-updates at lists.suse.com Thu Dec 15 08:07:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2016 16:07:23 +0100 (CET) Subject: SUSE-SU-2016:3161-1: moderate: Security update for pcre Message-ID: <20161215150723.DEA21F7CB@maintenance.suse.de> SUSE Security Update: Security update for pcre ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3161-1 Rating: moderate References: #906574 #924960 #933288 #933878 #936227 #942865 #957566 #957567 #957598 #957600 #960837 #971741 #972127 Cross-References: CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed: - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed: - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1827=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1827=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1827=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1827=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1827=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1827=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1827=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1827=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1827=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1827=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1827=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1827=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1827=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcrecpp0-32bit-8.39-7.1 libpcrecpp0-8.39-7.1 libpcrecpp0-debuginfo-32bit-8.39-7.1 libpcrecpp0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpcrecpp0-32bit-8.39-7.1 libpcrecpp0-8.39-7.1 libpcrecpp0-debuginfo-32bit-8.39-7.1 libpcrecpp0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcrecpp0-8.39-7.1 libpcrecpp0-debuginfo-8.39-7.1 libpcreposix0-8.39-7.1 libpcreposix0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 pcre-devel-8.39-7.1 pcre-devel-static-8.39-7.1 pcre-tools-8.39-7.1 pcre-tools-debuginfo-8.39-7.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpcrecpp0-8.39-7.1 libpcrecpp0-debuginfo-8.39-7.1 libpcreposix0-8.39-7.1 libpcreposix0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 pcre-devel-8.39-7.1 pcre-devel-static-8.39-7.1 pcre-tools-8.39-7.1 pcre-tools-debuginfo-8.39-7.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libpcre1-32bit-8.39-7.1 libpcre1-8.39-7.1 libpcre1-debuginfo-32bit-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcre1-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpcre1-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpcre1-32bit-8.39-7.1 libpcre1-debuginfo-32bit-8.39-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpcre1-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpcre1-32bit-8.39-7.1 libpcre1-debuginfo-32bit-8.39-7.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpcre1-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpcre1-32bit-8.39-7.1 libpcre1-debuginfo-32bit-8.39-7.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): libpcreposix0-8.39-7.1 libpcreposix0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): libpcreposix0-8.39-7.1 libpcreposix0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcre1-32bit-8.39-7.1 libpcre1-8.39-7.1 libpcre1-debuginfo-32bit-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 libpcrecpp0-32bit-8.39-7.1 libpcrecpp0-8.39-7.1 libpcrecpp0-debuginfo-32bit-8.39-7.1 libpcrecpp0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpcre1-32bit-8.39-7.1 libpcre1-8.39-7.1 libpcre1-debuginfo-32bit-8.39-7.1 libpcre1-debuginfo-8.39-7.1 libpcre16-0-8.39-7.1 libpcre16-0-debuginfo-8.39-7.1 libpcrecpp0-32bit-8.39-7.1 libpcrecpp0-8.39-7.1 libpcrecpp0-debuginfo-32bit-8.39-7.1 libpcrecpp0-debuginfo-8.39-7.1 pcre-debugsource-8.39-7.1 References: https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2327.html https://www.suse.com/security/cve/CVE-2015-2328.html https://www.suse.com/security/cve/CVE-2015-3210.html https://www.suse.com/security/cve/CVE-2015-3217.html https://www.suse.com/security/cve/CVE-2015-5073.html https://www.suse.com/security/cve/CVE-2015-8380.html https://www.suse.com/security/cve/CVE-2015-8381.html https://www.suse.com/security/cve/CVE-2015-8382.html https://www.suse.com/security/cve/CVE-2015-8383.html https://www.suse.com/security/cve/CVE-2015-8384.html https://www.suse.com/security/cve/CVE-2015-8385.html https://www.suse.com/security/cve/CVE-2015-8386.html https://www.suse.com/security/cve/CVE-2015-8387.html https://www.suse.com/security/cve/CVE-2015-8388.html https://www.suse.com/security/cve/CVE-2015-8389.html https://www.suse.com/security/cve/CVE-2015-8390.html https://www.suse.com/security/cve/CVE-2015-8391.html https://www.suse.com/security/cve/CVE-2015-8392.html https://www.suse.com/security/cve/CVE-2015-8393.html https://www.suse.com/security/cve/CVE-2015-8394.html https://www.suse.com/security/cve/CVE-2015-8395.html https://www.suse.com/security/cve/CVE-2016-1283.html https://www.suse.com/security/cve/CVE-2016-3191.html https://bugzilla.suse.com/906574 https://bugzilla.suse.com/924960 https://bugzilla.suse.com/933288 https://bugzilla.suse.com/933878 https://bugzilla.suse.com/936227 https://bugzilla.suse.com/942865 https://bugzilla.suse.com/957566 https://bugzilla.suse.com/957567 https://bugzilla.suse.com/957598 https://bugzilla.suse.com/957600 https://bugzilla.suse.com/960837 https://bugzilla.suse.com/971741 https://bugzilla.suse.com/972127 From sle-updates at lists.suse.com Thu Dec 15 10:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2016 18:08:18 +0100 (CET) Subject: SUSE-SU-2016:3162-1: moderate: Security update for pacemaker Message-ID: <20161215170818.D40E7F7CB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3162-1 Rating: moderate References: #1000743 #1002767 #1003565 #1007433 #1009076 #953192 #970733 #971129 #972187 #974108 #975079 #976271 #976865 #977258 #977675 #977800 #981489 #981731 #986056 #986201 #986265 #986644 #986676 #986931 #987348 Cross-References: CVE-2016-7035 CVE-2016-7797 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 23 fixes is now available. Description: This update for pacemaker fixes one security issue and several non-security issues. The following security issue has been fixed: - libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035) The following non-security issues have been fixed: - Add logrotate to reqs of pacemaker-cli. - Add $remote_fs dependencies to the init scripts. - all: Clarify licensing and copyrights. - attrd,ipc: Prevent possible segfault on exit. (bsc#986056) - attrd, libcrmcommon: Validate attrd requests better. - attrd_updater: Fix usage of HAVE_ATOMIC_ATTRD. - cib/fencing: Set status callback before connecting to cluster. (bsc#974108) - ClusterMon: Fix to avoid matching other process with the same PID. - crmd: Acknowledge cancellation operations for remote connection resources. (bsc#976865) - crmd: Avoid timeout on older peers when cancelling a resource operation. - crmd: Record pending operations in the CIB before they are performed. (bsc#1003565) - crmd: Clear remote node operation history only when it comes up. - crmd: Clear remote node transient attributes on disconnect. (bsc#981489) - crmd: Don't abort transitions for CIB comment changes. - crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down. - crmd: Get full action information earlier. (bsc#981731) - crmd: Graceful proxy shutdown is now tested. (bsc#981489) - crmd: Keep a state of LRMD in the DC node latest. - crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations. (bsc#981489) - crmd: Mention that graceful remote shutdowns may cause connection failures. (bsc#981489) - crmd/pengine: Handle on-fail=ignore properly. (bsc#981731) - crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731) - crmd: Remove dead code. (bsc#981731) - crmd: Rename action number variable in process_graph_event(). (bsc#981731) - crmd: Resend the shutdown request if the DC forgets. - crmd: Respect start-failure-is-fatal even for artificially injected events. (bsc#981731) - crmd: Set remote flag when gracefully shutting down remote nodes. (bsc#981489) - crmd: Set the shutdown transient attribute in response to LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes. (bsc#981489) - crmd: Support graceful pacemaker_remote stops. (bsc#981489) - crmd: Take start-delay into account for the timeout of the action timer. (bsc#977258) - crmd: Use defined constant for magic "direct nack" RC. (bsc#981731) - crmd: Use proper resource agent name when caching metadata. - crmd: When node load was reduced, crmd carries out a feasible action. - crm_mon: Avoid logging errors for any CIB changes that we don't care about. (bsc#986931) - crm_mon: Consistently print ms resource state. - crm_mon: Do not call setenv with null value. - crm_mon: Do not log errors for the known CIB changes that should be ignored. (bsc#986931) - crm_mon: Fix time formatting on x32. - cts: Avoid kill usage error if DummySD stop called when already stopped. - CTS: Get Reattach test working again and up-to-date. (bsc#953192) - cts: Simulate pacemaker_remote failure with kill. (bsc#981489) - fencing/fence_legacy: Search capable devices by querying them through "list" action for cluster-glue stonith agents. (bsc#986265) - fencing: Record the last known names of nodes to make sure fencing requested with nodeid works. (bsc#974108) - libais,libcluster,libcrmcommon,liblrmd: Don't use %z specifier. - libcib,libfencing,libtransition: Handle memory allocation errors without CRM_CHECK(). - lib: Correction of the deletion of the notice registration. - libcrmcommon: Correct directory name in log message. - libcrmcommon: Ensure crm_time_t structure is fully initialized by API calls. - libcrmcommon: Log XML comments correctly. - libcrmcommon: Properly handle XML comments when comparing v2 patchset diffs. - libcrmcommon: Really ensure crm_time_t structure is fully initialized by API calls. - libcrmcommon: Remove extraneous format specifier from log message. - libcrmcommon: Report errors consistently when waiting for data on connection. (bsc#986644) - libfencing: Report added node ID correctly. - liblrmd: Avoid memory leak when closing or deleting lrmd connections. - libpengine: Allow pe_order_same_node option for constraints. - libpengine: Log message when stonith disabled, not enabled. - libpengine: Only log startup-fencing warning once. - libtransition: Potential memory leak if unpacking action fails. - lrmd: Handle shutdown a little more cleanly. (bsc#981489) - lrmd,libcluster: Ensure g_hash_table_foreach() is never passed a null table. - lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging shutdown. (bsc#981489) - lrmd: Make proxied IPC providers/clients opaque. (bsc#981489) - mcp: Improve comments for sysconfig options. - pacemaker_remote: Set LSB Provides header to the service name. - pacemaker_remote: Support graceful stops. (bsc#981489) - PE: Correctly update the dependent actions of un-runnable clones. - PE: Honor the shutdown transient attributes for remote nodes. (bsc#981489) - pengine: Avoid memory leak when invalid constraint involves set. - pengine: Avoid null dereference in new same-node ordering option. - pengine: Avoid transition loop for start-then-stop + unfencing. - pengine: Avoid use-after-free with location constraint + sets + templates. - pengine: Better error handling when unpacking sets in location constraints. - pengine: Consider resource failed if any of the configured monitor operations failed. (bsc#972187) - pengine: Correction of the record judgment of the failed information. - pengine: Do not fence a maintenance node if it shuts down cleanly. (bsc#1000743) - pengine: Correctly set the environment variable "OCF_RESKEY_CRM_meta_timeout" when "start-delay" is configured. (bsc#977258) - pengine: Only set unfencing constraints once. - pengine: Organize order of actions for master resources in anti-colocations. (bsc#977800) - pengine: Organize order of actions for slave resources in anti-colocations. (bsc#977800) - pengine: Properly order stop actions relative to stonith. - pengine: Respect asymmetrical ordering when trying to move resources. (bsc#977675) - pengine: Set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources. - pengine,tools: Display pending resource state by default when it's available. (bsc#986201) - ping: Avoid temp files in fping_check. (bsc#987348) - ping: Avoid temporary files for fping check. (bsc#987348) - ping: Log sensible error when /tmp is full. (bsc#987348) - ping resource: Use fping6 for IPv6 hosts. (bsc#976271) - RA/SysInfo: Reset the node attribute "#health_disk" to "green" when there's sufficient free disk. (bsc#975079) - remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076) - remote: Correctly calculate the remaining timeouts when receiving messages. (bsc#986644) - resources: Use OCF version tagging correctly. - services: Correctly clean up service actions for non-dbus case. - spec: fence_pcmk only eligible for Pacemaker+CMAN. - stonithd: Correction of the wrong connection process name. - sysconfig: Minor tweaks (typo, wording). - tools: Avoid memory leaks in crm_resource --restart. - tools: Avoid memory leak when crm_mon unpacks constraints. - tools: Correctly count starting resources when doing crm_resource --restart. - tools: crm_resource -T option should not be hidden anymore. - tools: crm_standby --version/--help should work without cluster. - tools: Do not send command lines to syslog. (bsc#986676) - tools: Do not assume all resources restart on same node with crm_resource --restart. - tools: Don't require node to be known to crm_resource when deleting attribute. - tools: Properly handle crm_resource --restart with a resource in a group. - tools: Remember any existing target-role when doing crm_resource --restart. - various: Issues discovered via valgrind and coverity. Additionally, the following references have been added to the changelog: bsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-pacemaker-12889=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pacemaker-12889=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpacemaker-devel-1.1.12-18.1 libpacemaker3-1.1.12-18.1 pacemaker-1.1.12-18.1 pacemaker-cli-1.1.12-18.1 pacemaker-remote-1.1.12-18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pacemaker-debuginfo-1.1.12-18.1 pacemaker-debugsource-1.1.12-18.1 References: https://www.suse.com/security/cve/CVE-2016-7035.html https://www.suse.com/security/cve/CVE-2016-7797.html https://bugzilla.suse.com/1000743 https://bugzilla.suse.com/1002767 https://bugzilla.suse.com/1003565 https://bugzilla.suse.com/1007433 https://bugzilla.suse.com/1009076 https://bugzilla.suse.com/953192 https://bugzilla.suse.com/970733 https://bugzilla.suse.com/971129 https://bugzilla.suse.com/972187 https://bugzilla.suse.com/974108 https://bugzilla.suse.com/975079 https://bugzilla.suse.com/976271 https://bugzilla.suse.com/976865 https://bugzilla.suse.com/977258 https://bugzilla.suse.com/977675 https://bugzilla.suse.com/977800 https://bugzilla.suse.com/981489 https://bugzilla.suse.com/981731 https://bugzilla.suse.com/986056 https://bugzilla.suse.com/986201 https://bugzilla.suse.com/986265 https://bugzilla.suse.com/986644 https://bugzilla.suse.com/986676 https://bugzilla.suse.com/986931 https://bugzilla.suse.com/987348 From sle-updates at lists.suse.com Thu Dec 15 13:07:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2016 21:07:17 +0100 (CET) Subject: SUSE-RU-2016:3165-1: important: Recommended update for tar Message-ID: <20161215200717.A1372F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3165-1 Rating: important References: #1012633 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar fixes a regression caused by the previous security update (bsc#1007188), which limited append and create operations (bsc#1012633) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tar-12890=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tar-12890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tar-1.26-1.2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tar-debuginfo-1.26-1.2.13.1 tar-debugsource-1.26-1.2.13.1 References: https://bugzilla.suse.com/1012633 From sle-updates at lists.suse.com Thu Dec 15 13:07:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2016 21:07:46 +0100 (CET) Subject: SUSE-RU-2016:3166-1: important: Recommended update for tar Message-ID: <20161215200746.78F58FF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3166-1 Rating: important References: #1012633 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar fixes a regression caused by the previous security update (bsc#1007188), which limited append and create operations (bsc#1012633) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1831=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1831=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1831=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1831=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1831=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): tar-1.27.1-14.1 tar-debuginfo-1.27.1-14.1 tar-debugsource-1.27.1-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): tar-lang-1.27.1-14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): tar-1.27.1-14.1 tar-debuginfo-1.27.1-14.1 tar-debugsource-1.27.1-14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): tar-lang-1.27.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tar-1.27.1-14.1 tar-debuginfo-1.27.1-14.1 tar-debugsource-1.27.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): tar-lang-1.27.1-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): tar-1.27.1-14.1 tar-debuginfo-1.27.1-14.1 tar-debugsource-1.27.1-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): tar-lang-1.27.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tar-1.27.1-14.1 tar-debuginfo-1.27.1-14.1 tar-debugsource-1.27.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): tar-lang-1.27.1-14.1 References: https://bugzilla.suse.com/1012633 From sle-updates at lists.suse.com Thu Dec 15 13:08:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2016 21:08:11 +0100 (CET) Subject: SUSE-RU-2016:3167-1: moderate: Recommended update for yast2-bootloader Message-ID: <20161215200811.48EC3FF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3167-1 Rating: moderate References: #1000629 #1004229 #1004921 #1009493 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Do not crash in bootloader when default mount-by is set to label. (bsc#1009493) - Do not require syslinux on target system during installation. (bsc#1004229) - Fix installation on DM raids to not use mapper device and instead use underlying device. (bsc#1004921) - Do not crash when the user tries to enable serial console with blank arguments. (bsc#1000629) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1833=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1833=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1833=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-bootloader-3.1.206-28.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-bootloader-3.1.206-28.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-bootloader-3.1.206-28.3.1 References: https://bugzilla.suse.com/1000629 https://bugzilla.suse.com/1004229 https://bugzilla.suse.com/1004921 https://bugzilla.suse.com/1009493 From sle-updates at lists.suse.com Thu Dec 15 13:09:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2016 21:09:14 +0100 (CET) Subject: SUSE-OU-2016:3168-1: Initial release of SLES 12-SP2 Docker image Message-ID: <20161215200914.5DE2CFF36@maintenance.suse.de> SUSE Optional Update: Initial release of SLES 12-SP2 Docker image ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3168-1 Rating: low References: #1014467 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the initial version of the SUSE Linux Enterprise Server 12 SP2 Docker image. The following package has been added to the Containers Module: sles12sp2-docker-image. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1832=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sles12sp2-docker-image-1.0.0-20161213 References: https://bugzilla.suse.com/1014467 From sle-updates at lists.suse.com Thu Dec 15 19:06:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 03:06:53 +0100 (CET) Subject: SUSE-SU-2016:3169-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20161216020653.CD7C8F7CB@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3169-1 Rating: important References: #1008284 #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - A stability issue in the btrfs module was fixed (bsc#1008284) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1834=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-2-5.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1008284 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Fri Dec 16 06:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 14:07:41 +0100 (CET) Subject: SUSE-RU-2016:3170-1: Recommended update for btrfsprogs Message-ID: <20161216130741.2FCE3F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3170-1 Rating: low References: #912170 #997061 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for btrfsprogs fixes the following issues: - While performing an fsck, an assertion failure could occur because of reusing path in a loop. (bsc#997061) - Add new btrfsprogs-udev-rules package to contain the udev rules. (bsc#912170) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1836=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1836=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1836=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1836=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-16.1 btrfsprogs-debugsource-4.5.3-16.1 libbtrfs-devel-4.5.3-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): btrfsprogs-4.5.3-16.1 btrfsprogs-debuginfo-4.5.3-16.1 btrfsprogs-debugsource-4.5.3-16.1 libbtrfs0-4.5.3-16.1 libbtrfs0-debuginfo-4.5.3-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): btrfsprogs-udev-rules-4.5.3-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): btrfsprogs-4.5.3-16.1 btrfsprogs-debuginfo-4.5.3-16.1 btrfsprogs-debugsource-4.5.3-16.1 libbtrfs0-4.5.3-16.1 libbtrfs0-debuginfo-4.5.3-16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): btrfsprogs-udev-rules-4.5.3-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): btrfsprogs-udev-rules-4.5.3-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): btrfsprogs-4.5.3-16.1 btrfsprogs-debuginfo-4.5.3-16.1 btrfsprogs-debugsource-4.5.3-16.1 libbtrfs0-4.5.3-16.1 libbtrfs0-debuginfo-4.5.3-16.1 References: https://bugzilla.suse.com/912170 https://bugzilla.suse.com/997061 From sle-updates at lists.suse.com Fri Dec 16 06:08:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 14:08:29 +0100 (CET) Subject: SUSE-RU-2016:3171-1: Recommended update for openstack-swift Message-ID: <20161216130829.0523CFF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3171-1 Rating: low References: #986415 #991985 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-swift fixes the following issues: - Improve systemd integration. (bsc#991985, bnc#986415) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1837=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-swift-2.1.0-6.1 openstack-swift-account-2.1.0-6.1 openstack-swift-container-2.1.0-6.1 openstack-swift-doc-2.1.0-6.1 openstack-swift-object-2.1.0-6.1 openstack-swift-proxy-2.1.0-6.1 python-swift-2.1.0-6.1 References: https://bugzilla.suse.com/986415 https://bugzilla.suse.com/991985 From sle-updates at lists.suse.com Fri Dec 16 06:09:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 14:09:13 +0100 (CET) Subject: SUSE-SU-2016:3172-1: moderate: Security update for xorg-x11-libXfixes Message-ID: <20161216130913.D18D4FF36@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXfixes ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3172-1 Rating: moderate References: #1002995 Cross-References: CVE-2016-7944 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995, CVE-2016-7944) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libXfixes-12891=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libXfixes-12891=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libXfixes-12891=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-devel-7.4-1.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXfixes-devel-32bit-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXfixes-32bit-7.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libXfixes-x86-7.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-debuginfo-7.4-1.20.1 xorg-x11-libXfixes-debugsource-7.4-1.20.1 References: https://www.suse.com/security/cve/CVE-2016-7944.html https://bugzilla.suse.com/1002995 From sle-updates at lists.suse.com Fri Dec 16 06:09:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 14:09:44 +0100 (CET) Subject: SUSE-RU-2016:3173-1: important: Recommended update for ceph Message-ID: <20161216130944.29A8EFF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3173-1 Rating: important References: #1014338 #977940 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ceph provides version 10.2.4, bringing fixes and enhancements. - msg/simple/Pipe: Avoid returning 0 on poll timeout. (bsc#1014338) - os/filestore/HashIndex: Fix list_by_hash_* termination on reaching end. - osd/osd_types: Encode pg_pool_t like hammer if features indicate hammer. - crush/CrushWrapper: Drop unused 'lean' encode() argument. - crush/CrushWrapper: Encode with features. - crush: Condition latest tunable encoding on features. - librados: Remove new setxattr overload to avoid breaking the C++ ABI. - mon/MonmapMonitor: Return success when monitor will be removed. - OSDMonitor: Only reject MOSDBoot based on up_from if inst matches. - build/ops: Fix undefined crypto references with --with-xio. (bsc#977940) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2016-1835=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.4+git.1481215985.12b091b-3.2 ceph-base-10.2.4+git.1481215985.12b091b-3.2 ceph-base-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-common-10.2.4+git.1481215985.12b091b-3.2 ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-debugsource-10.2.4+git.1481215985.12b091b-3.2 ceph-fuse-10.2.4+git.1481215985.12b091b-3.2 ceph-fuse-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-mds-10.2.4+git.1481215985.12b091b-3.2 ceph-mds-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-mon-10.2.4+git.1481215985.12b091b-3.2 ceph-mon-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-osd-10.2.4+git.1481215985.12b091b-3.2 ceph-osd-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-radosgw-10.2.4+git.1481215985.12b091b-3.2 ceph-radosgw-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-test-10.2.4+git.1481215985.12b091b-3.2 ceph-test-debuginfo-10.2.4+git.1481215985.12b091b-3.2 ceph-test-debugsource-10.2.4+git.1481215985.12b091b-3.2 libcephfs1-10.2.4+git.1481215985.12b091b-3.2 libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-3.2 librados2-10.2.4+git.1481215985.12b091b-3.2 librados2-debuginfo-10.2.4+git.1481215985.12b091b-3.2 libradosstriper1-10.2.4+git.1481215985.12b091b-3.2 libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-3.2 librbd1-10.2.4+git.1481215985.12b091b-3.2 librbd1-debuginfo-10.2.4+git.1481215985.12b091b-3.2 librgw2-10.2.4+git.1481215985.12b091b-3.2 librgw2-debuginfo-10.2.4+git.1481215985.12b091b-3.2 python-ceph-compat-10.2.4+git.1481215985.12b091b-3.2 python-cephfs-10.2.4+git.1481215985.12b091b-3.2 python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-3.2 python-rados-10.2.4+git.1481215985.12b091b-3.2 python-rados-debuginfo-10.2.4+git.1481215985.12b091b-3.2 python-rbd-10.2.4+git.1481215985.12b091b-3.2 python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-3.2 rbd-fuse-10.2.4+git.1481215985.12b091b-3.2 rbd-fuse-debuginfo-10.2.4+git.1481215985.12b091b-3.2 rbd-mirror-10.2.4+git.1481215985.12b091b-3.2 rbd-mirror-debuginfo-10.2.4+git.1481215985.12b091b-3.2 rbd-nbd-10.2.4+git.1481215985.12b091b-3.2 rbd-nbd-debuginfo-10.2.4+git.1481215985.12b091b-3.2 References: https://bugzilla.suse.com/1014338 https://bugzilla.suse.com/977940 From sle-updates at lists.suse.com Fri Dec 16 08:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 16:07:42 +0100 (CET) Subject: SUSE-SU-2016:3174-1: important: Security update for xen Message-ID: <20161216150742.884B0F7CB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3174-1 Rating: important References: #1000106 #1000893 #1003030 #1003032 #1004016 #1005004 #1005005 #1007157 #1007160 #1009100 #1009103 #1009104 #1009107 #1009109 #1009111 #1011652 Cross-References: CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1004016) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) This non-security issue wasfixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit This update also delivers man-pages-supplement since some of the man-pages in there are now contained in the xen package itself. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12892=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12892=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12892=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_10-43.5 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_10_3.0.101_88-43.5 xen-libs-4.4.4_10-43.5 xen-tools-domU-4.4.4_10-43.5 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_10-43.5 xen-doc-html-4.4.4_10-43.5 xen-libs-32bit-4.4.4_10-43.5 xen-tools-4.4.4_10-43.5 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_10_3.0.101_88-43.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_10-43.5 xen-debugsource-4.4.4_10-43.5 References: https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1000893 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1004016 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 From sle-updates at lists.suse.com Fri Dec 16 10:08:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 18:08:24 +0100 (CET) Subject: SUSE-RU-2016:3175-1: Recommended update for ses-manual_en Message-ID: <20161216170824.84B9EF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3175-1 Rating: low References: #1005752 #1009564 #982496 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Administration and Deployment Guide for SUSE Enterprise Storage 3 has been updated to document: - Upgrade chapter needs to talk about require_jewel_osds. (bsc#1009564) - Increased the recommended RAM for OSD to 2GB. (bsc#982496) - Calamari node needs to be resolvable by others. (bsc#95752) - Updated paths in the example SLS files. - Enhanced the flow of the 'About' chapter. - Fixed typo in upgrade-to-ses3.sh script name. - Greatly improved the cache tiering chapter. - Imported Crowbar info from SOC and re-branded screenshots. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1840=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ses-admin_en-pdf-3-18.1 ses-manual_en-3-18.1 References: https://bugzilla.suse.com/1005752 https://bugzilla.suse.com/1009564 https://bugzilla.suse.com/982496 From sle-updates at lists.suse.com Fri Dec 16 10:09:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 18:09:17 +0100 (CET) Subject: SUSE-RU-2016:3176-1: moderate: Recommended update for suse-build-key Message-ID: <20161216170917.E33BCFF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3176-1 Rating: moderate References: #1014151 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-build-key extends the lifetime of the build at suse.de GPG key that is signing the SUSE Linux Enterprise 12 repositories. (bsc#1014151) UID: pub 2048R/39DB7C82 2013-01-31 [expires: 2020-12-06] uid SuSE Package Signing Key Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1841=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1841=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1841=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1841=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1841=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): suse-build-key-12.0-6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): suse-build-key-12.0-6.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): suse-build-key-12.0-6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): suse-build-key-12.0-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): suse-build-key-12.0-6.1 References: https://bugzilla.suse.com/1014151 From sle-updates at lists.suse.com Fri Dec 16 11:08:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 19:08:28 +0100 (CET) Subject: SUSE-SU-2016:3183-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20161216180828.C2B5DFF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3183-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1842=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-4-2.1 kgraft-patch-3_12_62-60_62-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Fri Dec 16 12:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 20:07:53 +0100 (CET) Subject: SUSE-RU-2016:3187-1: Recommended update for libsolv, libzypp, zypper Message-ID: <20161216190753.94784FF5D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3187-1 Rating: low References: #1003748 #1004096 #1010712 #731333 #964932 #980263 #980901 #982379 #983141 #984494 #986694 #992302 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: The Software Update Stack was updated for fixes and enhancements. libsolv: - Fix segmentation fault in cshash dedup code. (bsc#980901) - Fix bug in ignoreinst logic. (bsc#983141) - Add pool->setdisttype to the bindings. - Fix error in repo_deb that could lead to missing packages. - Add pool_whatcontainsdep, selection_make_matchdepid, and SELECTION_MATCH_DEPSTR. - Add SOLVER_FAVOR and SOLVER_DISFAVOR job types. - Allow unknown archs in pool_setarch. - Add the SOLVER_FLAG_URPM_REORDER solver flag. - Fix supplements handling when implicitobsoleteusescolors is set. libzypp: - Let 'dup --from' leave updateTestcase logs in /var/log. (bsc#1004096) - Allow parsing multiple gpgkey= URLs. (bsc#1003748) - Fix parsing of multiline url entries. (bsc#964932) - Report numeric curl error if code is unrecognized. (bsc#992302) - Fix bug in removeRepository which may keep an empty .repo file rather than deleting it. (bsc#984494) zypper: - Do not warn about processes using deleted files when using --root. (bsc#731333) - Properly escape patch script output in xml mode. (bsc#1010712) - Do not require --ignore-unknown in non interactive remove-command. (bsc#980263) - Document in man page the known limitations when searching with --file-list. (bsc#982379) - Fix Brazilian Portuguese translation of options' prompt. (bsc#986694) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1844=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.22-2.22.6.1 libsolv-tools-0.6.22-2.22.6.1 libsolv-tools-debuginfo-0.6.22-2.22.6.1 libzypp-14.44.1-2.53.5 libzypp-debuginfo-14.44.1-2.53.5 libzypp-debugsource-14.44.1-2.53.5 perl-solv-0.6.22-2.22.6.1 perl-solv-debuginfo-0.6.22-2.22.6.1 python-solv-0.6.22-2.22.6.1 python-solv-debuginfo-0.6.22-2.22.6.1 zypper-1.11.59-2.49.1 zypper-debuginfo-1.11.59-2.49.1 zypper-debugsource-1.11.59-2.49.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-log-1.11.59-2.49.1 References: https://bugzilla.suse.com/1003748 https://bugzilla.suse.com/1004096 https://bugzilla.suse.com/1010712 https://bugzilla.suse.com/731333 https://bugzilla.suse.com/964932 https://bugzilla.suse.com/980263 https://bugzilla.suse.com/980901 https://bugzilla.suse.com/982379 https://bugzilla.suse.com/983141 https://bugzilla.suse.com/984494 https://bugzilla.suse.com/986694 https://bugzilla.suse.com/992302 From sle-updates at lists.suse.com Fri Dec 16 12:10:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 20:10:18 +0100 (CET) Subject: SUSE-SU-2016:3188-1: important: Security update for the Linux Kernel Message-ID: <20161216191018.EBEF1FF5D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3188-1 Rating: important References: #1013533 #1013604 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1845=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1845=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1845=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1845=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1845=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1845=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.67-60.64.24.1 kernel-default-debugsource-3.12.67-60.64.24.1 kernel-default-extra-3.12.67-60.64.24.1 kernel-default-extra-debuginfo-3.12.67-60.64.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.67-60.64.24.1 kernel-obs-build-debugsource-3.12.67-60.64.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.67-60.64.24.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.67-60.64.24.1 kernel-default-base-3.12.67-60.64.24.1 kernel-default-base-debuginfo-3.12.67-60.64.24.1 kernel-default-debuginfo-3.12.67-60.64.24.1 kernel-default-debugsource-3.12.67-60.64.24.1 kernel-default-devel-3.12.67-60.64.24.1 kernel-syms-3.12.67-60.64.24.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.67-60.64.24.1 kernel-xen-base-3.12.67-60.64.24.1 kernel-xen-base-debuginfo-3.12.67-60.64.24.1 kernel-xen-debuginfo-3.12.67-60.64.24.1 kernel-xen-debugsource-3.12.67-60.64.24.1 kernel-xen-devel-3.12.67-60.64.24.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.67-60.64.24.1 kernel-macros-3.12.67-60.64.24.1 kernel-source-3.12.67-60.64.24.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.67-60.64.24.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.67-60.64.24.1 kernel-ec2-debuginfo-3.12.67-60.64.24.1 kernel-ec2-debugsource-3.12.67-60.64.24.1 kernel-ec2-devel-3.12.67-60.64.24.1 kernel-ec2-extra-3.12.67-60.64.24.1 kernel-ec2-extra-debuginfo-3.12.67-60.64.24.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_24-default-1-2.1 kgraft-patch-3_12_67-60_64_24-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.67-60.64.24.1 kernel-macros-3.12.67-60.64.24.1 kernel-source-3.12.67-60.64.24.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.67-60.64.24.1 kernel-default-debuginfo-3.12.67-60.64.24.1 kernel-default-debugsource-3.12.67-60.64.24.1 kernel-default-devel-3.12.67-60.64.24.1 kernel-default-extra-3.12.67-60.64.24.1 kernel-default-extra-debuginfo-3.12.67-60.64.24.1 kernel-syms-3.12.67-60.64.24.1 kernel-xen-3.12.67-60.64.24.1 kernel-xen-debuginfo-3.12.67-60.64.24.1 kernel-xen-debugsource-3.12.67-60.64.24.1 kernel-xen-devel-3.12.67-60.64.24.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013604 From sle-updates at lists.suse.com Fri Dec 16 14:07:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 22:07:13 +0100 (CET) Subject: SUSE-SU-2016:3189-1: moderate: Security update for xorg-x11-libs Message-ID: <20161216210713.C0DF1FF5D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libs ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3189-1 Rating: moderate References: #1002998 #1003000 #1003012 #1003023 Cross-References: CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libs-12894=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libs-12894=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libs-12894=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.49.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.49.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.49.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.49.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libs-x86-7.4-8.26.49.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-debuginfo-7.4-8.26.49.1 xorg-x11-libs-debugsource-7.4-8.26.49.1 References: https://www.suse.com/security/cve/CVE-2016-7945.html https://www.suse.com/security/cve/CVE-2016-7946.html https://www.suse.com/security/cve/CVE-2016-7947.html https://www.suse.com/security/cve/CVE-2016-7948.html https://www.suse.com/security/cve/CVE-2016-7951.html https://www.suse.com/security/cve/CVE-2016-7952.html https://www.suse.com/security/cve/CVE-2016-7953.html https://bugzilla.suse.com/1002998 https://bugzilla.suse.com/1003000 https://bugzilla.suse.com/1003012 https://bugzilla.suse.com/1003023 From sle-updates at lists.suse.com Fri Dec 16 14:08:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2016 22:08:14 +0100 (CET) Subject: SUSE-RU-2016:3190-1: moderate: Recommended update for resource-agents Message-ID: <20161216210814.9BD27FF8A@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3190-1 Rating: moderate References: #1005424 #1007142 #1007867 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - docker: Use docker exec for monitor_cmd if supported (bsc#1007867) - adjusting sapdb.sh to work with HANA Multi-Tenant Databases (bsc#1007142) - oracle: fix issue with C## in monprofile (bsc#1005424) - nfsserver: Delete the temp file correctly. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1846=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ldirectord-3.9.7+git.1461938976.cb7c36a-12.2 monitoring-plugins-metadata-3.9.7+git.1461938976.cb7c36a-12.2 resource-agents-3.9.7+git.1461938976.cb7c36a-12.2 resource-agents-debuginfo-3.9.7+git.1461938976.cb7c36a-12.2 resource-agents-debugsource-3.9.7+git.1461938976.cb7c36a-12.2 References: https://bugzilla.suse.com/1005424 https://bugzilla.suse.com/1007142 https://bugzilla.suse.com/1007867 From sle-updates at lists.suse.com Mon Dec 19 06:06:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2016 14:06:57 +0100 (CET) Subject: SUSE-RU-2016:3192-1: moderate: Recommended update for wicked Message-ID: <20161219130657.4C686FF5D@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3192-1 Rating: moderate References: #865573 #902897 #913861 #916613 #916948 #972471 #973355 #974231 #975466 #981887 #982231 #982952 #984088 #985894 #988794 #988954 #989741 #997027 #998413 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 19 recommended fixes can now be installed. Description: This update provides Wicked 0.6.39, which brings the following fixes and enhancements: - dhcp: Support to define and request custom options, documented in wicked-config(5) and ifcfg-dhcp(5) manual pages. (bsc#988954) - dhcp6: Fix refresh on newprefix workaround. (bsc#972471) - dhcp4: Do not fail in capture on link type change. (bsc#975466) - dhcp4: Ignore invalid options, do not discard complete message. - dhcp4: Log and add sender (server or relay) ethernet hw-address to the lease. - ifdown: Show reasons to skip an action. (bsc#997027) - ifconfig: Fix to consider address scope in dbus model. (bsc#988794) - bonding: Set the primary slave in the master at enslave of the primary when it were not yet ready while setting up bond. (bsc#998413) - addrconf: Rewrite to run lease updates in background jobs and use netconfig 0.84 batch support if available. (bsc#989741) - auto6: Do not apply rdnss/dnssl if autoconf=0. (bsc#984088) - dhcp4: Initial support to request custom options. (bsc#916948, bsc#988954) - ovs: Use generic ovs type until we can query ovs. (bsc#982231) - dhcp4: Send hostname in discover. (bsc#985894) - address: Apply SUSE ifcfg IP_OPTIONS. (bsc#984088) - ifreload: Make output more informative. (bsc#982952) - rules: Do not fail when kernel support is missed. (bsc#981887) - nanny: Re-apply policies on device renames. (bsc#973355) - auto6: Apply rdnss/dnssl and wait for autoconf. (bsc#902897, bsc#916613) - spec: Removed ppp service template macro calls. (fate#317976) - ppp: Initial implementation of PPPoE support (fate#317976, bsc#865573, bsc#913861) - route: Initial routing policy rules support. (fate#312217) - tunnel: Add device binding support. (fate#317977) - dhcp6: Refresh ipv6 link on each prefix event to fix workaround for missed NEWLINK event on changes caused by RA. (bsc#972471) - macvlan: Fix enum values for BRIDGE and PASSTHRU modes. (bsc#974231) For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1850=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1850=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libwicked-0-6-0.6.39-28.3.1 libwicked-0-6-debuginfo-0.6.39-28.3.1 wicked-0.6.39-28.3.1 wicked-debuginfo-0.6.39-28.3.1 wicked-debugsource-0.6.39-28.3.1 wicked-service-0.6.39-28.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwicked-0-6-0.6.39-28.3.1 libwicked-0-6-debuginfo-0.6.39-28.3.1 wicked-0.6.39-28.3.1 wicked-debuginfo-0.6.39-28.3.1 wicked-debugsource-0.6.39-28.3.1 wicked-service-0.6.39-28.3.1 References: https://bugzilla.suse.com/865573 https://bugzilla.suse.com/902897 https://bugzilla.suse.com/913861 https://bugzilla.suse.com/916613 https://bugzilla.suse.com/916948 https://bugzilla.suse.com/972471 https://bugzilla.suse.com/973355 https://bugzilla.suse.com/974231 https://bugzilla.suse.com/975466 https://bugzilla.suse.com/981887 https://bugzilla.suse.com/982231 https://bugzilla.suse.com/982952 https://bugzilla.suse.com/984088 https://bugzilla.suse.com/985894 https://bugzilla.suse.com/988794 https://bugzilla.suse.com/988954 https://bugzilla.suse.com/989741 https://bugzilla.suse.com/997027 https://bugzilla.suse.com/998413 From sle-updates at lists.suse.com Mon Dec 19 13:07:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2016 21:07:21 +0100 (CET) Subject: SUSE-SU-2016:3193-1: moderate: Security update for ntp Message-ID: <20161219200722.01E60FF5D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3193-1 Rating: moderate References: #1009434 #1011377 #1011390 #1011395 #1011398 #1011404 #1011406 #1011411 #1011417 #943216 #956365 #981252 #988028 #992038 #992606 Cross-References: CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has three fixes is now available. Description: This update for ntp fixes the following issues: - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Security issues fixed (update to 4.2.8p9): - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in "sntp -a" (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12895=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12895=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p9-57.2 ntp-doc-4.2.8p9-57.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p9-57.2 ntp-debugsource-4.2.8p9-57.2 References: https://www.suse.com/security/cve/CVE-2015-5219.html https://www.suse.com/security/cve/CVE-2015-8139.html https://www.suse.com/security/cve/CVE-2015-8140.html https://www.suse.com/security/cve/CVE-2016-7426.html https://www.suse.com/security/cve/CVE-2016-7427.html https://www.suse.com/security/cve/CVE-2016-7428.html https://www.suse.com/security/cve/CVE-2016-7429.html https://www.suse.com/security/cve/CVE-2016-7431.html https://www.suse.com/security/cve/CVE-2016-7433.html https://www.suse.com/security/cve/CVE-2016-7434.html https://www.suse.com/security/cve/CVE-2016-9310.html https://www.suse.com/security/cve/CVE-2016-9311.html https://bugzilla.suse.com/1009434 https://bugzilla.suse.com/1011377 https://bugzilla.suse.com/1011390 https://bugzilla.suse.com/1011395 https://bugzilla.suse.com/1011398 https://bugzilla.suse.com/1011404 https://bugzilla.suse.com/1011406 https://bugzilla.suse.com/1011411 https://bugzilla.suse.com/1011417 https://bugzilla.suse.com/943216 https://bugzilla.suse.com/956365 https://bugzilla.suse.com/981252 https://bugzilla.suse.com/988028 https://bugzilla.suse.com/992038 https://bugzilla.suse.com/992606 From sle-updates at lists.suse.com Mon Dec 19 13:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2016 21:10:10 +0100 (CET) Subject: SUSE-RU-2016:3194-1: Recommended update for release-notes-susemanager Message-ID: <20161219201010.06D70FF5D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3194-1 Rating: low References: #1012331 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager 3.0 Release Notes have been updated to document: - New features + Support Service Pack migration for Salt minions. + python-pyinotify available in Tools channel. - New products: * SLES 12 SP2 for ARM 64bit. - Bugs fixed by latest updates: bsc#957653, bsc#971342, bsc#971622, bsc#976184, bsc#979630 bsc#981635, bsc#982347, bsc#983347, bsc#986019, bsc#990439 bsc#994848, bsc#998348, bsc#999852, bsc#1000184, bsc#1001738 bsc#1001784, bsc#1001923, bsc#1002678, bsc#1003449, bsc#1003449 bsc#1004047, bsc#1004260, bsc#1004521, bsc#1004717, bsc#1004723 bsc#1004725, bsc#1004743, bsc#1004745, bsc#1005102, bsc#1005677 bsc#1006188, bsc#1006718, bsc#1006786, bsc#1006982, bsc#1007459 bsc#1008221 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1854=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): release-notes-susemanager-3.0.2-0.43.1 References: https://bugzilla.suse.com/1012331 From sle-updates at lists.suse.com Mon Dec 19 13:10:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2016 21:10:34 +0100 (CET) Subject: SUSE-SU-2016:3195-1: moderate: Security update for ntp Message-ID: <20161219201034.9580BFF73@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3195-1 Rating: moderate References: #1009434 #1011377 #1011390 #1011395 #1011398 #1011404 #1011406 #1011411 #1011417 #943216 #956365 #981252 #988028 #992038 #992606 Cross-References: CVE-2015-5219 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 5 fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in "sntp -a" (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1853=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1853=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1853=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1853=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1853=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ntp-4.2.8p9-55.1 ntp-debuginfo-4.2.8p9-55.1 ntp-debugsource-4.2.8p9-55.1 ntp-doc-4.2.8p9-55.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ntp-4.2.8p9-55.1 ntp-debuginfo-4.2.8p9-55.1 ntp-debugsource-4.2.8p9-55.1 ntp-doc-4.2.8p9-55.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p9-55.1 ntp-debuginfo-4.2.8p9-55.1 ntp-debugsource-4.2.8p9-55.1 ntp-doc-4.2.8p9-55.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ntp-4.2.8p9-55.1 ntp-debuginfo-4.2.8p9-55.1 ntp-debugsource-4.2.8p9-55.1 ntp-doc-4.2.8p9-55.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p9-55.1 ntp-debuginfo-4.2.8p9-55.1 ntp-debugsource-4.2.8p9-55.1 ntp-doc-4.2.8p9-55.1 References: https://www.suse.com/security/cve/CVE-2015-5219.html https://www.suse.com/security/cve/CVE-2016-7426.html https://www.suse.com/security/cve/CVE-2016-7427.html https://www.suse.com/security/cve/CVE-2016-7428.html https://www.suse.com/security/cve/CVE-2016-7429.html https://www.suse.com/security/cve/CVE-2016-7431.html https://www.suse.com/security/cve/CVE-2016-7433.html https://www.suse.com/security/cve/CVE-2016-7434.html https://www.suse.com/security/cve/CVE-2016-9310.html https://www.suse.com/security/cve/CVE-2016-9311.html https://bugzilla.suse.com/1009434 https://bugzilla.suse.com/1011377 https://bugzilla.suse.com/1011390 https://bugzilla.suse.com/1011395 https://bugzilla.suse.com/1011398 https://bugzilla.suse.com/1011404 https://bugzilla.suse.com/1011406 https://bugzilla.suse.com/1011411 https://bugzilla.suse.com/1011417 https://bugzilla.suse.com/943216 https://bugzilla.suse.com/956365 https://bugzilla.suse.com/981252 https://bugzilla.suse.com/988028 https://bugzilla.suse.com/992038 https://bugzilla.suse.com/992606 From sle-updates at lists.suse.com Mon Dec 19 13:13:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2016 21:13:10 +0100 (CET) Subject: SUSE-SU-2016:3196-1: moderate: Security update for ntp Message-ID: <20161219201310.DEFDCFF5D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3196-1 Rating: moderate References: #1009434 #1011377 #1011390 #1011395 #1011398 #1011404 #1011406 #1011411 #1011417 #943216 #956365 #981252 #988028 #992038 #992606 Cross-References: CVE-2015-5219 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 5 fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in "sntp -a" (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1852=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1852=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): ntp-4.2.8p9-46.18.1 ntp-debuginfo-4.2.8p9-46.18.1 ntp-debugsource-4.2.8p9-46.18.1 ntp-doc-4.2.8p9-46.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p9-46.18.1 ntp-debuginfo-4.2.8p9-46.18.1 ntp-debugsource-4.2.8p9-46.18.1 ntp-doc-4.2.8p9-46.18.1 References: https://www.suse.com/security/cve/CVE-2015-5219.html https://www.suse.com/security/cve/CVE-2016-7426.html https://www.suse.com/security/cve/CVE-2016-7427.html https://www.suse.com/security/cve/CVE-2016-7428.html https://www.suse.com/security/cve/CVE-2016-7429.html https://www.suse.com/security/cve/CVE-2016-7431.html https://www.suse.com/security/cve/CVE-2016-7433.html https://www.suse.com/security/cve/CVE-2016-7434.html https://www.suse.com/security/cve/CVE-2016-9310.html https://www.suse.com/security/cve/CVE-2016-9311.html https://bugzilla.suse.com/1009434 https://bugzilla.suse.com/1011377 https://bugzilla.suse.com/1011390 https://bugzilla.suse.com/1011395 https://bugzilla.suse.com/1011398 https://bugzilla.suse.com/1011404 https://bugzilla.suse.com/1011406 https://bugzilla.suse.com/1011411 https://bugzilla.suse.com/1011417 https://bugzilla.suse.com/943216 https://bugzilla.suse.com/956365 https://bugzilla.suse.com/981252 https://bugzilla.suse.com/988028 https://bugzilla.suse.com/992038 https://bugzilla.suse.com/992606 From sle-updates at lists.suse.com Tue Dec 20 08:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2016 16:07:35 +0100 (CET) Subject: SUSE-SU-2016:3197-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20161220150735.8017BFF5D@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3197-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1855=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1855=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-4-2.1 kgraft-patch-3_12_60-52_54-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-4-2.1 kgraft-patch-3_12_60-52_54-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Tue Dec 20 09:07:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2016 17:07:47 +0100 (CET) Subject: SUSE-SU-2016:3199-1: important: Security update for dnsmasq Message-ID: <20161220160747.07AE9FF73@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3199-1 Rating: important References: #983273 Cross-References: CVE-2015-8899 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dnsmasq-12899=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dnsmasq-12899=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dnsmasq-2.71-0.16.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dnsmasq-debuginfo-2.71-0.16.3 dnsmasq-debugsource-2.71-0.16.3 References: https://www.suse.com/security/cve/CVE-2015-8899.html https://bugzilla.suse.com/983273 From sle-updates at lists.suse.com Tue Dec 20 09:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2016 17:08:18 +0100 (CET) Subject: SUSE-RU-2016:3200-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20161220160818.20216FF73@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3200-1 Rating: moderate References: #1014339 #981689 #986294 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides the following fixes: - Create the missing cache directory if it does not exist. (bsc#1014339) - Support region portability during registration. (bsc#986294) - Enable Nvidia repository only on instances that have Nvidia "hardware". - Enable the public cloud repository module repository after registration. (bsc#981689) - Add option "metadata_server" to indicate that the SMT server data is supposed to be pulled from a metadata server rather than a region server. Intended to aid integration of the update infrastructure into SUSE OpenStack Cloud. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1859=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-7.0.1-42.1 cloud-regionsrv-client-generic-config-1.0.0-42.1 cloud-regionsrv-client-plugin-gce-1.0.0-42.1 References: https://bugzilla.suse.com/1014339 https://bugzilla.suse.com/981689 https://bugzilla.suse.com/986294 From sle-updates at lists.suse.com Tue Dec 20 14:07:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2016 22:07:09 +0100 (CET) Subject: SUSE-SU-2016:3203-1: important: Security update for the Linux Kernel Message-ID: <20161220210709.B3E69F7B7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3203-1 Rating: important References: #1013533 #1013604 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-linux-kernel-12901=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-linux-kernel-12901=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-linux-kernel-12901=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-12901=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-91.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-91.1 kernel-default-base-3.0.101-91.1 kernel-default-devel-3.0.101-91.1 kernel-source-3.0.101-91.1 kernel-syms-3.0.101-91.1 kernel-trace-3.0.101-91.1 kernel-trace-base-3.0.101-91.1 kernel-trace-devel-3.0.101-91.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-91.1 kernel-ec2-base-3.0.101-91.1 kernel-ec2-devel-3.0.101-91.1 kernel-xen-3.0.101-91.1 kernel-xen-base-3.0.101-91.1 kernel-xen-devel-3.0.101-91.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-91.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-91.1 kernel-bigmem-base-3.0.101-91.1 kernel-bigmem-devel-3.0.101-91.1 kernel-ppc64-3.0.101-91.1 kernel-ppc64-base-3.0.101-91.1 kernel-ppc64-devel-3.0.101-91.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-91.1 kernel-pae-base-3.0.101-91.1 kernel-pae-devel-3.0.101-91.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-91.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-91.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-91.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-91.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-91.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-91.1 kernel-default-debugsource-3.0.101-91.1 kernel-trace-debuginfo-3.0.101-91.1 kernel-trace-debugsource-3.0.101-91.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-91.1 kernel-trace-devel-debuginfo-3.0.101-91.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-91.1 kernel-ec2-debugsource-3.0.101-91.1 kernel-xen-debuginfo-3.0.101-91.1 kernel-xen-debugsource-3.0.101-91.1 kernel-xen-devel-debuginfo-3.0.101-91.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-91.1 kernel-bigmem-debugsource-3.0.101-91.1 kernel-ppc64-debuginfo-3.0.101-91.1 kernel-ppc64-debugsource-3.0.101-91.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-91.1 kernel-pae-debugsource-3.0.101-91.1 kernel-pae-devel-debuginfo-3.0.101-91.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013604 From sle-updates at lists.suse.com Wed Dec 21 06:07:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 14:07:12 +0100 (CET) Subject: SUSE-RU-2016:3204-1: Recommended updated for pth Message-ID: <20161221130712.2A136F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended updated for pth ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3204-1 Rating: low References: #1013286 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds the 32bit version of libpth20 to SUSE Linux Enterprise 12 SP1 and 12 SP2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1863=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1863=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1863=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1863=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1863=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1863=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1863=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpth-devel-2.0.7-140.1 pth-debugsource-2.0.7-140.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpth-devel-2.0.7-140.1 pth-debugsource-2.0.7-140.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpth20-2.0.7-140.1 libpth20-debuginfo-2.0.7-140.1 pth-debugsource-2.0.7-140.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpth20-2.0.7-140.1 libpth20-debuginfo-2.0.7-140.1 pth-debugsource-2.0.7-140.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpth20-32bit-2.0.7-140.1 libpth20-debuginfo-32bit-2.0.7-140.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpth20-2.0.7-140.1 libpth20-debuginfo-2.0.7-140.1 pth-debugsource-2.0.7-140.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpth20-32bit-2.0.7-140.1 libpth20-debuginfo-32bit-2.0.7-140.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpth20-2.0.7-140.1 libpth20-32bit-2.0.7-140.1 libpth20-debuginfo-2.0.7-140.1 libpth20-debuginfo-32bit-2.0.7-140.1 pth-debugsource-2.0.7-140.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpth20-2.0.7-140.1 libpth20-32bit-2.0.7-140.1 libpth20-debuginfo-2.0.7-140.1 libpth20-debuginfo-32bit-2.0.7-140.1 pth-debugsource-2.0.7-140.1 References: https://bugzilla.suse.com/1013286 From sle-updates at lists.suse.com Wed Dec 21 09:07:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 17:07:25 +0100 (CET) Subject: SUSE-SU-2016:3205-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20161221160725.247ABFF5D@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3205-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1865=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-2-2.1 kgraft-patch-3_12_67-60_64_18-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Wed Dec 21 09:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 17:08:05 +0100 (CET) Subject: SUSE-SU-2016:3206-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20161221160805.0B2DBFF5D@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3206-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1864=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Wed Dec 21 11:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 19:08:17 +0100 (CET) Subject: SUSE-SU-2016:3207-1: important: Security update for xen Message-ID: <20161221180817.28172F7B7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3207-1 Rating: important References: #1012651 #1014298 #1016340 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-9932 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1867=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1867=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1867=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.5_04-22.6.1 xen-devel-4.5.5_04-22.6.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.5_04-22.6.1 xen-debugsource-4.5.5_04-22.6.1 xen-doc-html-4.5.5_04-22.6.1 xen-kmp-default-4.5.5_04_k3.12.67_60.64.24-22.6.1 xen-kmp-default-debuginfo-4.5.5_04_k3.12.67_60.64.24-22.6.1 xen-libs-32bit-4.5.5_04-22.6.1 xen-libs-4.5.5_04-22.6.1 xen-libs-debuginfo-32bit-4.5.5_04-22.6.1 xen-libs-debuginfo-4.5.5_04-22.6.1 xen-tools-4.5.5_04-22.6.1 xen-tools-debuginfo-4.5.5_04-22.6.1 xen-tools-domU-4.5.5_04-22.6.1 xen-tools-domU-debuginfo-4.5.5_04-22.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.5_04-22.6.1 xen-debugsource-4.5.5_04-22.6.1 xen-kmp-default-4.5.5_04_k3.12.67_60.64.24-22.6.1 xen-kmp-default-debuginfo-4.5.5_04_k3.12.67_60.64.24-22.6.1 xen-libs-32bit-4.5.5_04-22.6.1 xen-libs-4.5.5_04-22.6.1 xen-libs-debuginfo-32bit-4.5.5_04-22.6.1 xen-libs-debuginfo-4.5.5_04-22.6.1 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1016340 From sle-updates at lists.suse.com Wed Dec 21 11:09:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 19:09:04 +0100 (CET) Subject: SUSE-SU-2016:3208-1: important: Security update for xen Message-ID: <20161221180904.E873AFF5D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3208-1 Rating: important References: #1012651 #1014298 #1014300 #1016340 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-9932 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) - A missing NULL pointer check in VMFUNC emulation could lead to a hypervisor crash leading to a Denial of Servce. (XSA-203, bsc#1014300, CVE-2016-10025) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1866=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1866=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1866=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.1_04-28.1 xen-devel-4.7.1_04-28.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.1_04-28.1 xen-debugsource-4.7.1_04-28.1 xen-doc-html-4.7.1_04-28.1 xen-libs-32bit-4.7.1_04-28.1 xen-libs-4.7.1_04-28.1 xen-libs-debuginfo-32bit-4.7.1_04-28.1 xen-libs-debuginfo-4.7.1_04-28.1 xen-tools-4.7.1_04-28.1 xen-tools-debuginfo-4.7.1_04-28.1 xen-tools-domU-4.7.1_04-28.1 xen-tools-domU-debuginfo-4.7.1_04-28.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.1_04-28.1 xen-debugsource-4.7.1_04-28.1 xen-libs-32bit-4.7.1_04-28.1 xen-libs-4.7.1_04-28.1 xen-libs-debuginfo-32bit-4.7.1_04-28.1 xen-libs-debuginfo-4.7.1_04-28.1 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-10025.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1014300 https://bugzilla.suse.com/1016340 From sle-updates at lists.suse.com Wed Dec 21 12:07:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 20:07:19 +0100 (CET) Subject: SUSE-SU-2016:3209-1: moderate: Security update for zlib Message-ID: <20161221190719.54A5EF7B7@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3209-1 Rating: moderate References: #1003577 #1003579 #1003580 #1013882 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for zlib fixes the following issues: * Incompatible declarations for external linkage function deflate (bnc#1003577) * CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) * CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) * CVE-2016-9843: Big-endian out-of-bounds pointer Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-zlib-12902=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-zlib-12902=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-zlib-12902=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): zlib-devel-1.2.7-0.14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): zlib-devel-32bit-1.2.7-0.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): zlib-1.2.7-0.14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): zlib-32bit-1.2.7-0.14.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): zlib-x86-1.2.7-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): zlib-debuginfo-1.2.7-0.14.1 zlib-debugsource-1.2.7-0.14.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://bugzilla.suse.com/1003577 https://bugzilla.suse.com/1003579 https://bugzilla.suse.com/1003580 https://bugzilla.suse.com/1013882 From sle-updates at lists.suse.com Wed Dec 21 12:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 20:08:22 +0100 (CET) Subject: SUSE-SU-2016:3210-1: important: Security update for MozillaFirefox Message-ID: <20161221190822.83593F7CB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3210-1 Rating: important References: #1000751 #1015422 Cross-References: CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Also the following bug was fixed: - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12903=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12903=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12903=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12903=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12903=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12903=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-12903=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12903=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12903=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.6.0esr-62.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-62.1 MozillaFirefox-debugsource-45.6.0esr-62.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-62.1 MozillaFirefox-debugsource-45.6.0esr-62.1 References: https://www.suse.com/security/cve/CVE-2016-9893.html https://www.suse.com/security/cve/CVE-2016-9895.html https://www.suse.com/security/cve/CVE-2016-9897.html https://www.suse.com/security/cve/CVE-2016-9898.html https://www.suse.com/security/cve/CVE-2016-9899.html https://www.suse.com/security/cve/CVE-2016-9900.html https://www.suse.com/security/cve/CVE-2016-9901.html https://www.suse.com/security/cve/CVE-2016-9902.html https://www.suse.com/security/cve/CVE-2016-9904.html https://www.suse.com/security/cve/CVE-2016-9905.html https://bugzilla.suse.com/1000751 https://bugzilla.suse.com/1015422 From sle-updates at lists.suse.com Wed Dec 21 12:09:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 20:09:04 +0100 (CET) Subject: SUSE-SU-2016:3211-1: moderate: Security update for gd Message-ID: <20161221190904.22403F7CB@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3211-1 Rating: moderate References: #1015187 Cross-References: CVE-2016-9933 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1868=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1868=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1868=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1868=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1868=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1868=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1868=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1868=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1868=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gd-32bit-2.1.0-20.1 gd-debuginfo-32bit-2.1.0-20.1 gd-debugsource-2.1.0-20.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gd-32bit-2.1.0-20.1 gd-debuginfo-32bit-2.1.0-20.1 gd-debugsource-2.1.0-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-20.1 gd-debugsource-2.1.0-20.1 gd-devel-2.1.0-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gd-debuginfo-2.1.0-20.1 gd-debugsource-2.1.0-20.1 gd-devel-2.1.0-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gd-2.1.0-20.1 gd-debuginfo-2.1.0-20.1 gd-debugsource-2.1.0-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gd-2.1.0-20.1 gd-debuginfo-2.1.0-20.1 gd-debugsource-2.1.0-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gd-2.1.0-20.1 gd-debuginfo-2.1.0-20.1 gd-debugsource-2.1.0-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gd-2.1.0-20.1 gd-32bit-2.1.0-20.1 gd-debuginfo-2.1.0-20.1 gd-debuginfo-32bit-2.1.0-20.1 gd-debugsource-2.1.0-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gd-2.1.0-20.1 gd-32bit-2.1.0-20.1 gd-debuginfo-2.1.0-20.1 gd-debuginfo-32bit-2.1.0-20.1 gd-debugsource-2.1.0-20.1 References: https://www.suse.com/security/cve/CVE-2016-9933.html https://bugzilla.suse.com/1015187 From sle-updates at lists.suse.com Wed Dec 21 13:07:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 21:07:14 +0100 (CET) Subject: SUSE-OU-2016:3212-1: Initial release of cloud-regionsrv Message-ID: <20161221200714.137F2F7B7@maintenance.suse.de> SUSE Optional Update: Initial release of cloud-regionsrv ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3212-1 Rating: low References: #979331 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds cloud-regionsrv to the Public Cloud Module for SUSE Linux Enterprise Server 12. The region service provides functionality to correlate SMT server information with the region in which they are deployed and provide this information to a guest that connects using the region server client. For detailed setup instructions see the best practices guide: https://www.suse.com/documentation/suse-best-practices/publiccloudinfra/dat a/publiccloudinfra.html Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1871=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.18-10.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-7.0.1-2.1 cloud-regionsrv-generic-config-1.0.0-2.1 python-Flask-0.10.1-4.1 python-Jinja2-2.7.3-19.3.1 python-Werkzeug-0.9.6-7.1 python-itsdangerous-0.24-4.1 References: https://bugzilla.suse.com/979331 From sle-updates at lists.suse.com Wed Dec 21 13:07:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 21:07:37 +0100 (CET) Subject: SUSE-RU-2016:3213-1: Recommended update for ses-upgrade-helper Message-ID: <20161221200737.9A1C4F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-upgrade-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3213-1 Rating: low References: #1011949 #1012930 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ses-upgrade-helper fixes the following issues: - upgrade-ses: Add auto agree with licenses. (bsc#1011949) - upgrade-ses: Remove erroneous shift from command line parsing. (bsc#1012930) - upgrade-ses: Cover sudoers.d file for ceph admin user rename. - upgrade-ses: Final report cleanup. - upgrade-ses: disable_restart_on_update if ceph sysconfig file exists. - upgrade-ses: Cleanup TODOs and whitespace. - upgrade-ses: Update zypper dup description. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2016-1872=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): ses-upgrade-helper-0.6+git.1480636496.80dd2a7-5.1 References: https://bugzilla.suse.com/1011949 https://bugzilla.suse.com/1012930 From sle-updates at lists.suse.com Wed Dec 21 13:08:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 21:08:13 +0100 (CET) Subject: SUSE-OU-2016:3214-1: Optional update for mailx, mailx-openssl1 Message-ID: <20161221200813.39883F7CB@maintenance.suse.de> SUSE Optional Update: Optional update for mailx, mailx-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3214-1 Rating: low References: #1012814 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update delivers an additional mailx version built against openssl1 to enable TLS 1.2 support for SMTP, IMAP and POP3 connections. The main mailx package is also updated to use update-alternatives, easing the switch between the version built against openssl 0.9.8j and the one using openssl 1.0.1. The original mailx package includes /usr/bin/mailx.openssl0 and /usr/bin/mailx links to this binary by default. A new package mailx-openssl1 is supplied via the SECURITY module, including the /usr/bin/mailx.openssl1 binary. To switch /usr/bin/mailx to use openssl 1.0.1 and so support TLS 1.2 in encrypted connections use: update-alternatives --set mailx /usr/bin/mailx.openssl1 to switch back, use: update-alternatives --set mailx /usr/bin/mailx.openssl0 to display the current state use: update-alternatives --display mailx Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-mailx-12904=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-mailx-12904=1 - SUSE Manager 2.1: zypper in -t patch sleman21-mailx-12904=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mailx-12904=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mailx-12904=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-mailx-12904=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mailx-12904=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mailx-12904=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mailx-12904=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): mailx-12.5-1.11.2 - SUSE Manager Proxy 2.1 (x86_64): mailx-12.5-1.11.2 - SUSE Manager 2.1 (s390x x86_64): mailx-12.5-1.11.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mailx-12.5-1.11.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): mailx-12.5-1.11.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): mailx-openssl1-12.5-1.11.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mailx-12.5-1.11.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mailx-debuginfo-12.5-1.11.2 mailx-debugsource-12.5-1.11.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mailx-debuginfo-12.5-1.11.2 mailx-debugsource-12.5-1.11.2 References: https://bugzilla.suse.com/1012814 From sle-updates at lists.suse.com Wed Dec 21 13:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 21:08:56 +0100 (CET) Subject: SUSE-RU-2016:3216-1: Recommended update for ses-upgrade-helper Message-ID: <20161221200856.62151F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-upgrade-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3216-1 Rating: low References: #1010930 #1011949 #1012930 #994867 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ses-upgrade-helper fixes the following issues: - ses-upgrade-notes: Upgrade process notes. - upgrade-ses: Recursively chown ceph log directory. (bsc#1010930) - upgrade-ses: Remove erroneous shift from command line parsing. (bsc#1012930) - upgrade-ses: Check OSD journal and data partitions. (bsc#994867) - upgrade-ses: Add auto agree with licenses. (bsc#1011949) - upgrade-ses: disable_restart_on_update if ceph sysconfig file exists. - upgrade-ses: Update zypper dup description. - upgrade-ses: Renamed script from update-to-ses3.sh to upgrade-from-ses.sh. - upgrade-ses: Created symlinks for scripts and man page for backwards compatibility. - upgrade-ses: Use SES_VER global variable instead of hard SES versions. - upgrade-ses: user_ceph_not_in_use re-work for SES4. - upgrade-ses: Upgrade doc url to reflect SES version. - upgrade-ses: Fix disable and restart on upgrade handling. - upgrade-ses: chown_var_lib_ceph rework for SES4. - upgrade-ses: Remove var lib ownership check. - upgrade-ses: Cover sudoers.d file for ceph admin user rename. - upgrade-ses: Final report cleanup. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1873=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ses-upgrade-helper-0.6+git.1480636496.80dd2a7-13.1 References: https://bugzilla.suse.com/1010930 https://bugzilla.suse.com/1011949 https://bugzilla.suse.com/1012930 https://bugzilla.suse.com/994867 From sle-updates at lists.suse.com Wed Dec 21 13:09:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 21:09:49 +0100 (CET) Subject: SUSE-SU-2016:3217-1: important: Security update for the Linux Kernel Message-ID: <20161221200949.93CB7F7CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3217-1 Rating: important References: #1013533 #1013604 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive two security fixes. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1876=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1876=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1876=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.60-52.63.1 kernel-default-base-3.12.60-52.63.1 kernel-default-base-debuginfo-3.12.60-52.63.1 kernel-default-debuginfo-3.12.60-52.63.1 kernel-default-debugsource-3.12.60-52.63.1 kernel-default-devel-3.12.60-52.63.1 kernel-syms-3.12.60-52.63.1 kernel-xen-3.12.60-52.63.1 kernel-xen-base-3.12.60-52.63.1 kernel-xen-base-debuginfo-3.12.60-52.63.1 kernel-xen-debuginfo-3.12.60-52.63.1 kernel-xen-debugsource-3.12.60-52.63.1 kernel-xen-devel-3.12.60-52.63.1 kgraft-patch-3_12_60-52_63-default-1-2.1 kgraft-patch-3_12_60-52_63-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.60-52.63.1 kernel-macros-3.12.60-52.63.1 kernel-source-3.12.60-52.63.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.60-52.63.1 kernel-default-base-3.12.60-52.63.1 kernel-default-base-debuginfo-3.12.60-52.63.1 kernel-default-debuginfo-3.12.60-52.63.1 kernel-default-debugsource-3.12.60-52.63.1 kernel-default-devel-3.12.60-52.63.1 kernel-syms-3.12.60-52.63.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.60-52.63.1 kernel-macros-3.12.60-52.63.1 kernel-source-3.12.60-52.63.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.60-52.63.1 kernel-xen-base-3.12.60-52.63.1 kernel-xen-base-debuginfo-3.12.60-52.63.1 kernel-xen-debuginfo-3.12.60-52.63.1 kernel-xen-debugsource-3.12.60-52.63.1 kernel-xen-devel-3.12.60-52.63.1 kgraft-patch-3_12_60-52_63-default-1-2.1 kgraft-patch-3_12_60-52_63-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.60-52.63.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.60-52.63.1 kernel-ec2-debuginfo-3.12.60-52.63.1 kernel-ec2-debugsource-3.12.60-52.63.1 kernel-ec2-devel-3.12.60-52.63.1 kernel-ec2-extra-3.12.60-52.63.1 kernel-ec2-extra-debuginfo-3.12.60-52.63.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013604 From sle-updates at lists.suse.com Wed Dec 21 13:10:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2016 21:10:42 +0100 (CET) Subject: SUSE-RU-2016:3219-1: moderate: Recommended update for rubygem-rest-client, rubygem-crowbar-client, crowbar-core Message-ID: <20161221201042.C1B52F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-rest-client, rubygem-crowbar-client, crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3219-1 Rating: moderate References: #1005149 #1012261 #993445 #994125 #996542 #997293 #999637 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides rubygem-rest-client 2.0. This new backend is required by newer versions of crowbar-client for compatibility with the Crowbar v2.0 API and replaces the existing httparty backend. The Crowbar v2.0 API got introduced to provide a clean API for external services like the new Crowbar Angular UI or the crowbar-client. The new API is also the main connection point during an upgrade from SUSE OpenStack Cloud 6 to 7. Additionally the following issues have been fixed: - crowbar: Improve SUSE Manager integration. (bsc#996542) - crowbar: Remove obsolete firewall sanity check. (bsc#999637) - crowbar: Improve UEFI node installation via autoyast. - crowbarctl: Improve repository handling. (bsc#993445) - crowbarctl: Improve batch export subcommand. (bsc#994125) - crowbarctl: Drop batch build subcommand. - crowbar-core: Perform prepare in background. (bsc#997293) - rubygem-crowbar-client: Adapt request url's to various API changes. (bsc#1005149) - rybygem-crowbar-client: Fix batch export sub-command. (bsc#994125) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1875=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-chef-10.32.2-13.4 ruby2.1-rubygem-crowbar-client-3.1.5-6.1 ruby2.1-rubygem-domain_name-0.5.20160615-2.2 ruby2.1-rubygem-http-cookie-1.0.2-2.2 ruby2.1-rubygem-mime-types-2.6.1-6.1 ruby2.1-rubygem-netrc-0.11.0-2.2 ruby2.1-rubygem-rest-client-2.0.0-2.3 ruby2.1-rubygem-unf-0.1.4-2.2 ruby2.1-rubygem-unf_ext-0.0.7.2-2.3 ruby2.1-rubygem-unf_ext-debuginfo-0.0.7.2-2.3 rubygem-chef-10.32.2-13.4 - SUSE OpenStack Cloud 6 (noarch): crowbar-core-3.0+git.1479224930.e38d187-14.3 crowbar-core-branding-upstream-3.0+git.1479224930.e38d187-14.3 References: https://bugzilla.suse.com/1005149 https://bugzilla.suse.com/1012261 https://bugzilla.suse.com/993445 https://bugzilla.suse.com/994125 https://bugzilla.suse.com/996542 https://bugzilla.suse.com/997293 https://bugzilla.suse.com/999637 From sle-updates at lists.suse.com Wed Dec 21 17:08:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 01:08:45 +0100 (CET) Subject: SUSE-SU-2016:3221-1: important: Security update for xen Message-ID: <20161222000845.9430EF7B7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3221-1 Rating: important References: #1012651 #1014298 #1016340 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-9932 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12905=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12905=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12905=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_12-46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_12_3.0.101_91-46.1 xen-libs-4.4.4_12-46.1 xen-tools-domU-4.4.4_12-46.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_12-46.1 xen-doc-html-4.4.4_12-46.1 xen-libs-32bit-4.4.4_12-46.1 xen-tools-4.4.4_12-46.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_12-46.1 xen-debugsource-4.4.4_12-46.1 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1016340 From sle-updates at lists.suse.com Wed Dec 21 18:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 02:08:15 +0100 (CET) Subject: SUSE-SU-2016:3222-1: important: Security update for MozillaFirefox Message-ID: <20161222010815.46CBAF7B7@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3222-1 Rating: important References: #1015422 Cross-References: CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1880=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1880=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1880=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1880=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1880=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1880=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1880=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1880=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1880=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-devel-45.6.0esr-96.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-devel-45.6.0esr-96.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.6.0esr-96.1 MozillaFirefox-debuginfo-45.6.0esr-96.1 MozillaFirefox-debugsource-45.6.0esr-96.1 MozillaFirefox-translations-45.6.0esr-96.1 References: https://www.suse.com/security/cve/CVE-2016-9893.html https://www.suse.com/security/cve/CVE-2016-9895.html https://www.suse.com/security/cve/CVE-2016-9897.html https://www.suse.com/security/cve/CVE-2016-9898.html https://www.suse.com/security/cve/CVE-2016-9899.html https://www.suse.com/security/cve/CVE-2016-9900.html https://www.suse.com/security/cve/CVE-2016-9901.html https://www.suse.com/security/cve/CVE-2016-9902.html https://www.suse.com/security/cve/CVE-2016-9904.html https://www.suse.com/security/cve/CVE-2016-9905.html https://bugzilla.suse.com/1015422 From sle-updates at lists.suse.com Wed Dec 21 18:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 02:08:42 +0100 (CET) Subject: SUSE-SU-2016:3223-1: important: Security update for MozillaFirefox Message-ID: <20161222010842.F1670F7CB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3223-1 Rating: important References: #1000751 #1015422 Cross-References: CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12907=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-45.6.0esr-66.1 MozillaFirefox-translations-45.6.0esr-66.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-66.1 MozillaFirefox-debugsource-45.6.0esr-66.1 References: https://www.suse.com/security/cve/CVE-2016-9893.html https://www.suse.com/security/cve/CVE-2016-9895.html https://www.suse.com/security/cve/CVE-2016-9897.html https://www.suse.com/security/cve/CVE-2016-9898.html https://www.suse.com/security/cve/CVE-2016-9899.html https://www.suse.com/security/cve/CVE-2016-9900.html https://www.suse.com/security/cve/CVE-2016-9901.html https://www.suse.com/security/cve/CVE-2016-9902.html https://www.suse.com/security/cve/CVE-2016-9904.html https://www.suse.com/security/cve/CVE-2016-9905.html https://bugzilla.suse.com/1000751 https://bugzilla.suse.com/1015422 From sle-updates at lists.suse.com Wed Dec 21 18:09:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 02:09:21 +0100 (CET) Subject: SUSE-OU-2016:3224-1: Optional update for perl-Net-SSLeay, perl-Crypt-SSLeay Message-ID: <20161222010921.24923F7CB@maintenance.suse.de> SUSE Optional Update: Optional update for perl-Net-SSLeay, perl-Crypt-SSLeay ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3224-1 Rating: low References: #1014832 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update contains a new version of perl-Net-SSLeay built against openssl 1.0.1. The new package is called perl-Net-SSLeay-openssl1 and provided in the SUSE Linux Enterprise 11 Security Module. Only one of perl-Net-SSLeay-openssl1 or perl-Net-SSLeay can be installed. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-Net-Crypt-SSLeay-12906=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-perl-Net-Crypt-SSLeay-12906=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-Net-Crypt-SSLeay-12906=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-Crypt-SSLeay-0.57-1.21.1 perl-Net-SSLeay-1.64-0.9.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): perl-Crypt-SSLeay-openssl1-0.57-1.21.1 perl-Net-SSLeay-openssl1-1.64-0.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-Crypt-SSLeay-debuginfo-0.57-1.21.1 perl-Crypt-SSLeay-debugsource-0.57-1.21.1 perl-Crypt-SSLeay-openssl1-debuginfo-0.57-1.21.1 perl-Crypt-SSLeay-openssl1-debugsource-0.57-1.21.1 perl-Net-SSLeay-debuginfo-1.64-0.9.1 perl-Net-SSLeay-debugsource-1.64-0.9.1 perl-Net-SSLeay-openssl1-debuginfo-1.64-0.9.1 perl-Net-SSLeay-openssl1-debugsource-1.64-0.9.1 References: https://bugzilla.suse.com/1014832 From sle-updates at lists.suse.com Thu Dec 22 05:07:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 13:07:30 +0100 (CET) Subject: SUSE-RU-2016:3225-1: moderate: Recommended update for powerpc-utils Message-ID: <20161222120730.27502F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3225-1 Rating: moderate References: #1012527 #957445 #994925 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides powerpc-utils version 1.3.2, which brings several fixes and enhancements. - Correct drmgr's LMB counting when discovering LMBs. This fixes dynamic addition of memory. (bsc#957445) - Fix segmentation fault when parsing /proc/interrupts. (bsc#994925) - Ignore whitespace at beginning of /proc/interrupts SPU line. - Adjust libvirt dependency service name. - Package smt-off.service. For a comprehensive list of changes please refer to the ChangeLog document included within the package's documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le): powerpc-utils-1.3.2-10.3.1 powerpc-utils-debuginfo-1.3.2-10.3.1 powerpc-utils-debugsource-1.3.2-10.3.1 References: https://bugzilla.suse.com/1012527 https://bugzilla.suse.com/957445 https://bugzilla.suse.com/994925 From sle-updates at lists.suse.com Thu Dec 22 07:08:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 15:08:06 +0100 (CET) Subject: SUSE-RU-2016:3229-1: Recommended update for openstack-heat-templates Message-ID: <20161222140806.F3667F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-heat-templates ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3229-1 Rating: low References: #1010038 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-heat-templates fixes the following issues: - Update to latest version from OpenStack upstream. (bsc#1010038) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-heat-templates-12908=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openstack-heat-templates-0.0.0+git.1449009470.2b1f1ea-9.1 References: https://bugzilla.suse.com/1010038 From sle-updates at lists.suse.com Thu Dec 22 07:09:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 15:09:41 +0100 (CET) Subject: SUSE-RU-2016:3234-1: Recommended update for supportutils Message-ID: <20161222140941.42BBDF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3234-1 Rating: low References: #995387 #997615 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Add limits to journalctl to speed up data collection. (bsc#997615) - Restore missing vgs and lvs commands to lvm.txt. (bsc#995387) - Collect information about network namespaces. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1883=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1883=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1883=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1883=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1883=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): supportutils-3.0-88.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): supportutils-3.0-88.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): supportutils-3.0-88.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): supportutils-3.0-88.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): supportutils-3.0-88.1 References: https://bugzilla.suse.com/995387 https://bugzilla.suse.com/997615 From sle-updates at lists.suse.com Thu Dec 22 08:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 16:07:35 +0100 (CET) Subject: SUSE-SU-2016:3241-1: important: Security update for xen Message-ID: <20161222150735.6B65CF7B7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3241-1 Rating: important References: #1012651 #1014298 #1016340 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-9932 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1885=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1885=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_05-22.28.2 xen-debugsource-4.4.4_05-22.28.2 xen-doc-html-4.4.4_05-22.28.2 xen-kmp-default-4.4.4_05_k3.12.60_52.63-22.28.2 xen-kmp-default-debuginfo-4.4.4_05_k3.12.60_52.63-22.28.2 xen-libs-32bit-4.4.4_05-22.28.2 xen-libs-4.4.4_05-22.28.2 xen-libs-debuginfo-32bit-4.4.4_05-22.28.2 xen-libs-debuginfo-4.4.4_05-22.28.2 xen-tools-4.4.4_05-22.28.2 xen-tools-debuginfo-4.4.4_05-22.28.2 xen-tools-domU-4.4.4_05-22.28.2 xen-tools-domU-debuginfo-4.4.4_05-22.28.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_05-22.28.2 xen-debugsource-4.4.4_05-22.28.2 xen-doc-html-4.4.4_05-22.28.2 xen-kmp-default-4.4.4_05_k3.12.60_52.63-22.28.2 xen-kmp-default-debuginfo-4.4.4_05_k3.12.60_52.63-22.28.2 xen-libs-32bit-4.4.4_05-22.28.2 xen-libs-4.4.4_05-22.28.2 xen-libs-debuginfo-32bit-4.4.4_05-22.28.2 xen-libs-debuginfo-4.4.4_05-22.28.2 xen-tools-4.4.4_05-22.28.2 xen-tools-debuginfo-4.4.4_05-22.28.2 xen-tools-domU-4.4.4_05-22.28.2 xen-tools-domU-debuginfo-4.4.4_05-22.28.2 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1016340 From sle-updates at lists.suse.com Thu Dec 22 09:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 17:08:31 +0100 (CET) Subject: SUSE-RU-2016:3242-1: Recommended update for sle-live-patching-release Message-ID: <20161222160831.69D0CF7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-live-patching-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3242-1 Rating: low References: #1013948 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Live Patching Extension introduces information about the life cycle of packages provided in the module. On SUSE Linux Enterprise Server 12 SP2 systems customers can install the new "zypper-lifecycle-plugin" and run "zypper lifecycle" to check the end of support dates for each package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1887=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): sle-live-patching-release-12-5.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-2.1 References: https://bugzilla.suse.com/1013948 From sle-updates at lists.suse.com Thu Dec 22 09:08:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 17:08:57 +0100 (CET) Subject: SUSE-RU-2016:3243-1: Recommended update for lifecycle-data-sle-module-web-scripting Message-ID: <20161222160857.35D6CF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-web-scripting ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3243-1 Rating: low References: #1013222 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Web and Scripting Module introduces information about the life cycle of packages provided in the module. On SUSE Linux Enterprise Server 12 SP2 systems customers can install the new "zypper-lifecycle-plugin" and run "zypper lifecycle" to check the end of support dates for each package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1888=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-web-scripting-1-6.1 sle-module-web-scripting-release-12-9.1 sle-module-web-scripting-release-cd-12-9.1 References: https://bugzilla.suse.com/1013222 From sle-updates at lists.suse.com Thu Dec 22 09:09:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 17:09:20 +0100 (CET) Subject: SUSE-RU-2016:3244-1: Recommended update for sle-module-toolchain-release Message-ID: <20161222160920.D8968F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-toolchain-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3244-1 Rating: low References: #1013847 Affected Products: SUSE Linux Enterprise Module for Toolchain 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Toolchain Module introduces information about the life cycle of packages provided in the module. On SUSE Linux Enterprise Server 12 SP2 systems customers can install the new "zypper-lifecycle-plugin" and run "zypper lifecycle" to check the end of support dates for each package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2016-1886=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): sle-module-toolchain-release-12-8.1 sle-module-toolchain-release-cd-12-8.1 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): lifecycle-data-sle-module-toolchain-1-2.1 References: https://bugzilla.suse.com/1013847 From sle-updates at lists.suse.com Thu Dec 22 09:09:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 17:09:44 +0100 (CET) Subject: SUSE-RU-2016:3245-1: Recommended update for lifecycle-data-sle-module-legacy Message-ID: <20161222160944.A2496F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-legacy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3245-1 Rating: low References: #1013223 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Legacy Module introduces information about the life cycle of packages provided in the module. On SUSE Linux Enterprise Server 12 SP2 systems customers can install the new "zypper-lifecycle-plugin" and run "zypper lifecycle" to check the end of support dates for each package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1889=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-legacy-1-4.1 sle-module-legacy-release-12-9.1 sle-module-legacy-release-cd-12-9.1 References: https://bugzilla.suse.com/1013223 From sle-updates at lists.suse.com Thu Dec 22 10:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 18:08:07 +0100 (CET) Subject: SUSE-OU-2016:3246-1: Optional update for libqt5-qtquickcontrols Message-ID: <20161222170807.5A894F7B7@maintenance.suse.de> SUSE Optional Update: Optional update for libqt5-qtquickcontrols ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3246-1 Rating: low References: #1013095 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the libqt5-qtquickcontrols package to SUSE Linux Enterprise Desktop 12 SP2. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1890=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1890=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libqt5-qtquickcontrols-5.6.1-9.2 libqt5-qtquickcontrols-debuginfo-5.6.1-9.2 libqt5-qtquickcontrols-debugsource-5.6.1-9.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libqt5-qtquickcontrols-5.6.1-9.2 libqt5-qtquickcontrols-debuginfo-5.6.1-9.2 libqt5-qtquickcontrols-debugsource-5.6.1-9.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libqt5-qtquickcontrols-5.6.1-9.2 libqt5-qtquickcontrols-debuginfo-5.6.1-9.2 libqt5-qtquickcontrols-debugsource-5.6.1-9.2 References: https://bugzilla.suse.com/1013095 From sle-updates at lists.suse.com Thu Dec 22 10:08:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 18:08:34 +0100 (CET) Subject: SUSE-SU-2016:3247-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20161222170834.E915EF7CB@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3247-1 Rating: important References: #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1892=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1892=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_57-default-2-2.1 kgraft-patch-3_12_60-52_57-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-2-2.1 kgraft-patch-3_12_60-52_57-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Thu Dec 22 10:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 18:09:10 +0100 (CET) Subject: SUSE-SU-2016:3248-1: important: Security update for the Linux Kernel Message-ID: <20161222170910.B8EFCF7CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3248-1 Rating: important References: #1013533 #1013604 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-kernel-12909=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-kernel-12909=1 - SUSE Manager 2.1: zypper in -t patch sleman21-kernel-12909=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-12909=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-12909=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-12909=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-12909=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.93.1 kernel-bigsmp-base-3.0.101-0.47.93.1 kernel-bigsmp-devel-3.0.101-0.47.93.1 kernel-default-3.0.101-0.47.93.1 kernel-default-base-3.0.101-0.47.93.1 kernel-default-devel-3.0.101-0.47.93.1 kernel-ec2-3.0.101-0.47.93.1 kernel-ec2-base-3.0.101-0.47.93.1 kernel-ec2-devel-3.0.101-0.47.93.1 kernel-source-3.0.101-0.47.93.1 kernel-syms-3.0.101-0.47.93.1 kernel-trace-3.0.101-0.47.93.1 kernel-trace-base-3.0.101-0.47.93.1 kernel-trace-devel-3.0.101-0.47.93.1 kernel-xen-3.0.101-0.47.93.1 kernel-xen-base-3.0.101-0.47.93.1 kernel-xen-devel-3.0.101-0.47.93.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.93.1 kernel-bigsmp-base-3.0.101-0.47.93.1 kernel-bigsmp-devel-3.0.101-0.47.93.1 kernel-default-3.0.101-0.47.93.1 kernel-default-base-3.0.101-0.47.93.1 kernel-default-devel-3.0.101-0.47.93.1 kernel-ec2-3.0.101-0.47.93.1 kernel-ec2-base-3.0.101-0.47.93.1 kernel-ec2-devel-3.0.101-0.47.93.1 kernel-source-3.0.101-0.47.93.1 kernel-syms-3.0.101-0.47.93.1 kernel-trace-3.0.101-0.47.93.1 kernel-trace-base-3.0.101-0.47.93.1 kernel-trace-devel-3.0.101-0.47.93.1 kernel-xen-3.0.101-0.47.93.1 kernel-xen-base-3.0.101-0.47.93.1 kernel-xen-devel-3.0.101-0.47.93.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.93.1 kernel-default-base-3.0.101-0.47.93.1 kernel-default-devel-3.0.101-0.47.93.1 kernel-source-3.0.101-0.47.93.1 kernel-syms-3.0.101-0.47.93.1 kernel-trace-3.0.101-0.47.93.1 kernel-trace-base-3.0.101-0.47.93.1 kernel-trace-devel-3.0.101-0.47.93.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.93.1 kernel-bigsmp-base-3.0.101-0.47.93.1 kernel-bigsmp-devel-3.0.101-0.47.93.1 kernel-ec2-3.0.101-0.47.93.1 kernel-ec2-base-3.0.101-0.47.93.1 kernel-ec2-devel-3.0.101-0.47.93.1 kernel-xen-3.0.101-0.47.93.1 kernel-xen-base-3.0.101-0.47.93.1 kernel-xen-devel-3.0.101-0.47.93.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.93.1 kernel-default-base-3.0.101-0.47.93.1 kernel-default-devel-3.0.101-0.47.93.1 kernel-source-3.0.101-0.47.93.1 kernel-syms-3.0.101-0.47.93.1 kernel-trace-3.0.101-0.47.93.1 kernel-trace-base-3.0.101-0.47.93.1 kernel-trace-devel-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.93.1 kernel-ec2-base-3.0.101-0.47.93.1 kernel-ec2-devel-3.0.101-0.47.93.1 kernel-xen-3.0.101-0.47.93.1 kernel-xen-base-3.0.101-0.47.93.1 kernel-xen-devel-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.93.1 kernel-bigsmp-base-3.0.101-0.47.93.1 kernel-bigsmp-devel-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.93.1 kernel-pae-base-3.0.101-0.47.93.1 kernel-pae-devel-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.93.1 kernel-trace-extra-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.93.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.93.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.93.1 kernel-default-base-3.0.101-0.47.93.1 kernel-default-devel-3.0.101-0.47.93.1 kernel-ec2-3.0.101-0.47.93.1 kernel-ec2-base-3.0.101-0.47.93.1 kernel-ec2-devel-3.0.101-0.47.93.1 kernel-pae-3.0.101-0.47.93.1 kernel-pae-base-3.0.101-0.47.93.1 kernel-pae-devel-3.0.101-0.47.93.1 kernel-source-3.0.101-0.47.93.1 kernel-syms-3.0.101-0.47.93.1 kernel-trace-3.0.101-0.47.93.1 kernel-trace-base-3.0.101-0.47.93.1 kernel-trace-devel-3.0.101-0.47.93.1 kernel-xen-3.0.101-0.47.93.1 kernel-xen-base-3.0.101-0.47.93.1 kernel-xen-devel-3.0.101-0.47.93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.93.1 kernel-default-debugsource-3.0.101-0.47.93.1 kernel-trace-debuginfo-3.0.101-0.47.93.1 kernel-trace-debugsource-3.0.101-0.47.93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.93.1 kernel-ec2-debugsource-3.0.101-0.47.93.1 kernel-xen-debuginfo-3.0.101-0.47.93.1 kernel-xen-debugsource-3.0.101-0.47.93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.93.1 kernel-bigsmp-debugsource-3.0.101-0.47.93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.93.1 kernel-pae-debugsource-3.0.101-0.47.93.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013604 From sle-updates at lists.suse.com Thu Dec 22 11:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 19:08:15 +0100 (CET) Subject: SUSE-SU-2016:3249-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 Message-ID: <20161222180816.00482F7B7@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3249-1 Rating: important References: #1003253 #1012183 #1012759 Cross-References: CVE-2016-7117 CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1895=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1895=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_34-default-7-2.1 kgraft-patch-3_12_51-52_34-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_34-default-7-2.1 kgraft-patch-3_12_51-52_34-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 From sle-updates at lists.suse.com Thu Dec 22 12:07:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 20:07:22 +0100 (CET) Subject: SUSE-SU-2016:3250-1: important: Security update for libgme Message-ID: <20161222190722.9DAEDF7B7@maintenance.suse.de> SUSE Security Update: Security update for libgme ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3250-1 Rating: important References: #1015941 Cross-References: CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libgme fixes the following issues: - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1898=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1898=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1898=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1898=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1898=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1898=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1898=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libgme-debugsource-0.6.0-5.1 libgme-devel-0.6.0-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgme-debugsource-0.6.0-5.1 libgme-devel-0.6.0-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libgme-debugsource-0.6.0-5.1 libgme0-0.6.0-5.1 libgme0-debuginfo-0.6.0-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libgme-debugsource-0.6.0-5.1 libgme0-0.6.0-5.1 libgme0-debuginfo-0.6.0-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgme-debugsource-0.6.0-5.1 libgme0-0.6.0-5.1 libgme0-debuginfo-0.6.0-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libgme-debugsource-0.6.0-5.1 libgme0-0.6.0-5.1 libgme0-debuginfo-0.6.0-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgme-debugsource-0.6.0-5.1 libgme0-0.6.0-5.1 libgme0-debuginfo-0.6.0-5.1 References: https://www.suse.com/security/cve/CVE-2016-9957.html https://www.suse.com/security/cve/CVE-2016-9958.html https://www.suse.com/security/cve/CVE-2016-9959.html https://www.suse.com/security/cve/CVE-2016-9960.html https://www.suse.com/security/cve/CVE-2016-9961.html https://bugzilla.suse.com/1015941 From sle-updates at lists.suse.com Thu Dec 22 12:07:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 20:07:51 +0100 (CET) Subject: SUSE-SU-2016:3251-1: moderate: Security update for gd Message-ID: <20161222190751.96554F7CB@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3251-1 Rating: moderate References: #1015187 Cross-References: CVE-2016-9933 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gd-12914=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gd-12914=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gd-12914=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-devel-2.0.36.RC1-52.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-2.0.36.RC1-52.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-debuginfo-2.0.36.RC1-52.29.1 gd-debugsource-2.0.36.RC1-52.29.1 References: https://www.suse.com/security/cve/CVE-2016-9933.html https://bugzilla.suse.com/1015187 From sle-updates at lists.suse.com Thu Dec 22 12:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 20:08:18 +0100 (CET) Subject: SUSE-SU-2016:3252-1: important: Security update for the Linux Kernel Message-ID: <20161222190818.8EA2DF7CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3252-1 Rating: important References: #1013533 #1013604 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-12915=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-12915=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.47.1 kernel-default-base-3.0.101-0.7.47.1 kernel-default-devel-3.0.101-0.7.47.1 kernel-source-3.0.101-0.7.47.1 kernel-syms-3.0.101-0.7.47.1 kernel-trace-3.0.101-0.7.47.1 kernel-trace-base-3.0.101-0.7.47.1 kernel-trace-devel-3.0.101-0.7.47.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.47.1 kernel-ec2-base-3.0.101-0.7.47.1 kernel-ec2-devel-3.0.101-0.7.47.1 kernel-xen-3.0.101-0.7.47.1 kernel-xen-base-3.0.101-0.7.47.1 kernel-xen-devel-3.0.101-0.7.47.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.47.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.47.1 kernel-pae-base-3.0.101-0.7.47.1 kernel-pae-devel-3.0.101-0.7.47.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.47.1 kernel-default-debugsource-3.0.101-0.7.47.1 kernel-default-devel-debuginfo-3.0.101-0.7.47.1 kernel-trace-debuginfo-3.0.101-0.7.47.1 kernel-trace-debugsource-3.0.101-0.7.47.1 kernel-trace-devel-debuginfo-3.0.101-0.7.47.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.47.1 kernel-ec2-debugsource-3.0.101-0.7.47.1 kernel-xen-debuginfo-3.0.101-0.7.47.1 kernel-xen-debugsource-3.0.101-0.7.47.1 kernel-xen-devel-debuginfo-3.0.101-0.7.47.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.47.1 kernel-pae-debugsource-3.0.101-0.7.47.1 kernel-pae-devel-debuginfo-3.0.101-0.7.47.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013604 From sle-updates at lists.suse.com Thu Dec 22 13:07:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 21:07:16 +0100 (CET) Subject: SUSE-OU-2016:3253-1: Optional update for SLE 12 Modules for ARM64 Message-ID: <20161222200716.0ED1DF7B7@maintenance.suse.de> SUSE Optional Update: Optional update for SLE 12 Modules for ARM64 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3253-1 Rating: low References: #1002576 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update introduces many packages that were missing in the ARM64 version of the Web and Scripting, Manager Tools and Public Cloud Modules for SUSE Linux Enterprise Server 12 SP2. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1901=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1901=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1901=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1901=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64): icinga-1.13.3-11.2 icinga-debuginfo-1.13.3-11.2 icinga-debugsource-1.13.3-11.2 icinga-devel-1.13.3-11.2 icinga-doc-1.13.3-11.2 icinga-idoutils-1.13.3-11.2 icinga-idoutils-mysql-1.13.3-11.2 icinga-idoutils-oracle-1.13.3-11.2 icinga-idoutils-pgsql-1.13.3-11.2 icinga-plugins-downtimes-1.13.3-11.2 icinga-plugins-eventhandlers-1.13.3-11.2 icinga-www-1.13.3-11.2 icinga-www-config-1.13.3-11.2 libzmq3-4.0.4-9.1 libzmq3-debuginfo-4.0.4-9.1 monitoring-tools-1.13.3-11.2 python-MarkupSafe-0.18-10.1 python-MarkupSafe-debuginfo-0.18-10.1 python-MarkupSafe-debugsource-0.18-10.1 python-PyYAML-3.10-20.1 python-PyYAML-debuginfo-3.10-20.1 python-PyYAML-debugsource-3.10-20.1 python-gudev-147.2-6.1 python-gudev-debuginfo-147.2-6.1 python-gudev-debugsource-147.2-6.1 python-msgpack-python-0.4.6-5.1 python-msgpack-python-debuginfo-0.4.6-5.1 python-msgpack-python-debugsource-0.4.6-5.1 python-psutil-1.2.1-12.1 python-psutil-debuginfo-1.2.1-12.1 python-psutil-debugsource-1.2.1-12.1 python-pycrypto-2.6.1-7.1 python-pyzmq-14.0.0-6.1 python-pyzmq-debuginfo-14.0.0-6.1 python-pyzmq-debugsource-14.0.0-6.1 python-tornado-4.2.1-14.1 python-tornado-debuginfo-4.2.1-14.1 python-tornado-debugsource-4.2.1-14.1 spacewalksd-5.0.19.1-17.1 spacewalksd-debuginfo-5.0.19.1-17.1 spacewalksd-debugsource-5.0.19.1-17.1 suseRegisterInfo-3.0.2-21.1 zeromq-debugsource-4.0.4-9.1 zypp-plugin-spacewalk-0.9.14-29.1 - SUSE Manager Tools 12 (noarch): hwdata-0.282-6.1 python-Jinja2-2.7.3-19.3.1 python-backports.ssl_match_hostname-3.4.0.2-18.1 python-futures-3.0.2-12.1 python-hwdata-2.1.0.5-8.1 python-requests-2.8.1-6.14.1 rhn-custom-info-5.4.28.1-11.3 rhn-virtualization-common-5.4.55.2-14.1 rhn-virtualization-host-5.4.55.2-14.1 rhncfg-5.10.88.2-20.1 rhncfg-actions-5.10.88.2-20.1 rhncfg-client-5.10.88.2-20.1 rhncfg-management-5.10.88.2-20.1 rhnmd-5.3.18.4-8.1 rhnpush-5.5.91.2-14.1 spacewalk-koan-2.5.0.2-17.2 spacewalk-oscap-2.5.1.1-15.1 spacewalk-remote-utils-2.5.1.1-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64): libzmq3-4.0.4-9.1 libzmq3-debuginfo-4.0.4-9.1 python-pyzmq-14.0.0-6.1 python-pyzmq-debuginfo-14.0.0-6.1 python-pyzmq-debugsource-14.0.0-6.1 python-pyzmq-devel-14.0.0-6.1 zeromq-debugsource-4.0.4-9.1 zeromq-devel-4.0.4-9.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64): php5-APCu-4.0.10-8.1 php5-APCu-debuginfo-4.0.10-8.1 php5-APCu-debugsource-4.0.10-8.1 python-pycrypto-2.6.1-7.1 python-zope.interface-4.0.5-8.1 python-zope.interface-debuginfo-4.0.5-8.1 python-zope.interface-debugsource-4.0.5-8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): python-pyserial-2.7-5.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64): python-MarkupSafe-0.18-10.1 python-PyYAML-3.10-20.1 python-PyYAML-debuginfo-3.10-20.1 python-PyYAML-debugsource-3.10-20.1 python-psutil-1.2.1-12.1 python-psutil-debuginfo-1.2.1-12.1 python-psutil-debugsource-1.2.1-12.1 python-pycrypto-2.6.1-7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.7.3-19.3.1 python-backports.ssl_match_hostname-3.4.0.2-18.1 python-futures-3.0.2-12.1 python-pyserial-2.7-5.1 python-requests-2.8.1-6.14.1 References: https://bugzilla.suse.com/1002576 From sle-updates at lists.suse.com Thu Dec 22 14:07:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 22:07:36 +0100 (CET) Subject: SUSE-RU-2016:3254-1: moderate: Recommended update for aws-cli, python-boto3, python-botocore Message-ID: <20161222210736.133FCF7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3254-1 Rating: moderate References: #1015776 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-cli, python-boto3, python-botocore provides many fixes and enhancements. For a comprehensive list of changes please refer to the packages' change log. aws-cli (update to version 1.11.29): - cloudfront: Add lambda function associations to cache behaviors. - rds: Add cluster create data to DBCluster APIs. - opsworks: Fix an issue with opsworks register --local and python3. - waf-regional: Customers can use AWS WAF directly on Application Load Balancers in a VPC within available regions to protect their web sites and services from malicious attacks such as SQL injection, Cross Site Scripting, bad bots, etc. - opsworks-cm: Rename opsworkscm to opsworks-cm, keeping support for opsworkscm. - alias: Add ability to alias commands in the CLI. - --generate-cli-skeleton output: Add support for generating sample output for command. - cloudformation deploy: Add command to simplify deployments of cloudformation stack changes. - cloudformation package: Add command to package source code for cloudfromation template. - cloudtrail: Use STS instead of IAM in CreateSubscription. - --region: Add support for us-east-2. - s3: Display transfer speed for s3 commands. - s3: Port mv to s3transfer. - s3: Fix regression where "sync --delete" would not delete local files. - s3: Integrate sync command with s3transfer. - s3: Output progress even when discovering new files to transfer. - s3: Refactor rb into its own command. In addition, validate that no key is supplied regardless of whether or not the force argument is supplied. - s3: Fix regression when downloading empty files. - s3: Port cp and rm to s3transfer. Improve progress for those commands, showing byte progress. - pagination: Fix validation error when providing --no-paginate with normalized paging argument. - route53domains: Rename --end to --end-time to fix a bug relating to argparse prefix expansion. Alias --start to --start-time to maintain a consistent interface while keeping the old parameter. python-botocore (update to version 1.4.86): - cloudfront: Add lambda function associations to cache behaviors. - rds: Add cluster create data to DBCluster APIs. - waf-regional: Customers can use AWS WAF directly on Application Load Balancers in a VPC within available regions to protect their web sites and services from malicious attacks such as SQL injection, Cross Site Scripting, bad bots, etc. - health: Add paginators for Health. - Exceptions: Allow parsing of json error responses with non-json bodies. - opsworks-cm: Added waiter for Opsworks CM. - parameter: Automatically inject an idempotency token into parameters marked with the idempotencyToken trait. - s3: Fix presigned s3v4 URL bug related to blank query parameters being filtered incorrectly. - Presigner: Support presigning rest-json services. - Loader: Support loading json extra files. - Paginator: Add paginators for AWS WAF. - Parsers: ResponseMetadata will now always be populated, provided the response was able to be parsed into a dict. - Stub: Made ANY usable for nested parameters. python-boto3 (update to version 1.4.2) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1903=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.11.29-19.1 python-boto3-1.4.2-11.1 python-botocore-1.4.86-25.1 python-jmespath-0.7.1-9.1 References: https://bugzilla.suse.com/1015776 From sle-updates at lists.suse.com Thu Dec 22 14:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2016 22:08:01 +0100 (CET) Subject: SUSE-RU-2016:3255-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20161222210801.3849AF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3255-1 Rating: moderate References: #1014682 #981689 #986294 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides the following fixes: - Create the missing cache directory if it does not exist. (bsc#1014682) - Support region portability during registration. (bsc#986294) - Enable Nvidia repository only on instances that have Nvidia "hardware". - Enable the public cloud repository module repository after registration. (bsc#981689) - Add option "metadata_server" to indicate that the SMT server data is supposed to be pulled from a metadata server rather than a region server. Intended to aid integration of the update infrastructure into SUSE OpenStack Cloud. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-regionsrv-client-12916=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): cloud-regionsrv-client-7.0.1-21.1 References: https://bugzilla.suse.com/1014682 https://bugzilla.suse.com/981689 https://bugzilla.suse.com/986294 From sle-updates at lists.suse.com Fri Dec 23 08:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 16:07:50 +0100 (CET) Subject: SUSE-SU-2016:3256-1: moderate: Security update for ImageMagick Message-ID: <20161223150750.50590F7B7@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3256-1 Rating: moderate References: #1009318 #1011130 #1011136 #1013376 #1014159 Cross-References: CVE-2016-7530 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: * CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] * CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376] * CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12917=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12917=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12917=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.60.1 ImageMagick-devel-6.4.3.6-7.60.1 libMagick++-devel-6.4.3.6-7.60.1 libMagick++1-6.4.3.6-7.60.1 libMagickWand1-6.4.3.6-7.60.1 perl-PerlMagick-6.4.3.6-7.60.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.60.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.60.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.60.1 ImageMagick-debugsource-6.4.3.6-7.60.1 References: https://www.suse.com/security/cve/CVE-2016-7530.html https://www.suse.com/security/cve/CVE-2016-8707.html https://www.suse.com/security/cve/CVE-2016-8866.html https://www.suse.com/security/cve/CVE-2016-9556.html https://www.suse.com/security/cve/CVE-2016-9559.html https://www.suse.com/security/cve/CVE-2016-9773.html https://bugzilla.suse.com/1009318 https://bugzilla.suse.com/1011130 https://bugzilla.suse.com/1011136 https://bugzilla.suse.com/1013376 https://bugzilla.suse.com/1014159 From sle-updates at lists.suse.com Fri Dec 23 08:09:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 16:09:03 +0100 (CET) Subject: SUSE-SU-2016:3257-1: important: Security update for dnsmasq Message-ID: <20161223150903.01BD2F7CB@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3257-1 Rating: important References: #983273 Cross-References: CVE-2015-8899 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-1906=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): dnsmasq-debuginfo-2.71-6.3.1 dnsmasq-debugsource-2.71-6.3.1 dnsmasq-utils-2.71-6.3.1 dnsmasq-utils-debuginfo-2.71-6.3.1 References: https://www.suse.com/security/cve/CVE-2015-8899.html https://bugzilla.suse.com/983273 From sle-updates at lists.suse.com Fri Dec 23 08:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 16:09:33 +0100 (CET) Subject: SUSE-SU-2016:3258-1: important: Security update for ImageMagick Message-ID: <20161223150933.EC2C8F7CB@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3258-1 Rating: important References: #1009318 #1011130 #1011136 #1013376 #1014159 Cross-References: CVE-2014-9848 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1905=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1905=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1905=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1905=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1905=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1905=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1905=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1905=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1905=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-54.1 ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagick++-6_Q16-3-6.8.8.1-54.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-54.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-54.1 ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagick++-6_Q16-3-6.8.8.1-54.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-54.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-54.1 ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 ImageMagick-devel-6.8.8.1-54.1 libMagick++-6_Q16-3-6.8.8.1-54.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1 libMagick++-devel-6.8.8.1-54.1 perl-PerlMagick-6.8.8.1-54.1 perl-PerlMagick-debuginfo-6.8.8.1-54.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-54.1 ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 ImageMagick-devel-6.8.8.1-54.1 libMagick++-6_Q16-3-6.8.8.1-54.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1 libMagick++-devel-6.8.8.1-54.1 perl-PerlMagick-6.8.8.1-54.1 perl-PerlMagick-debuginfo-6.8.8.1-54.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagickCore-6_Q16-1-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1 libMagickWand-6_Q16-1-6.8.8.1-54.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagickCore-6_Q16-1-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1 libMagickWand-6_Q16-1-6.8.8.1-54.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagickCore-6_Q16-1-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1 libMagickWand-6_Q16-1-6.8.8.1-54.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-54.1 ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagick++-6_Q16-3-6.8.8.1-54.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-54.1 libMagickCore-6_Q16-1-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1 libMagickWand-6_Q16-1-6.8.8.1-54.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-54.1 ImageMagick-debuginfo-6.8.8.1-54.1 ImageMagick-debugsource-6.8.8.1-54.1 libMagick++-6_Q16-3-6.8.8.1-54.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-54.1 libMagickCore-6_Q16-1-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-54.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1 libMagickWand-6_Q16-1-6.8.8.1-54.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1 References: https://www.suse.com/security/cve/CVE-2014-9848.html https://www.suse.com/security/cve/CVE-2016-8707.html https://www.suse.com/security/cve/CVE-2016-8866.html https://www.suse.com/security/cve/CVE-2016-9556.html https://www.suse.com/security/cve/CVE-2016-9559.html https://www.suse.com/security/cve/CVE-2016-9773.html https://bugzilla.suse.com/1009318 https://bugzilla.suse.com/1011130 https://bugzilla.suse.com/1011136 https://bugzilla.suse.com/1013376 https://bugzilla.suse.com/1014159 From sle-updates at lists.suse.com Fri Dec 23 09:08:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 17:08:59 +0100 (CET) Subject: SUSE-RU-2016:3264-1: Recommended update for release-notes-sles Message-ID: <20161223160859.461ADF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3264-1 Rating: low References: #1009081 #1009493 #1012794 #1013623 #1015550 #995577 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP2 have been updated to document: - Paravirtualization Layer for Spinlocks. (fate#318015) - Port Name for Open Systems Adapter (OSA) Is No Longer Needed. (fate#320112) - PHP 7 Packages Have Been Added to the Web and Scripting Module. (fate#320127) - Mutt Has Been Updated to 1.6.0. (fate#320751) - ACPI Power Meter Driver Is Disabled by Default. (fate#320874) - Changes in Behavior Between coreutils 8.22 and 8.25. (fate#319365) - NVDIMM Support. (fate#319792, bsc#1012794) - Server Component of Puppet Is Deprecated. (fate#321117) - Improved Bridge Handling in YaST. (fate#322007) - Installer Crashes When Set to Mount by Label by Default. (bsc#1009493, fate#322147) - Live Patching is not a product but an extension. (bsc#995577) - Installing From DVD/USB Drive of the HMC. (bsc#1009081, fate#318899) - Release of Virtual Machine Driver Pack 2.4. (fate#320535) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1907=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): release-notes-sles-12.2.20161221-5.5.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): release-notes-sles-12.2.20161221-5.5.1 References: https://bugzilla.suse.com/1009081 https://bugzilla.suse.com/1009493 https://bugzilla.suse.com/1012794 https://bugzilla.suse.com/1013623 https://bugzilla.suse.com/1015550 https://bugzilla.suse.com/995577 From sle-updates at lists.suse.com Fri Dec 23 10:08:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 18:08:37 +0100 (CET) Subject: SUSE-RU-2016:3265-1: Recommended update for pciutils Message-ID: <20161223170837.534C1F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3265-1 Rating: low References: #1006827 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils provides the following fixes: - Enable proper support for 32-bit PCI domain numbers. (bsc#1006827) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1908=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1908=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1908=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1908=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1908=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1908=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1908=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 pciutils-devel-3.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 pciutils-devel-3.2.1-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpci3-3.2.1-10.1 libpci3-debuginfo-3.2.1-10.1 pciutils-3.2.1-10.1 pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpci3-3.2.1-10.1 libpci3-debuginfo-3.2.1-10.1 pciutils-3.2.1-10.1 pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpci3-32bit-3.2.1-10.1 libpci3-debuginfo-32bit-3.2.1-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpci3-3.2.1-10.1 libpci3-debuginfo-3.2.1-10.1 pciutils-3.2.1-10.1 pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpci3-32bit-3.2.1-10.1 libpci3-debuginfo-32bit-3.2.1-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpci3-3.2.1-10.1 libpci3-32bit-3.2.1-10.1 libpci3-debuginfo-3.2.1-10.1 libpci3-debuginfo-32bit-3.2.1-10.1 pciutils-3.2.1-10.1 pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpci3-3.2.1-10.1 libpci3-32bit-3.2.1-10.1 libpci3-debuginfo-3.2.1-10.1 libpci3-debuginfo-32bit-3.2.1-10.1 pciutils-3.2.1-10.1 pciutils-debuginfo-3.2.1-10.1 pciutils-debugsource-3.2.1-10.1 References: https://bugzilla.suse.com/1006827 From sle-updates at lists.suse.com Fri Dec 23 11:07:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 19:07:32 +0100 (CET) Subject: SUSE-OU-2016:3266-1: Optional update for libesmtp5-openssl1 Message-ID: <20161223180732.A6A3FF7B7@maintenance.suse.de> SUSE Optional Update: Optional update for libesmtp5-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3266-1 Rating: low References: #1005909 #1012814 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update for libesmtp provides a libesmtp library that offers TLS 1.2 support. The additional library lives in the new libesmtp5-openssl1 package and is in /opt/suse/lib64/. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-libesmtp-12918=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-libesmtp-12918=1 - SUSE Manager 2.1: zypper in -t patch sleman21-libesmtp-12918=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libesmtp-12918=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libesmtp-12918=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libesmtp-12918=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-libesmtp-12918=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libesmtp-12918=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libesmtp-12918=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libesmtp-12918=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libesmtp-1.0.4-157.17.2 - SUSE Manager Proxy 2.1 (x86_64): libesmtp-1.0.4-157.17.2 - SUSE Manager 2.1 (s390x x86_64): libesmtp-1.0.4-157.17.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libesmtp-devel-1.0.4-157.17.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libesmtp-1.0.4-157.17.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libesmtp-1.0.4-157.17.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libesmtp-1.0.4-157.17.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libesmtp5-openssl1-1.0.4-157.17.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libesmtp-1.0.4-157.17.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libesmtp-debuginfo-1.0.4-157.17.2 libesmtp-debugsource-1.0.4-157.17.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libesmtp-debuginfo-1.0.4-157.17.2 libesmtp-debugsource-1.0.4-157.17.2 References: https://bugzilla.suse.com/1005909 https://bugzilla.suse.com/1012814 From sle-updates at lists.suse.com Fri Dec 23 12:07:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 20:07:15 +0100 (CET) Subject: SUSE-OU-2016:3267-1: Optional update for jq Message-ID: <20161223190715.79244F7B7@maintenance.suse.de> SUSE Optional Update: Optional update for jq ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:3267-1 Rating: low References: #1013564 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds jq, a lightweight and flexible command-line JSON processor, to SUSE Enterprise Storage 4. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2016-1910=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): jq-1.5-2.1 jq-debuginfo-1.5-2.1 jq-debugsource-1.5-2.1 libjq1-1.5-2.1 libjq1-debuginfo-1.5-2.1 References: https://bugzilla.suse.com/1013564 From sle-updates at lists.suse.com Fri Dec 23 13:07:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 21:07:18 +0100 (CET) Subject: SUSE-SU-2016:3268-1: moderate: Security update for wget Message-ID: <20161223200718.11ED4F7B7@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3268-1 Rating: moderate References: #1005091 #1012677 #995964 Cross-References: CVE-2016-7098 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for wget fixes the following issues: Security issues fixed: - CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Non security issues fixed: - bsc#1005091: Don't call xfree() on string returned by usr_error() - bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1911=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1911=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1911=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1911=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1911=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): wget-1.14-17.1 wget-debuginfo-1.14-17.1 wget-debugsource-1.14-17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): wget-1.14-17.1 wget-debuginfo-1.14-17.1 wget-debugsource-1.14-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wget-1.14-17.1 wget-debuginfo-1.14-17.1 wget-debugsource-1.14-17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): wget-1.14-17.1 wget-debuginfo-1.14-17.1 wget-debugsource-1.14-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wget-1.14-17.1 wget-debuginfo-1.14-17.1 wget-debugsource-1.14-17.1 References: https://www.suse.com/security/cve/CVE-2016-7098.html https://bugzilla.suse.com/1005091 https://bugzilla.suse.com/1012677 https://bugzilla.suse.com/995964 From sle-updates at lists.suse.com Fri Dec 23 13:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2016 21:08:07 +0100 (CET) Subject: SUSE-SU-2016:3269-1: important: Security update for dnsmasq Message-ID: <20161223200807.A4520F7CB@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3269-1 Rating: important References: #983273 Cross-References: CVE-2015-8899 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1912=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1912=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1912=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1912=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1912=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1912=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): dnsmasq-debuginfo-2.71-13.1 dnsmasq-debugsource-2.71-13.1 dnsmasq-utils-2.71-13.1 dnsmasq-utils-debuginfo-2.71-13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dnsmasq-2.71-13.1 dnsmasq-debuginfo-2.71-13.1 dnsmasq-debugsource-2.71-13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dnsmasq-2.71-13.1 dnsmasq-debuginfo-2.71-13.1 dnsmasq-debugsource-2.71-13.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dnsmasq-2.71-13.1 dnsmasq-debuginfo-2.71-13.1 dnsmasq-debugsource-2.71-13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dnsmasq-2.71-13.1 dnsmasq-debuginfo-2.71-13.1 dnsmasq-debugsource-2.71-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dnsmasq-2.71-13.1 dnsmasq-debuginfo-2.71-13.1 dnsmasq-debugsource-2.71-13.1 References: https://www.suse.com/security/cve/CVE-2015-8899.html https://bugzilla.suse.com/983273 From sle-updates at lists.suse.com Tue Dec 27 07:07:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2016 15:07:08 +0100 (CET) Subject: SUSE-SU-2016:3270-1: important: Security update for openjpeg2 Message-ID: <20161227140708.16203F7B7@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3270-1 Rating: important References: #1002414 #1007739 #1007740 #1007741 #1007742 #1007743 #1007744 #1007747 #1014543 #1014975 #999817 Cross-References: CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1914=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1914=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1914=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopenjp2-7-2.1.0-3.1 libopenjp2-7-debuginfo-2.1.0-3.1 openjpeg2-debuginfo-2.1.0-3.1 openjpeg2-debugsource-2.1.0-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libopenjp2-7-2.1.0-3.1 libopenjp2-7-debuginfo-2.1.0-3.1 openjpeg2-debuginfo-2.1.0-3.1 openjpeg2-debugsource-2.1.0-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopenjp2-7-2.1.0-3.1 libopenjp2-7-debuginfo-2.1.0-3.1 openjpeg2-debuginfo-2.1.0-3.1 openjpeg2-debugsource-2.1.0-3.1 References: https://www.suse.com/security/cve/CVE-2016-7445.html https://www.suse.com/security/cve/CVE-2016-8332.html https://www.suse.com/security/cve/CVE-2016-9112.html https://www.suse.com/security/cve/CVE-2016-9113.html https://www.suse.com/security/cve/CVE-2016-9114.html https://www.suse.com/security/cve/CVE-2016-9115.html https://www.suse.com/security/cve/CVE-2016-9116.html https://www.suse.com/security/cve/CVE-2016-9117.html https://www.suse.com/security/cve/CVE-2016-9118.html https://www.suse.com/security/cve/CVE-2016-9572.html https://www.suse.com/security/cve/CVE-2016-9573.html https://www.suse.com/security/cve/CVE-2016-9580.html https://www.suse.com/security/cve/CVE-2016-9581.html https://bugzilla.suse.com/1002414 https://bugzilla.suse.com/1007739 https://bugzilla.suse.com/1007740 https://bugzilla.suse.com/1007741 https://bugzilla.suse.com/1007742 https://bugzilla.suse.com/1007743 https://bugzilla.suse.com/1007744 https://bugzilla.suse.com/1007747 https://bugzilla.suse.com/1014543 https://bugzilla.suse.com/1014975 https://bugzilla.suse.com/999817 From sle-updates at lists.suse.com Tue Dec 27 09:07:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2016 17:07:33 +0100 (CET) Subject: SUSE-SU-2016:3271-1: moderate: Security update for samba Message-ID: <20161227160733.46BD8FF0F@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3271-1 Rating: moderate References: #1009085 #1014437 #1014441 #1014442 Cross-References: CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). This component is not built into our packages, so we are not affected. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1916=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1916=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1916=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1916=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1916=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.4.2-31.1 libwbclient-devel-4.4.2-31.1 samba-debuginfo-4.4.2-31.1 samba-debugsource-4.4.2-31.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-binding0-4.4.2-31.1 libdcerpc-binding0-debuginfo-4.4.2-31.1 libdcerpc0-4.4.2-31.1 libdcerpc0-debuginfo-4.4.2-31.1 libndr-krb5pac0-4.4.2-31.1 libndr-krb5pac0-debuginfo-4.4.2-31.1 libndr-nbt0-4.4.2-31.1 libndr-nbt0-debuginfo-4.4.2-31.1 libndr-standard0-4.4.2-31.1 libndr-standard0-debuginfo-4.4.2-31.1 libndr0-4.4.2-31.1 libndr0-debuginfo-4.4.2-31.1 libnetapi0-4.4.2-31.1 libnetapi0-debuginfo-4.4.2-31.1 libsamba-credentials0-4.4.2-31.1 libsamba-credentials0-debuginfo-4.4.2-31.1 libsamba-errors0-4.4.2-31.1 libsamba-errors0-debuginfo-4.4.2-31.1 libsamba-hostconfig0-4.4.2-31.1 libsamba-hostconfig0-debuginfo-4.4.2-31.1 libsamba-passdb0-4.4.2-31.1 libsamba-passdb0-debuginfo-4.4.2-31.1 libsamba-util0-4.4.2-31.1 libsamba-util0-debuginfo-4.4.2-31.1 libsamdb0-4.4.2-31.1 libsamdb0-debuginfo-4.4.2-31.1 libsmbclient0-4.4.2-31.1 libsmbclient0-debuginfo-4.4.2-31.1 libsmbconf0-4.4.2-31.1 libsmbconf0-debuginfo-4.4.2-31.1 libsmbldap0-4.4.2-31.1 libsmbldap0-debuginfo-4.4.2-31.1 libtevent-util0-4.4.2-31.1 libtevent-util0-debuginfo-4.4.2-31.1 libwbclient0-4.4.2-31.1 libwbclient0-debuginfo-4.4.2-31.1 samba-4.4.2-31.1 samba-client-4.4.2-31.1 samba-client-debuginfo-4.4.2-31.1 samba-debuginfo-4.4.2-31.1 samba-debugsource-4.4.2-31.1 samba-libs-4.4.2-31.1 samba-libs-debuginfo-4.4.2-31.1 samba-winbind-4.4.2-31.1 samba-winbind-debuginfo-4.4.2-31.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): samba-doc-4.4.2-31.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-binding0-4.4.2-31.1 libdcerpc-binding0-debuginfo-4.4.2-31.1 libdcerpc0-4.4.2-31.1 libdcerpc0-debuginfo-4.4.2-31.1 libndr-krb5pac0-4.4.2-31.1 libndr-krb5pac0-debuginfo-4.4.2-31.1 libndr-nbt0-4.4.2-31.1 libndr-nbt0-debuginfo-4.4.2-31.1 libndr-standard0-4.4.2-31.1 libndr-standard0-debuginfo-4.4.2-31.1 libndr0-4.4.2-31.1 libndr0-debuginfo-4.4.2-31.1 libnetapi0-4.4.2-31.1 libnetapi0-debuginfo-4.4.2-31.1 libsamba-credentials0-4.4.2-31.1 libsamba-credentials0-debuginfo-4.4.2-31.1 libsamba-errors0-4.4.2-31.1 libsamba-errors0-debuginfo-4.4.2-31.1 libsamba-hostconfig0-4.4.2-31.1 libsamba-hostconfig0-debuginfo-4.4.2-31.1 libsamba-passdb0-4.4.2-31.1 libsamba-passdb0-debuginfo-4.4.2-31.1 libsamba-util0-4.4.2-31.1 libsamba-util0-debuginfo-4.4.2-31.1 libsamdb0-4.4.2-31.1 libsamdb0-debuginfo-4.4.2-31.1 libsmbclient0-4.4.2-31.1 libsmbclient0-debuginfo-4.4.2-31.1 libsmbconf0-4.4.2-31.1 libsmbconf0-debuginfo-4.4.2-31.1 libsmbldap0-4.4.2-31.1 libsmbldap0-debuginfo-4.4.2-31.1 libtevent-util0-4.4.2-31.1 libtevent-util0-debuginfo-4.4.2-31.1 libwbclient0-4.4.2-31.1 libwbclient0-debuginfo-4.4.2-31.1 samba-4.4.2-31.1 samba-client-4.4.2-31.1 samba-client-debuginfo-4.4.2-31.1 samba-debuginfo-4.4.2-31.1 samba-debugsource-4.4.2-31.1 samba-libs-4.4.2-31.1 samba-libs-debuginfo-4.4.2-31.1 samba-winbind-4.4.2-31.1 samba-winbind-debuginfo-4.4.2-31.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): samba-doc-4.4.2-31.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-31.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-31.1 libdcerpc0-32bit-4.4.2-31.1 libdcerpc0-debuginfo-32bit-4.4.2-31.1 libndr-krb5pac0-32bit-4.4.2-31.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-31.1 libndr-nbt0-32bit-4.4.2-31.1 libndr-nbt0-debuginfo-32bit-4.4.2-31.1 libndr-standard0-32bit-4.4.2-31.1 libndr-standard0-debuginfo-32bit-4.4.2-31.1 libndr0-32bit-4.4.2-31.1 libndr0-debuginfo-32bit-4.4.2-31.1 libnetapi0-32bit-4.4.2-31.1 libnetapi0-debuginfo-32bit-4.4.2-31.1 libsamba-credentials0-32bit-4.4.2-31.1 libsamba-credentials0-debuginfo-32bit-4.4.2-31.1 libsamba-errors0-32bit-4.4.2-31.1 libsamba-errors0-debuginfo-32bit-4.4.2-31.1 libsamba-hostconfig0-32bit-4.4.2-31.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-31.1 libsamba-passdb0-32bit-4.4.2-31.1 libsamba-passdb0-debuginfo-32bit-4.4.2-31.1 libsamba-util0-32bit-4.4.2-31.1 libsamba-util0-debuginfo-32bit-4.4.2-31.1 libsamdb0-32bit-4.4.2-31.1 libsamdb0-debuginfo-32bit-4.4.2-31.1 libsmbclient0-32bit-4.4.2-31.1 libsmbclient0-debuginfo-32bit-4.4.2-31.1 libsmbconf0-32bit-4.4.2-31.1 libsmbconf0-debuginfo-32bit-4.4.2-31.1 libsmbldap0-32bit-4.4.2-31.1 libsmbldap0-debuginfo-32bit-4.4.2-31.1 libtevent-util0-32bit-4.4.2-31.1 libtevent-util0-debuginfo-32bit-4.4.2-31.1 libwbclient0-32bit-4.4.2-31.1 libwbclient0-debuginfo-32bit-4.4.2-31.1 samba-client-32bit-4.4.2-31.1 samba-client-debuginfo-32bit-4.4.2-31.1 samba-libs-32bit-4.4.2-31.1 samba-libs-debuginfo-32bit-4.4.2-31.1 samba-winbind-32bit-4.4.2-31.1 samba-winbind-debuginfo-32bit-4.4.2-31.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-31.1 ctdb-debuginfo-4.4.2-31.1 samba-debuginfo-4.4.2-31.1 samba-debugsource-4.4.2-31.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): samba-doc-4.4.2-31.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-31.1 libdcerpc-binding0-4.4.2-31.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-31.1 libdcerpc-binding0-debuginfo-4.4.2-31.1 libdcerpc0-32bit-4.4.2-31.1 libdcerpc0-4.4.2-31.1 libdcerpc0-debuginfo-32bit-4.4.2-31.1 libdcerpc0-debuginfo-4.4.2-31.1 libndr-krb5pac0-32bit-4.4.2-31.1 libndr-krb5pac0-4.4.2-31.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-31.1 libndr-krb5pac0-debuginfo-4.4.2-31.1 libndr-nbt0-32bit-4.4.2-31.1 libndr-nbt0-4.4.2-31.1 libndr-nbt0-debuginfo-32bit-4.4.2-31.1 libndr-nbt0-debuginfo-4.4.2-31.1 libndr-standard0-32bit-4.4.2-31.1 libndr-standard0-4.4.2-31.1 libndr-standard0-debuginfo-32bit-4.4.2-31.1 libndr-standard0-debuginfo-4.4.2-31.1 libndr0-32bit-4.4.2-31.1 libndr0-4.4.2-31.1 libndr0-debuginfo-32bit-4.4.2-31.1 libndr0-debuginfo-4.4.2-31.1 libnetapi0-32bit-4.4.2-31.1 libnetapi0-4.4.2-31.1 libnetapi0-debuginfo-32bit-4.4.2-31.1 libnetapi0-debuginfo-4.4.2-31.1 libsamba-credentials0-32bit-4.4.2-31.1 libsamba-credentials0-4.4.2-31.1 libsamba-credentials0-debuginfo-32bit-4.4.2-31.1 libsamba-credentials0-debuginfo-4.4.2-31.1 libsamba-errors0-32bit-4.4.2-31.1 libsamba-errors0-4.4.2-31.1 libsamba-errors0-debuginfo-32bit-4.4.2-31.1 libsamba-errors0-debuginfo-4.4.2-31.1 libsamba-hostconfig0-32bit-4.4.2-31.1 libsamba-hostconfig0-4.4.2-31.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-31.1 libsamba-hostconfig0-debuginfo-4.4.2-31.1 libsamba-passdb0-32bit-4.4.2-31.1 libsamba-passdb0-4.4.2-31.1 libsamba-passdb0-debuginfo-32bit-4.4.2-31.1 libsamba-passdb0-debuginfo-4.4.2-31.1 libsamba-util0-32bit-4.4.2-31.1 libsamba-util0-4.4.2-31.1 libsamba-util0-debuginfo-32bit-4.4.2-31.1 libsamba-util0-debuginfo-4.4.2-31.1 libsamdb0-32bit-4.4.2-31.1 libsamdb0-4.4.2-31.1 libsamdb0-debuginfo-32bit-4.4.2-31.1 libsamdb0-debuginfo-4.4.2-31.1 libsmbclient0-32bit-4.4.2-31.1 libsmbclient0-4.4.2-31.1 libsmbclient0-debuginfo-32bit-4.4.2-31.1 libsmbclient0-debuginfo-4.4.2-31.1 libsmbconf0-32bit-4.4.2-31.1 libsmbconf0-4.4.2-31.1 libsmbconf0-debuginfo-32bit-4.4.2-31.1 libsmbconf0-debuginfo-4.4.2-31.1 libsmbldap0-32bit-4.4.2-31.1 libsmbldap0-4.4.2-31.1 libsmbldap0-debuginfo-32bit-4.4.2-31.1 libsmbldap0-debuginfo-4.4.2-31.1 libtevent-util0-32bit-4.4.2-31.1 libtevent-util0-4.4.2-31.1 libtevent-util0-debuginfo-32bit-4.4.2-31.1 libtevent-util0-debuginfo-4.4.2-31.1 libwbclient0-32bit-4.4.2-31.1 libwbclient0-4.4.2-31.1 libwbclient0-debuginfo-32bit-4.4.2-31.1 libwbclient0-debuginfo-4.4.2-31.1 samba-4.4.2-31.1 samba-client-32bit-4.4.2-31.1 samba-client-4.4.2-31.1 samba-client-debuginfo-32bit-4.4.2-31.1 samba-client-debuginfo-4.4.2-31.1 samba-debuginfo-4.4.2-31.1 samba-debugsource-4.4.2-31.1 samba-libs-32bit-4.4.2-31.1 samba-libs-4.4.2-31.1 samba-libs-debuginfo-32bit-4.4.2-31.1 samba-libs-debuginfo-4.4.2-31.1 samba-winbind-32bit-4.4.2-31.1 samba-winbind-4.4.2-31.1 samba-winbind-debuginfo-32bit-4.4.2-31.1 samba-winbind-debuginfo-4.4.2-31.1 References: https://www.suse.com/security/cve/CVE-2016-2123.html https://www.suse.com/security/cve/CVE-2016-2125.html https://www.suse.com/security/cve/CVE-2016-2126.html https://bugzilla.suse.com/1009085 https://bugzilla.suse.com/1014437 https://bugzilla.suse.com/1014441 https://bugzilla.suse.com/1014442 From sle-updates at lists.suse.com Tue Dec 27 09:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2016 17:08:42 +0100 (CET) Subject: SUSE-SU-2016:3272-1: moderate: Security update for samba Message-ID: <20161227160842.EFB7CF7CB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3272-1 Rating: moderate References: #1001203 #1009085 #1014437 #1014441 #1014442 #975299 #986675 #991564 #994500 #997833 Cross-References: CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). The component affected is not built in our packages. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) - Add doc changes for net ads --no-dns-updates switch; (bsc#991564) - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user at domain.com format fails (bsc#997833). - Fix illegal memory access after memory has been deleted (bsc#975299). - Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500). - Various fixes for spnego/ntlm (bsc#986675). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1917=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1917=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1917=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1917=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1917=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1917=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1917=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1917=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): samba-test-devel-4.2.4-28.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-28.3.1 ctdb-devel-4.2.4-28.3.1 libdcerpc-atsvc-devel-4.2.4-28.3.1 libdcerpc-atsvc0-4.2.4-28.3.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.3.1 libdcerpc-devel-4.2.4-28.3.1 libdcerpc-samr-devel-4.2.4-28.3.1 libdcerpc-samr0-4.2.4-28.3.1 libdcerpc-samr0-debuginfo-4.2.4-28.3.1 libgensec-devel-4.2.4-28.3.1 libndr-devel-4.2.4-28.3.1 libndr-krb5pac-devel-4.2.4-28.3.1 libndr-nbt-devel-4.2.4-28.3.1 libndr-standard-devel-4.2.4-28.3.1 libnetapi-devel-4.2.4-28.3.1 libregistry-devel-4.2.4-28.3.1 libsamba-credentials-devel-4.2.4-28.3.1 libsamba-hostconfig-devel-4.2.4-28.3.1 libsamba-passdb-devel-4.2.4-28.3.1 libsamba-policy-devel-4.2.4-28.3.1 libsamba-policy0-4.2.4-28.3.1 libsamba-policy0-debuginfo-4.2.4-28.3.1 libsamba-util-devel-4.2.4-28.3.1 libsamdb-devel-4.2.4-28.3.1 libsmbclient-devel-4.2.4-28.3.1 libsmbclient-raw-devel-4.2.4-28.3.1 libsmbconf-devel-4.2.4-28.3.1 libsmbldap-devel-4.2.4-28.3.1 libtevent-util-devel-4.2.4-28.3.1 libwbclient-devel-4.2.4-28.3.1 samba-core-devel-4.2.4-28.3.1 samba-debuginfo-4.2.4-28.3.1 samba-debugsource-4.2.4-28.3.1 samba-test-devel-4.2.4-28.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-atsvc0-4.2.4-28.3.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.3.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-28.3.1 libdcerpc-binding0-debuginfo-4.2.4-28.3.1 libdcerpc0-4.2.4-28.3.1 libdcerpc0-debuginfo-4.2.4-28.3.1 libgensec0-4.2.4-28.3.1 libgensec0-debuginfo-4.2.4-28.3.1 libndr-krb5pac0-4.2.4-28.3.1 libndr-krb5pac0-debuginfo-4.2.4-28.3.1 libndr-nbt0-4.2.4-28.3.1 libndr-nbt0-debuginfo-4.2.4-28.3.1 libndr-standard0-4.2.4-28.3.1 libndr-standard0-debuginfo-4.2.4-28.3.1 libndr0-4.2.4-28.3.1 libndr0-debuginfo-4.2.4-28.3.1 libnetapi0-4.2.4-28.3.1 libnetapi0-debuginfo-4.2.4-28.3.1 libregistry0-4.2.4-28.3.1 libregistry0-debuginfo-4.2.4-28.3.1 libsamba-credentials0-4.2.4-28.3.1 libsamba-credentials0-debuginfo-4.2.4-28.3.1 libsamba-hostconfig0-4.2.4-28.3.1 libsamba-hostconfig0-debuginfo-4.2.4-28.3.1 libsamba-passdb0-4.2.4-28.3.1 libsamba-passdb0-debuginfo-4.2.4-28.3.1 libsamba-util0-4.2.4-28.3.1 libsamba-util0-debuginfo-4.2.4-28.3.1 libsamdb0-4.2.4-28.3.1 libsamdb0-debuginfo-4.2.4-28.3.1 libsmbclient-raw0-4.2.4-28.3.1 libsmbclient-raw0-debuginfo-4.2.4-28.3.1 libsmbclient0-4.2.4-28.3.1 libsmbclient0-debuginfo-4.2.4-28.3.1 libsmbconf0-4.2.4-28.3.1 libsmbconf0-debuginfo-4.2.4-28.3.1 libsmbldap0-4.2.4-28.3.1 libsmbldap0-debuginfo-4.2.4-28.3.1 libtevent-util0-4.2.4-28.3.1 libtevent-util0-debuginfo-4.2.4-28.3.1 libwbclient0-4.2.4-28.3.1 libwbclient0-debuginfo-4.2.4-28.3.1 samba-4.2.4-28.3.1 samba-client-4.2.4-28.3.1 samba-client-debuginfo-4.2.4-28.3.1 samba-debuginfo-4.2.4-28.3.1 samba-debugsource-4.2.4-28.3.1 samba-libs-4.2.4-28.3.1 samba-libs-debuginfo-4.2.4-28.3.1 samba-winbind-4.2.4-28.3.1 samba-winbind-debuginfo-4.2.4-28.3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.3.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.3.1 libdcerpc0-32bit-4.2.4-28.3.1 libdcerpc0-debuginfo-32bit-4.2.4-28.3.1 libgensec0-32bit-4.2.4-28.3.1 libgensec0-debuginfo-32bit-4.2.4-28.3.1 libndr-krb5pac0-32bit-4.2.4-28.3.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.3.1 libndr-nbt0-32bit-4.2.4-28.3.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.3.1 libndr-standard0-32bit-4.2.4-28.3.1 libndr-standard0-debuginfo-32bit-4.2.4-28.3.1 libndr0-32bit-4.2.4-28.3.1 libndr0-debuginfo-32bit-4.2.4-28.3.1 libnetapi0-32bit-4.2.4-28.3.1 libnetapi0-debuginfo-32bit-4.2.4-28.3.1 libsamba-credentials0-32bit-4.2.4-28.3.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.3.1 libsamba-hostconfig0-32bit-4.2.4-28.3.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.3.1 libsamba-passdb0-32bit-4.2.4-28.3.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.3.1 libsamba-util0-32bit-4.2.4-28.3.1 libsamba-util0-debuginfo-32bit-4.2.4-28.3.1 libsamdb0-32bit-4.2.4-28.3.1 libsamdb0-debuginfo-32bit-4.2.4-28.3.1 libsmbclient-raw0-32bit-4.2.4-28.3.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.3.1 libsmbclient0-32bit-4.2.4-28.3.1 libsmbclient0-debuginfo-32bit-4.2.4-28.3.1 libsmbconf0-32bit-4.2.4-28.3.1 libsmbconf0-debuginfo-32bit-4.2.4-28.3.1 libsmbldap0-32bit-4.2.4-28.3.1 libsmbldap0-debuginfo-32bit-4.2.4-28.3.1 libtevent-util0-32bit-4.2.4-28.3.1 libtevent-util0-debuginfo-32bit-4.2.4-28.3.1 libwbclient0-32bit-4.2.4-28.3.1 libwbclient0-debuginfo-32bit-4.2.4-28.3.1 samba-32bit-4.2.4-28.3.1 samba-client-32bit-4.2.4-28.3.1 samba-client-debuginfo-32bit-4.2.4-28.3.1 samba-debuginfo-32bit-4.2.4-28.3.1 samba-libs-32bit-4.2.4-28.3.1 samba-libs-debuginfo-32bit-4.2.4-28.3.1 samba-winbind-32bit-4.2.4-28.3.1 samba-winbind-debuginfo-32bit-4.2.4-28.3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-28.3.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.3.1 ctdb-debuginfo-4.2.4-28.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-atsvc0-4.2.4-28.3.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.3.1 libdcerpc-binding0-4.2.4-28.3.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.3.1 libdcerpc-binding0-debuginfo-4.2.4-28.3.1 libdcerpc0-32bit-4.2.4-28.3.1 libdcerpc0-4.2.4-28.3.1 libdcerpc0-debuginfo-32bit-4.2.4-28.3.1 libdcerpc0-debuginfo-4.2.4-28.3.1 libgensec0-32bit-4.2.4-28.3.1 libgensec0-4.2.4-28.3.1 libgensec0-debuginfo-32bit-4.2.4-28.3.1 libgensec0-debuginfo-4.2.4-28.3.1 libndr-krb5pac0-32bit-4.2.4-28.3.1 libndr-krb5pac0-4.2.4-28.3.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.3.1 libndr-krb5pac0-debuginfo-4.2.4-28.3.1 libndr-nbt0-32bit-4.2.4-28.3.1 libndr-nbt0-4.2.4-28.3.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.3.1 libndr-nbt0-debuginfo-4.2.4-28.3.1 libndr-standard0-32bit-4.2.4-28.3.1 libndr-standard0-4.2.4-28.3.1 libndr-standard0-debuginfo-32bit-4.2.4-28.3.1 libndr-standard0-debuginfo-4.2.4-28.3.1 libndr0-32bit-4.2.4-28.3.1 libndr0-4.2.4-28.3.1 libndr0-debuginfo-32bit-4.2.4-28.3.1 libndr0-debuginfo-4.2.4-28.3.1 libnetapi0-32bit-4.2.4-28.3.1 libnetapi0-4.2.4-28.3.1 libnetapi0-debuginfo-32bit-4.2.4-28.3.1 libnetapi0-debuginfo-4.2.4-28.3.1 libregistry0-4.2.4-28.3.1 libregistry0-debuginfo-4.2.4-28.3.1 libsamba-credentials0-32bit-4.2.4-28.3.1 libsamba-credentials0-4.2.4-28.3.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.3.1 libsamba-credentials0-debuginfo-4.2.4-28.3.1 libsamba-hostconfig0-32bit-4.2.4-28.3.1 libsamba-hostconfig0-4.2.4-28.3.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.3.1 libsamba-hostconfig0-debuginfo-4.2.4-28.3.1 libsamba-passdb0-32bit-4.2.4-28.3.1 libsamba-passdb0-4.2.4-28.3.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.3.1 libsamba-passdb0-debuginfo-4.2.4-28.3.1 libsamba-util0-32bit-4.2.4-28.3.1 libsamba-util0-4.2.4-28.3.1 libsamba-util0-debuginfo-32bit-4.2.4-28.3.1 libsamba-util0-debuginfo-4.2.4-28.3.1 libsamdb0-32bit-4.2.4-28.3.1 libsamdb0-4.2.4-28.3.1 libsamdb0-debuginfo-32bit-4.2.4-28.3.1 libsamdb0-debuginfo-4.2.4-28.3.1 libsmbclient-raw0-32bit-4.2.4-28.3.1 libsmbclient-raw0-4.2.4-28.3.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.3.1 libsmbclient-raw0-debuginfo-4.2.4-28.3.1 libsmbclient0-32bit-4.2.4-28.3.1 libsmbclient0-4.2.4-28.3.1 libsmbclient0-debuginfo-32bit-4.2.4-28.3.1 libsmbclient0-debuginfo-4.2.4-28.3.1 libsmbconf0-32bit-4.2.4-28.3.1 libsmbconf0-4.2.4-28.3.1 libsmbconf0-debuginfo-32bit-4.2.4-28.3.1 libsmbconf0-debuginfo-4.2.4-28.3.1 libsmbldap0-32bit-4.2.4-28.3.1 libsmbldap0-4.2.4-28.3.1 libsmbldap0-debuginfo-32bit-4.2.4-28.3.1 libsmbldap0-debuginfo-4.2.4-28.3.1 libtevent-util0-32bit-4.2.4-28.3.1 libtevent-util0-4.2.4-28.3.1 libtevent-util0-debuginfo-32bit-4.2.4-28.3.1 libtevent-util0-debuginfo-4.2.4-28.3.1 libwbclient0-32bit-4.2.4-28.3.1 libwbclient0-4.2.4-28.3.1 libwbclient0-debuginfo-32bit-4.2.4-28.3.1 libwbclient0-debuginfo-4.2.4-28.3.1 samba-32bit-4.2.4-28.3.1 samba-4.2.4-28.3.1 samba-client-32bit-4.2.4-28.3.1 samba-client-4.2.4-28.3.1 samba-client-debuginfo-32bit-4.2.4-28.3.1 samba-client-debuginfo-4.2.4-28.3.1 samba-debuginfo-32bit-4.2.4-28.3.1 samba-debuginfo-4.2.4-28.3.1 samba-debugsource-4.2.4-28.3.1 samba-libs-32bit-4.2.4-28.3.1 samba-libs-4.2.4-28.3.1 samba-libs-debuginfo-32bit-4.2.4-28.3.1 samba-libs-debuginfo-4.2.4-28.3.1 samba-winbind-32bit-4.2.4-28.3.1 samba-winbind-4.2.4-28.3.1 samba-winbind-debuginfo-32bit-4.2.4-28.3.1 samba-winbind-debuginfo-4.2.4-28.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-28.3.1 References: https://www.suse.com/security/cve/CVE-2016-2123.html https://www.suse.com/security/cve/CVE-2016-2125.html https://www.suse.com/security/cve/CVE-2016-2126.html https://bugzilla.suse.com/1001203 https://bugzilla.suse.com/1009085 https://bugzilla.suse.com/1014437 https://bugzilla.suse.com/1014441 https://bugzilla.suse.com/1014442 https://bugzilla.suse.com/975299 https://bugzilla.suse.com/986675 https://bugzilla.suse.com/991564 https://bugzilla.suse.com/994500 https://bugzilla.suse.com/997833 From sle-updates at lists.suse.com Tue Dec 27 09:11:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2016 17:11:00 +0100 (CET) Subject: SUSE-SU-2016:3273-1: important: Security update for xen Message-ID: <20161227161100.14529F7B7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3273-1 Rating: important References: #1000106 #1000893 #1003030 #1003032 #1005004 #1005005 #1007157 #1007160 #1009100 #1009103 #1009107 #1009109 #1009111 #1011652 Cross-References: CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) This non-security issue was fixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-12919=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-12919=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-12919=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-12919=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-12919=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-12919=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-30.1 xen-doc-html-4.2.5_21-30.1 xen-doc-pdf-4.2.5_21-30.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.90-30.1 xen-libs-32bit-4.2.5_21-30.1 xen-libs-4.2.5_21-30.1 xen-tools-4.2.5_21-30.1 xen-tools-domU-4.2.5_21-30.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-30.1 xen-doc-html-4.2.5_21-30.1 xen-doc-pdf-4.2.5_21-30.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.90-30.1 xen-libs-32bit-4.2.5_21-30.1 xen-libs-4.2.5_21-30.1 xen-tools-4.2.5_21-30.1 xen-tools-domU-4.2.5_21-30.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-30.1 xen-doc-html-4.2.5_21-30.1 xen-doc-pdf-4.2.5_21-30.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.90-30.1 xen-libs-32bit-4.2.5_21-30.1 xen-libs-4.2.5_21-30.1 xen-tools-4.2.5_21-30.1 xen-tools-domU-4.2.5_21-30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.90-30.1 xen-libs-4.2.5_21-30.1 xen-tools-domU-4.2.5_21-30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-30.1 xen-doc-html-4.2.5_21-30.1 xen-doc-pdf-4.2.5_21-30.1 xen-libs-32bit-4.2.5_21-30.1 xen-tools-4.2.5_21-30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.90-30.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.90-30.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.90-30.1 xen-libs-4.2.5_21-30.1 xen-tools-domU-4.2.5_21-30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-30.1 xen-debugsource-4.2.5_21-30.1 References: https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1000893 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 From sle-updates at lists.suse.com Tue Dec 27 12:07:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2016 20:07:16 +0100 (CET) Subject: SUSE-RU-2016:3274-1: Recommended update for release-notes-sdk Message-ID: <20161227190716.B252EF7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3274-1 Rating: low References: #1014238 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Linux Enterprise Software Development Kit 12 SP2 have been updated to document the removal of NetworkManager. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1919=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): release-notes-sdk-12.2.20161207-9.3.1 References: https://bugzilla.suse.com/1014238 From sle-updates at lists.suse.com Tue Dec 27 12:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2016 20:07:42 +0100 (CET) Subject: SUSE-RU-2016:3275-1: Recommended update for hwinfo Message-ID: <20161227190742.A72ECF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3275-1 Rating: low References: #1007172 #1010276 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes: - Look for smbios entry point also in EFI settings. (bsc#1010276) - Look for DMI table also in sysfs. (bsc#1010276) - Add permanent MAC address field for network cards. (bsc#1007172) - Ensure network devices have a bus_id. (bsc#1007172) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1920=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1920=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1920=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1920=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): hwinfo-debuginfo-21.38-15.5.1 hwinfo-debugsource-21.38-15.5.1 hwinfo-devel-21.38-15.5.1 hwinfo-devel-debuginfo-21.38-15.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): hwinfo-21.38-15.5.1 hwinfo-debuginfo-21.38-15.5.1 hwinfo-debugsource-21.38-15.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): hwinfo-21.38-15.5.1 hwinfo-debuginfo-21.38-15.5.1 hwinfo-debugsource-21.38-15.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): hwinfo-21.38-15.5.1 hwinfo-debuginfo-21.38-15.5.1 hwinfo-debugsource-21.38-15.5.1 References: https://bugzilla.suse.com/1007172 https://bugzilla.suse.com/1010276 From sle-updates at lists.suse.com Wed Dec 28 09:07:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2016 17:07:04 +0100 (CET) Subject: SUSE-RU-2016:3283-1: Recommended update for release-notes-sles Message-ID: <20161228160704.47BF1F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3283-1 Rating: low References: #1007153 #1007215 #992119 #993683 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Updated amount of supported RAM for z Systems. (bsc#1007153) - Added sentence about Zypper/RPM changes. (bsc#992119) - Virtualization: Supported Disks Formats and Protocols (Support for qcow removed). (fate#317891) - Technology Preview: Docker Orchestration (Language fixes). (fate#321136) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1921=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20161207-25.6.1 References: https://bugzilla.suse.com/1007153 https://bugzilla.suse.com/1007215 https://bugzilla.suse.com/992119 https://bugzilla.suse.com/993683 From sle-updates at lists.suse.com Thu Dec 29 05:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 13:07:41 +0100 (CET) Subject: SUSE-SU-2016:3286-1: Security update for libcares2 Message-ID: <20161229120741.BB8FCF7B7@maintenance.suse.de> SUSE Security Update: Security update for libcares2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3286-1 Rating: low References: #1007728 Cross-References: CVE-2016-5180 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1924=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1924=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1924=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1924=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1924=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1924=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1924=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1924=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1924=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libcares2-32bit-1.9.1-5.1 libcares2-debuginfo-32bit-1.9.1-5.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libcares2-32bit-1.9.1-5.1 libcares2-debuginfo-32bit-1.9.1-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libcares-devel-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libcares-devel-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libcares2-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libcares2-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libcares2-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libcares2-1.9.1-5.1 libcares2-32bit-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debuginfo-32bit-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libcares2-1.9.1-5.1 libcares2-32bit-1.9.1-5.1 libcares2-debuginfo-1.9.1-5.1 libcares2-debuginfo-32bit-1.9.1-5.1 libcares2-debugsource-1.9.1-5.1 References: https://www.suse.com/security/cve/CVE-2016-5180.html https://bugzilla.suse.com/1007728 From sle-updates at lists.suse.com Thu Dec 29 05:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 13:08:15 +0100 (CET) Subject: SUSE-SU-2016:3287-1: Security update for libcares2 Message-ID: <20161229120815.DEB67F7CB@maintenance.suse.de> SUSE Security Update: Security update for libcares2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3287-1 Rating: low References: #1007728 Cross-References: CVE-2016-5180 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libcares2-12921=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libcares2-12921=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcares2-12921=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcares-devel-1.7.4-7.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcares2-1.7.4-7.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcares2-debuginfo-1.7.4-7.9.1 libcares2-debugsource-1.7.4-7.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): libcares2-debuginfo-32bit-1.7.4-7.9.1 References: https://www.suse.com/security/cve/CVE-2016-5180.html https://bugzilla.suse.com/1007728 From sle-updates at lists.suse.com Thu Dec 29 05:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 13:08:42 +0100 (CET) Subject: SUSE-SU-2016:3288-1: important: Security update for gstreamer-plugins-good Message-ID: <20161229120842.CA8E2F7CB@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3288-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: * CVE-2016-9807: flic decoder invalid read could lead to crash [bsc#1013655] * CVE-2016-9634: flic out-of-bounds write could lead to code execution [bsc#1012102] * CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012103] * CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012104] * CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. [bsc#1013653] * CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses [bsc#1013663] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1922=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-good-1.2.4-2.3.1 gstreamer-plugins-good-debuginfo-1.2.4-2.3.1 gstreamer-plugins-good-debugsource-1.2.4-2.3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-good-1.2.4-2.3.1 gstreamer-plugins-good-debuginfo-1.2.4-2.3.1 gstreamer-plugins-good-debugsource-1.2.4-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.3.1 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 From sle-updates at lists.suse.com Thu Dec 29 06:07:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 14:07:24 +0100 (CET) Subject: SUSE-RU-2016:3289-1: moderate: Recommended update for susemanager-build-keys Message-ID: <20161229130724.66A29F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-build-keys ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3289-1 Rating: moderate References: #1014151 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-build-keys extends the lifetime of the build at suse.de GPG key that is signing the SUSE Linux Enterprise 12 repositories. (bsc#1014151) UID: pub 2048R/39DB7C82 2013-01-31 [expires: 2020-12-06] uid SuSE Package Signing Key Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1925=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1925=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): susemanager-build-keys-12.0-3.1 susemanager-build-keys-web-12.0-3.1 - SUSE Manager Proxy 3.0 (noarch): susemanager-build-keys-12.0-3.1 susemanager-build-keys-web-12.0-3.1 References: https://bugzilla.suse.com/1014151 From sle-updates at lists.suse.com Thu Dec 29 07:07:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 15:07:23 +0100 (CET) Subject: SUSE-RU-2016:3290-1: Recommended update for release-notes-sdk Message-ID: <20161229140723.D93F6F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3290-1 Rating: low References: #1014247 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Linux Enterprise Software Development Kit 12 SP1 have been updated to document that Qt 5 has been updated to version 5.5.1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1927=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): release-notes-sdk-12.1.20161207-6.1 References: https://bugzilla.suse.com/1014247 From sle-updates at lists.suse.com Thu Dec 29 07:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 15:07:50 +0100 (CET) Subject: SUSE-RU-2016:3291-1: Recommended update for release-notes-sles Message-ID: <20161229140750.BBA1FF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3291-1 Rating: low References: #975899 #979501 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document: - Btrfs supported features (bsc#979501). - Basic support for the Zeppelin platform (fate#321400). - Change in the deadlock behavior of loop-back mounted NFS (fate#320631). - Support for absolute Placement Mode for Touchscreens in the evdev-driver. (fate#319647). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-release-notes-sles-12922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): release-notes-sles-11.4.25-0.32.1 References: https://bugzilla.suse.com/975899 https://bugzilla.suse.com/979501 From sle-updates at lists.suse.com Thu Dec 29 07:08:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 15:08:29 +0100 (CET) Subject: SUSE-RU-2016:3292-1: Recommended update for release-notes-sled Message-ID: <20161229140829.54079F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3292-1 Rating: low References: #1009493 #1014233 #995577 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Desktop 12 SP2 have been updated to document: - SLED Installation Media Without SLED Images. (fate#321164) - GNOME Desktop: "Open in Terminal" on Desktop. (fate#321179) - Improved Bridge Handling in YaST. (fate#322007) - Installer Crashes When Set to Mount by Label by Default. (bsc#1009493, fate#322147) - Updating the Installer at the Beginning of Installation. (fate#319716) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1928=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1928=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): release-notes-sled-12.2.20161207-18.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): release-notes-sled-12.2.20161207-18.3.1 References: https://bugzilla.suse.com/1009493 https://bugzilla.suse.com/1014233 https://bugzilla.suse.com/995577 From sle-updates at lists.suse.com Thu Dec 29 09:07:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 17:07:23 +0100 (CET) Subject: SUSE-RU-2016:3293-1: Recommended update for sapconf Message-ID: <20161229160723.82121F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3293-1 Rating: low References: #994306 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf fixes the following issues: - Do not touch THP configuration in Netweaver profile. This avoids inheriting settings from high throughput profile. (bsc#994306) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1930=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): sapconf-4.1.3-21.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): sapconf-4.1.3-21.1 References: https://bugzilla.suse.com/994306 From sle-updates at lists.suse.com Thu Dec 29 09:07:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 17:07:55 +0100 (CET) Subject: SUSE-RU-2016:3294-1: Recommended update for hwinfo Message-ID: <20161229160755.B26F0F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3294-1 Rating: low References: #1010276 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwinfo fixes the following issues: - Look for SMBIOS entry point also in EFI settings. (bsc#1010276) - Look for DMI table also in sysfs. (bsc#1010276) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-hwinfo-12923=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-hwinfo-12923=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-hwinfo-12923=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): hwinfo-devel-15.57-0.12.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): hwinfo-15.57-0.12.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): hwinfo-debuginfo-15.57-0.12.2 hwinfo-debugsource-15.57-0.12.2 References: https://bugzilla.suse.com/1010276 From sle-updates at lists.suse.com Thu Dec 29 10:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2016 18:07:45 +0100 (CET) Subject: SUSE-RU-2016:3295-1: Recommended update for hwinfo Message-ID: <20161229170745.B0C84F7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3295-1 Rating: low References: #1005428 #1006818 #1007172 #1010276 #970111 #996183 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes: - Look for SMBIOS entry point also in EFI settings. (bsc#1010276) - Look for DMI table also in sysfs. (bsc#1010276) - Add permanent mac address field for network cards. (bsc#1007172) - Ensure network devices have a bus_id. (bsc#1007172) - Update PCI and USB IDs. (bsc#1006818) - Implement nvdimm support. (bsc#970111) - Fix detection of USB controllers on aarch64 systems. (bsc#1005428) - Add support for mmc/sdio devices. (bsc#996183) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1931=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1931=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1931=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): hwinfo-debuginfo-21.38-10.3.1 hwinfo-debugsource-21.38-10.3.1 hwinfo-devel-21.38-10.3.1 hwinfo-devel-debuginfo-21.38-10.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): hwinfo-21.38-10.3.1 hwinfo-debuginfo-21.38-10.3.1 hwinfo-debugsource-21.38-10.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): hwinfo-21.38-10.3.1 hwinfo-debuginfo-21.38-10.3.1 hwinfo-debugsource-21.38-10.3.1 References: https://bugzilla.suse.com/1005428 https://bugzilla.suse.com/1006818 https://bugzilla.suse.com/1007172 https://bugzilla.suse.com/1010276 https://bugzilla.suse.com/970111 https://bugzilla.suse.com/996183 From sle-updates at lists.suse.com Thu Dec 29 16:07:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 00:07:46 +0100 (CET) Subject: SUSE-SU-2016:3296-1: moderate: Security update for gstreamer-plugins-bad Message-ID: <20161229230746.33658F7B7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3296-1 Rating: moderate References: #1010829 #1013659 #1013678 #1013680 Cross-References: CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1933=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1933=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1933=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1933=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-bad-debuginfo-1.8.3-14.1 gstreamer-plugins-bad-debugsource-1.8.3-14.1 gstreamer-plugins-bad-devel-1.8.3-14.1 libgstinsertbin-1_0-0-1.8.3-14.1 libgstinsertbin-1_0-0-debuginfo-1.8.3-14.1 libgsturidownloader-1_0-0-1.8.3-14.1 libgsturidownloader-1_0-0-debuginfo-1.8.3-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-bad-1.8.3-14.1 gstreamer-plugins-bad-debuginfo-1.8.3-14.1 gstreamer-plugins-bad-debugsource-1.8.3-14.1 libgstadaptivedemux-1_0-0-1.8.3-14.1 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-14.1 libgstbadaudio-1_0-0-1.8.3-14.1 libgstbadaudio-1_0-0-debuginfo-1.8.3-14.1 libgstbadbase-1_0-0-1.8.3-14.1 libgstbadbase-1_0-0-debuginfo-1.8.3-14.1 libgstbadvideo-1_0-0-1.8.3-14.1 libgstbadvideo-1_0-0-debuginfo-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-14.1 libgstcodecparsers-1_0-0-1.8.3-14.1 libgstcodecparsers-1_0-0-debuginfo-1.8.3-14.1 libgstgl-1_0-0-1.8.3-14.1 libgstgl-1_0-0-debuginfo-1.8.3-14.1 libgstmpegts-1_0-0-1.8.3-14.1 libgstmpegts-1_0-0-debuginfo-1.8.3-14.1 libgstphotography-1_0-0-1.8.3-14.1 libgstphotography-1_0-0-debuginfo-1.8.3-14.1 libgsturidownloader-1_0-0-1.8.3-14.1 libgsturidownloader-1_0-0-debuginfo-1.8.3-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-bad-1.8.3-14.1 gstreamer-plugins-bad-debuginfo-1.8.3-14.1 gstreamer-plugins-bad-debugsource-1.8.3-14.1 libgstadaptivedemux-1_0-0-1.8.3-14.1 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-14.1 libgstbadaudio-1_0-0-1.8.3-14.1 libgstbadaudio-1_0-0-debuginfo-1.8.3-14.1 libgstbadbase-1_0-0-1.8.3-14.1 libgstbadbase-1_0-0-debuginfo-1.8.3-14.1 libgstbadvideo-1_0-0-1.8.3-14.1 libgstbadvideo-1_0-0-debuginfo-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-14.1 libgstcodecparsers-1_0-0-1.8.3-14.1 libgstcodecparsers-1_0-0-debuginfo-1.8.3-14.1 libgstgl-1_0-0-1.8.3-14.1 libgstgl-1_0-0-debuginfo-1.8.3-14.1 libgstmpegts-1_0-0-1.8.3-14.1 libgstmpegts-1_0-0-debuginfo-1.8.3-14.1 libgstphotography-1_0-0-1.8.3-14.1 libgstphotography-1_0-0-debuginfo-1.8.3-14.1 libgsturidownloader-1_0-0-1.8.3-14.1 libgsturidownloader-1_0-0-debuginfo-1.8.3-14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-bad-1.8.3-14.1 gstreamer-plugins-bad-debuginfo-1.8.3-14.1 gstreamer-plugins-bad-debugsource-1.8.3-14.1 libgstadaptivedemux-1_0-0-1.8.3-14.1 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-14.1 libgstbadaudio-1_0-0-1.8.3-14.1 libgstbadaudio-1_0-0-debuginfo-1.8.3-14.1 libgstbadbase-1_0-0-1.8.3-14.1 libgstbadbase-1_0-0-debuginfo-1.8.3-14.1 libgstbadvideo-1_0-0-1.8.3-14.1 libgstbadvideo-1_0-0-debuginfo-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-14.1 libgstcodecparsers-1_0-0-1.8.3-14.1 libgstcodecparsers-1_0-0-debuginfo-1.8.3-14.1 libgstgl-1_0-0-1.8.3-14.1 libgstgl-1_0-0-debuginfo-1.8.3-14.1 libgstmpegts-1_0-0-1.8.3-14.1 libgstmpegts-1_0-0-debuginfo-1.8.3-14.1 libgstphotography-1_0-0-1.8.3-14.1 libgstphotography-1_0-0-debuginfo-1.8.3-14.1 libgsturidownloader-1_0-0-1.8.3-14.1 libgsturidownloader-1_0-0-debuginfo-1.8.3-14.1 References: https://www.suse.com/security/cve/CVE-2016-9445.html https://www.suse.com/security/cve/CVE-2016-9446.html https://www.suse.com/security/cve/CVE-2016-9809.html https://www.suse.com/security/cve/CVE-2016-9812.html https://www.suse.com/security/cve/CVE-2016-9813.html https://bugzilla.suse.com/1010829 https://bugzilla.suse.com/1013659 https://bugzilla.suse.com/1013678 https://bugzilla.suse.com/1013680 From sle-updates at lists.suse.com Thu Dec 29 16:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 00:08:58 +0100 (CET) Subject: SUSE-SU-2016:3297-1: important: Security update for gstreamer-plugins-bad Message-ID: <20161229230858.44EE9F7CB@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3297-1 Rating: important References: #1010829 #1013659 #1013678 #1013680 Cross-References: CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gstreamer-plugins-bad fixes the following issues: - CVE-2016-9809: Malicious mkv/h264 file could cause an off by one out of bounds read and lead to crash (bsc#1013659) - CVE-2016-9812: Malicious mpeg file could cause invalid a null pointer access and lead to crash (bsc#1013678) - CVE-2016-9813: Malicious mpegts file could cause invalid a null pointer access and lead to crash (bsc#1013680) - CVE-2016-9445, CVE-2016-9446: Check an integer overflow and initialize a buffer in vmncdec (bsc#1010829) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1932=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1932=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1932=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1932=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1932=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1932=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-bad-debuginfo-1.2.4-3.4.1 gstreamer-plugins-bad-debugsource-1.2.4-3.4.1 gstreamer-plugins-bad-devel-1.2.4-3.4.1 libgstinsertbin-1_0-0-1.2.4-3.4.1 libgstinsertbin-1_0-0-debuginfo-1.2.4-3.4.1 libgsturidownloader-1_0-0-1.2.4-3.4.1 libgsturidownloader-1_0-0-debuginfo-1.2.4-3.4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libgstegl-1_0-0-1.2.4-3.4.1 libgstegl-1_0-0-debuginfo-1.2.4-3.4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libgstegl-1_0-0-1.2.4-3.4.1 libgstegl-1_0-0-debuginfo-1.2.4-3.4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-bad-1.2.4-3.4.1 gstreamer-plugins-bad-debuginfo-1.2.4-3.4.1 gstreamer-plugins-bad-debugsource-1.2.4-3.4.1 libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.2.4-3.4.1 libgstcodecparsers-1_0-0-1.2.4-3.4.1 libgstcodecparsers-1_0-0-debuginfo-1.2.4-3.4.1 libgstegl-1_0-0-1.2.4-3.4.1 libgstegl-1_0-0-debuginfo-1.2.4-3.4.1 libgstmpegts-1_0-0-1.2.4-3.4.1 libgstmpegts-1_0-0-debuginfo-1.2.4-3.4.1 libgstphotography-1_0-0-1.2.4-3.4.1 libgstphotography-1_0-0-debuginfo-1.2.4-3.4.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-bad-lang-1.2.4-3.4.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libgstegl-1_0-0-1.2.4-3.4.1 libgstegl-1_0-0-debuginfo-1.2.4-3.4.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-bad-lang-1.2.4-3.4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-bad-1.2.4-3.4.1 gstreamer-plugins-bad-debuginfo-1.2.4-3.4.1 gstreamer-plugins-bad-debugsource-1.2.4-3.4.1 libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.2.4-3.4.1 libgstcodecparsers-1_0-0-1.2.4-3.4.1 libgstcodecparsers-1_0-0-debuginfo-1.2.4-3.4.1 libgstegl-1_0-0-1.2.4-3.4.1 libgstegl-1_0-0-debuginfo-1.2.4-3.4.1 libgstmpegts-1_0-0-1.2.4-3.4.1 libgstmpegts-1_0-0-debuginfo-1.2.4-3.4.1 libgstphotography-1_0-0-1.2.4-3.4.1 libgstphotography-1_0-0-debuginfo-1.2.4-3.4.1 References: https://www.suse.com/security/cve/CVE-2016-9445.html https://www.suse.com/security/cve/CVE-2016-9446.html https://www.suse.com/security/cve/CVE-2016-9809.html https://www.suse.com/security/cve/CVE-2016-9812.html https://www.suse.com/security/cve/CVE-2016-9813.html https://bugzilla.suse.com/1010829 https://bugzilla.suse.com/1013659 https://bugzilla.suse.com/1013678 https://bugzilla.suse.com/1013680 From sle-updates at lists.suse.com Thu Dec 29 16:09:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 00:09:59 +0100 (CET) Subject: SUSE-SU-2016:3298-1: moderate: Security update for samba Message-ID: <20161229230959.B292CF7CB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3298-1 Rating: moderate References: #1003731 #1009711 #1014441 #1014442 #993692 #997833 Cross-References: CVE-2016-2125 CVE-2016-2126 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user at domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-samba-12924=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-samba-12924=1 - SUSE Manager 2.1: zypper in -t patch sleman21-samba-12924=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-12924=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-12924=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-12924=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-12924=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-12924=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-12924=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ldapsmb-1.34b-84.1 libldb1-3.6.3-84.1 libsmbclient0-3.6.3-84.1 libsmbclient0-32bit-3.6.3-84.1 libtalloc2-3.6.3-84.1 libtalloc2-32bit-3.6.3-84.1 libtdb1-3.6.3-84.1 libtdb1-32bit-3.6.3-84.1 libtevent0-3.6.3-84.1 libtevent0-32bit-3.6.3-84.1 libwbclient0-3.6.3-84.1 libwbclient0-32bit-3.6.3-84.1 samba-3.6.3-84.1 samba-32bit-3.6.3-84.1 samba-client-3.6.3-84.1 samba-client-32bit-3.6.3-84.1 samba-krb-printing-3.6.3-84.1 samba-winbind-3.6.3-84.1 samba-winbind-32bit-3.6.3-84.1 - SUSE OpenStack Cloud 5 (noarch): samba-doc-3.6.3-84.1 - SUSE Manager Proxy 2.1 (x86_64): ldapsmb-1.34b-84.1 libldb1-3.6.3-84.1 libsmbclient0-3.6.3-84.1 libsmbclient0-32bit-3.6.3-84.1 libtalloc2-3.6.3-84.1 libtalloc2-32bit-3.6.3-84.1 libtdb1-3.6.3-84.1 libtdb1-32bit-3.6.3-84.1 libtevent0-3.6.3-84.1 libtevent0-32bit-3.6.3-84.1 libwbclient0-3.6.3-84.1 libwbclient0-32bit-3.6.3-84.1 samba-3.6.3-84.1 samba-32bit-3.6.3-84.1 samba-client-3.6.3-84.1 samba-client-32bit-3.6.3-84.1 samba-krb-printing-3.6.3-84.1 samba-winbind-3.6.3-84.1 samba-winbind-32bit-3.6.3-84.1 - SUSE Manager Proxy 2.1 (noarch): samba-doc-3.6.3-84.1 - SUSE Manager 2.1 (s390x x86_64): ldapsmb-1.34b-84.1 libldb1-3.6.3-84.1 libsmbclient0-3.6.3-84.1 libsmbclient0-32bit-3.6.3-84.1 libtalloc2-3.6.3-84.1 libtalloc2-32bit-3.6.3-84.1 libtdb1-3.6.3-84.1 libtdb1-32bit-3.6.3-84.1 libtevent0-3.6.3-84.1 libtevent0-32bit-3.6.3-84.1 libwbclient0-3.6.3-84.1 libwbclient0-32bit-3.6.3-84.1 samba-3.6.3-84.1 samba-32bit-3.6.3-84.1 samba-client-3.6.3-84.1 samba-client-32bit-3.6.3-84.1 samba-krb-printing-3.6.3-84.1 samba-winbind-3.6.3-84.1 samba-winbind-32bit-3.6.3-84.1 - SUSE Manager 2.1 (noarch): samba-doc-3.6.3-84.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-84.1 libnetapi-devel-3.6.3-84.1 libnetapi0-3.6.3-84.1 libsmbclient-devel-3.6.3-84.1 libsmbsharemodes-devel-3.6.3-84.1 libsmbsharemodes0-3.6.3-84.1 libtalloc-devel-3.6.3-84.1 libtdb-devel-3.6.3-84.1 libtevent-devel-3.6.3-84.1 libwbclient-devel-3.6.3-84.1 samba-devel-3.6.3-84.1 samba-test-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-84.1 libldb1-3.6.3-84.1 libsmbclient0-3.6.3-84.1 libtalloc2-3.6.3-84.1 libtdb1-3.6.3-84.1 libtevent0-3.6.3-84.1 libwbclient0-3.6.3-84.1 samba-3.6.3-84.1 samba-client-3.6.3-84.1 samba-krb-printing-3.6.3-84.1 samba-winbind-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-84.1 libtalloc2-32bit-3.6.3-84.1 libtdb1-32bit-3.6.3-84.1 libtevent0-32bit-3.6.3-84.1 libwbclient0-32bit-3.6.3-84.1 samba-32bit-3.6.3-84.1 samba-client-32bit-3.6.3-84.1 samba-winbind-32bit-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-84.1 libtalloc2-x86-3.6.3-84.1 libtdb1-x86-3.6.3-84.1 libtevent0-x86-3.6.3-84.1 libwbclient0-x86-3.6.3-84.1 samba-client-x86-3.6.3-84.1 samba-winbind-x86-3.6.3-84.1 samba-x86-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-84.1 libldb1-3.6.3-84.1 libsmbclient0-3.6.3-84.1 libtalloc2-3.6.3-84.1 libtdb1-3.6.3-84.1 libtevent0-3.6.3-84.1 libwbclient0-3.6.3-84.1 samba-3.6.3-84.1 samba-client-3.6.3-84.1 samba-krb-printing-3.6.3-84.1 samba-winbind-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-84.1 libtalloc2-32bit-3.6.3-84.1 libtdb1-32bit-3.6.3-84.1 libtevent0-32bit-3.6.3-84.1 libwbclient0-32bit-3.6.3-84.1 samba-32bit-3.6.3-84.1 samba-client-32bit-3.6.3-84.1 samba-winbind-32bit-3.6.3-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-84.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-84.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-84.1 libldb1-3.6.3-84.1 libsmbclient0-3.6.3-84.1 libtalloc2-3.6.3-84.1 libtdb1-3.6.3-84.1 libtevent0-3.6.3-84.1 libwbclient0-3.6.3-84.1 samba-3.6.3-84.1 samba-client-3.6.3-84.1 samba-krb-printing-3.6.3-84.1 samba-winbind-3.6.3-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-84.1 samba-debugsource-3.6.3-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-84.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-84.1 samba-debugsource-3.6.3-84.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-84.1 References: https://www.suse.com/security/cve/CVE-2016-2125.html https://www.suse.com/security/cve/CVE-2016-2126.html https://bugzilla.suse.com/1003731 https://bugzilla.suse.com/1009711 https://bugzilla.suse.com/1014441 https://bugzilla.suse.com/1014442 https://bugzilla.suse.com/993692 https://bugzilla.suse.com/997833 From sle-updates at lists.suse.com Thu Dec 29 16:11:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 00:11:31 +0100 (CET) Subject: SUSE-SU-2016:3299-1: moderate: Security update for samba Message-ID: <20161229231131.85B3DF7CB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3299-1 Rating: moderate References: #1001203 #1009085 #1014437 #1014441 #1014442 #975299 #986675 #991564 #994500 #997833 Cross-References: CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). This issue does not affect our packages, as the component is not built. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port (bsc#1009085) - Add doc changes for net ads --no-dns-updates switch (bsc#991564) - Include vfstest in samba-test (bsc#1001203). - s3/winbindd: using default domain with user at domain.com format fails (bsc#997833). - Fix illegal memory access after memory has been deleted (bsc#975299). - Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500). - Various fixes for spnego/ntlm (bsc#986675). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1935=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1935=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-1935=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): samba-doc-4.2.4-18.30.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): ctdb-4.2.4-18.30.1 ctdb-debuginfo-4.2.4-18.30.1 libdcerpc-binding0-32bit-4.2.4-18.30.1 libdcerpc-binding0-4.2.4-18.30.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.30.1 libdcerpc-binding0-debuginfo-4.2.4-18.30.1 libdcerpc0-32bit-4.2.4-18.30.1 libdcerpc0-4.2.4-18.30.1 libdcerpc0-debuginfo-32bit-4.2.4-18.30.1 libdcerpc0-debuginfo-4.2.4-18.30.1 libgensec0-32bit-4.2.4-18.30.1 libgensec0-4.2.4-18.30.1 libgensec0-debuginfo-32bit-4.2.4-18.30.1 libgensec0-debuginfo-4.2.4-18.30.1 libndr-krb5pac0-32bit-4.2.4-18.30.1 libndr-krb5pac0-4.2.4-18.30.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.30.1 libndr-krb5pac0-debuginfo-4.2.4-18.30.1 libndr-nbt0-32bit-4.2.4-18.30.1 libndr-nbt0-4.2.4-18.30.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.30.1 libndr-nbt0-debuginfo-4.2.4-18.30.1 libndr-standard0-32bit-4.2.4-18.30.1 libndr-standard0-4.2.4-18.30.1 libndr-standard0-debuginfo-32bit-4.2.4-18.30.1 libndr-standard0-debuginfo-4.2.4-18.30.1 libndr0-32bit-4.2.4-18.30.1 libndr0-4.2.4-18.30.1 libndr0-debuginfo-32bit-4.2.4-18.30.1 libndr0-debuginfo-4.2.4-18.30.1 libnetapi0-32bit-4.2.4-18.30.1 libnetapi0-4.2.4-18.30.1 libnetapi0-debuginfo-32bit-4.2.4-18.30.1 libnetapi0-debuginfo-4.2.4-18.30.1 libregistry0-4.2.4-18.30.1 libregistry0-debuginfo-4.2.4-18.30.1 libsamba-credentials0-32bit-4.2.4-18.30.1 libsamba-credentials0-4.2.4-18.30.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.30.1 libsamba-credentials0-debuginfo-4.2.4-18.30.1 libsamba-hostconfig0-32bit-4.2.4-18.30.1 libsamba-hostconfig0-4.2.4-18.30.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.30.1 libsamba-hostconfig0-debuginfo-4.2.4-18.30.1 libsamba-passdb0-32bit-4.2.4-18.30.1 libsamba-passdb0-4.2.4-18.30.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.30.1 libsamba-passdb0-debuginfo-4.2.4-18.30.1 libsamba-util0-32bit-4.2.4-18.30.1 libsamba-util0-4.2.4-18.30.1 libsamba-util0-debuginfo-32bit-4.2.4-18.30.1 libsamba-util0-debuginfo-4.2.4-18.30.1 libsamdb0-32bit-4.2.4-18.30.1 libsamdb0-4.2.4-18.30.1 libsamdb0-debuginfo-32bit-4.2.4-18.30.1 libsamdb0-debuginfo-4.2.4-18.30.1 libsmbclient-raw0-32bit-4.2.4-18.30.1 libsmbclient-raw0-4.2.4-18.30.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.30.1 libsmbclient-raw0-debuginfo-4.2.4-18.30.1 libsmbclient0-32bit-4.2.4-18.30.1 libsmbclient0-4.2.4-18.30.1 libsmbclient0-debuginfo-32bit-4.2.4-18.30.1 libsmbclient0-debuginfo-4.2.4-18.30.1 libsmbconf0-32bit-4.2.4-18.30.1 libsmbconf0-4.2.4-18.30.1 libsmbconf0-debuginfo-32bit-4.2.4-18.30.1 libsmbconf0-debuginfo-4.2.4-18.30.1 libsmbldap0-32bit-4.2.4-18.30.1 libsmbldap0-4.2.4-18.30.1 libsmbldap0-debuginfo-32bit-4.2.4-18.30.1 libsmbldap0-debuginfo-4.2.4-18.30.1 libtevent-util0-32bit-4.2.4-18.30.1 libtevent-util0-4.2.4-18.30.1 libtevent-util0-debuginfo-32bit-4.2.4-18.30.1 libtevent-util0-debuginfo-4.2.4-18.30.1 libwbclient0-32bit-4.2.4-18.30.1 libwbclient0-4.2.4-18.30.1 libwbclient0-debuginfo-32bit-4.2.4-18.30.1 libwbclient0-debuginfo-4.2.4-18.30.1 samba-32bit-4.2.4-18.30.1 samba-4.2.4-18.30.1 samba-client-32bit-4.2.4-18.30.1 samba-client-4.2.4-18.30.1 samba-client-debuginfo-32bit-4.2.4-18.30.1 samba-client-debuginfo-4.2.4-18.30.1 samba-debuginfo-32bit-4.2.4-18.30.1 samba-debuginfo-4.2.4-18.30.1 samba-debugsource-4.2.4-18.30.1 samba-libs-32bit-4.2.4-18.30.1 samba-libs-4.2.4-18.30.1 samba-libs-debuginfo-32bit-4.2.4-18.30.1 samba-libs-debuginfo-4.2.4-18.30.1 samba-winbind-32bit-4.2.4-18.30.1 samba-winbind-4.2.4-18.30.1 samba-winbind-debuginfo-32bit-4.2.4-18.30.1 samba-winbind-debuginfo-4.2.4-18.30.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.30.1 ctdb-debuginfo-4.2.4-18.30.1 libdcerpc-binding0-4.2.4-18.30.1 libdcerpc-binding0-debuginfo-4.2.4-18.30.1 libdcerpc0-4.2.4-18.30.1 libdcerpc0-debuginfo-4.2.4-18.30.1 libgensec0-4.2.4-18.30.1 libgensec0-debuginfo-4.2.4-18.30.1 libndr-krb5pac0-4.2.4-18.30.1 libndr-krb5pac0-debuginfo-4.2.4-18.30.1 libndr-nbt0-4.2.4-18.30.1 libndr-nbt0-debuginfo-4.2.4-18.30.1 libndr-standard0-4.2.4-18.30.1 libndr-standard0-debuginfo-4.2.4-18.30.1 libndr0-4.2.4-18.30.1 libndr0-debuginfo-4.2.4-18.30.1 libnetapi0-4.2.4-18.30.1 libnetapi0-debuginfo-4.2.4-18.30.1 libregistry0-4.2.4-18.30.1 libregistry0-debuginfo-4.2.4-18.30.1 libsamba-credentials0-4.2.4-18.30.1 libsamba-credentials0-debuginfo-4.2.4-18.30.1 libsamba-hostconfig0-4.2.4-18.30.1 libsamba-hostconfig0-debuginfo-4.2.4-18.30.1 libsamba-passdb0-4.2.4-18.30.1 libsamba-passdb0-debuginfo-4.2.4-18.30.1 libsamba-util0-4.2.4-18.30.1 libsamba-util0-debuginfo-4.2.4-18.30.1 libsamdb0-4.2.4-18.30.1 libsamdb0-debuginfo-4.2.4-18.30.1 libsmbclient-raw0-4.2.4-18.30.1 libsmbclient-raw0-debuginfo-4.2.4-18.30.1 libsmbclient0-4.2.4-18.30.1 libsmbclient0-debuginfo-4.2.4-18.30.1 libsmbconf0-4.2.4-18.30.1 libsmbconf0-debuginfo-4.2.4-18.30.1 libsmbldap0-4.2.4-18.30.1 libsmbldap0-debuginfo-4.2.4-18.30.1 libtevent-util0-4.2.4-18.30.1 libtevent-util0-debuginfo-4.2.4-18.30.1 libwbclient0-4.2.4-18.30.1 libwbclient0-debuginfo-4.2.4-18.30.1 samba-4.2.4-18.30.1 samba-client-4.2.4-18.30.1 samba-client-debuginfo-4.2.4-18.30.1 samba-debuginfo-4.2.4-18.30.1 samba-debugsource-4.2.4-18.30.1 samba-libs-4.2.4-18.30.1 samba-libs-debuginfo-4.2.4-18.30.1 samba-winbind-4.2.4-18.30.1 samba-winbind-debuginfo-4.2.4-18.30.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.30.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.30.1 libdcerpc0-32bit-4.2.4-18.30.1 libdcerpc0-debuginfo-32bit-4.2.4-18.30.1 libgensec0-32bit-4.2.4-18.30.1 libgensec0-debuginfo-32bit-4.2.4-18.30.1 libndr-krb5pac0-32bit-4.2.4-18.30.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.30.1 libndr-nbt0-32bit-4.2.4-18.30.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.30.1 libndr-standard0-32bit-4.2.4-18.30.1 libndr-standard0-debuginfo-32bit-4.2.4-18.30.1 libndr0-32bit-4.2.4-18.30.1 libndr0-debuginfo-32bit-4.2.4-18.30.1 libnetapi0-32bit-4.2.4-18.30.1 libnetapi0-debuginfo-32bit-4.2.4-18.30.1 libsamba-credentials0-32bit-4.2.4-18.30.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.30.1 libsamba-hostconfig0-32bit-4.2.4-18.30.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.30.1 libsamba-passdb0-32bit-4.2.4-18.30.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.30.1 libsamba-util0-32bit-4.2.4-18.30.1 libsamba-util0-debuginfo-32bit-4.2.4-18.30.1 libsamdb0-32bit-4.2.4-18.30.1 libsamdb0-debuginfo-32bit-4.2.4-18.30.1 libsmbclient-raw0-32bit-4.2.4-18.30.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.30.1 libsmbclient0-32bit-4.2.4-18.30.1 libsmbclient0-debuginfo-32bit-4.2.4-18.30.1 libsmbconf0-32bit-4.2.4-18.30.1 libsmbconf0-debuginfo-32bit-4.2.4-18.30.1 libsmbldap0-32bit-4.2.4-18.30.1 libsmbldap0-debuginfo-32bit-4.2.4-18.30.1 libtevent-util0-32bit-4.2.4-18.30.1 libtevent-util0-debuginfo-32bit-4.2.4-18.30.1 libwbclient0-32bit-4.2.4-18.30.1 libwbclient0-debuginfo-32bit-4.2.4-18.30.1 samba-32bit-4.2.4-18.30.1 samba-client-32bit-4.2.4-18.30.1 samba-client-debuginfo-32bit-4.2.4-18.30.1 samba-debuginfo-32bit-4.2.4-18.30.1 samba-libs-32bit-4.2.4-18.30.1 samba-libs-debuginfo-32bit-4.2.4-18.30.1 samba-winbind-32bit-4.2.4-18.30.1 samba-winbind-debuginfo-32bit-4.2.4-18.30.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.30.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.30.1 ctdb-debuginfo-4.2.4-18.30.1 References: https://www.suse.com/security/cve/CVE-2016-2123.html https://www.suse.com/security/cve/CVE-2016-2125.html https://www.suse.com/security/cve/CVE-2016-2126.html https://bugzilla.suse.com/1001203 https://bugzilla.suse.com/1009085 https://bugzilla.suse.com/1014437 https://bugzilla.suse.com/1014441 https://bugzilla.suse.com/1014442 https://bugzilla.suse.com/975299 https://bugzilla.suse.com/986675 https://bugzilla.suse.com/991564 https://bugzilla.suse.com/994500 https://bugzilla.suse.com/997833 From sle-updates at lists.suse.com Thu Dec 29 16:13:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 00:13:37 +0100 (CET) Subject: SUSE-SU-2016:3300-1: moderate: Security update for samba Message-ID: <20161229231337.E1C80F7B7@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3300-1 Rating: moderate References: #1003731 #1009711 #1014441 #1014442 #975131 #978898 #993692 #997833 Cross-References: CVE-2016-2125 CVE-2016-2126 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user at domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) - Honor smb.conf socket options in winbind. (bsc#975131) - Fix crash with net rpc join. (bsc#978898) - Fix a regression verifying the security trailer. (bsc#978898) - Fix updating netlogon credentials. (bsc#978898) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-samba-12925=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-samba-12925=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ldapsmb-1.34b-56.1 libldb1-3.6.3-56.1 libsmbclient0-3.6.3-56.1 libtalloc2-3.6.3-56.1 libtdb1-3.6.3-56.1 libtevent0-3.6.3-56.1 libwbclient0-3.6.3-56.1 samba-3.6.3-56.1 samba-client-3.6.3-56.1 samba-krb-printing-3.6.3-56.1 samba-winbind-3.6.3-56.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-56.1 libtalloc2-32bit-3.6.3-56.1 libtdb1-32bit-3.6.3-56.1 libtevent0-32bit-3.6.3-56.1 libwbclient0-32bit-3.6.3-56.1 samba-32bit-3.6.3-56.1 samba-client-32bit-3.6.3-56.1 samba-winbind-32bit-3.6.3-56.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): samba-doc-3.6.3-56.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): samba-debuginfo-3.6.3-56.1 samba-debugsource-3.6.3-56.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): samba-debuginfo-32bit-3.6.3-56.1 References: https://www.suse.com/security/cve/CVE-2016-2125.html https://www.suse.com/security/cve/CVE-2016-2126.html https://bugzilla.suse.com/1003731 https://bugzilla.suse.com/1009711 https://bugzilla.suse.com/1014441 https://bugzilla.suse.com/1014442 https://bugzilla.suse.com/975131 https://bugzilla.suse.com/978898 https://bugzilla.suse.com/993692 https://bugzilla.suse.com/997833 From sle-updates at lists.suse.com Thu Dec 29 16:15:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 00:15:32 +0100 (CET) Subject: SUSE-SU-2016:3301-1: moderate: Security update for tiff Message-ID: <20161229231532.928BEF7BF@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3301-1 Rating: moderate References: #1007280 #1010161 #1010163 #1011103 #1011107 #914890 #974449 #974840 #984813 #984815 #987351 Cross-References: CVE-2014-8127 CVE-2016-3622 CVE-2016-3658 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890] - CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161] - CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840] - CVE-2016-9273: heap overflow [bnc#1010163] - CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449] - CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280] - CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107] - CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351] - CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103] - CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813] - CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1937=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1937=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1937=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1937=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1937=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1937=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1937=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtiff5-4.0.7-35.1 libtiff5-debuginfo-4.0.7-35.1 tiff-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libtiff5-4.0.7-35.1 libtiff5-debuginfo-4.0.7-35.1 tiff-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libtiff5-32bit-4.0.7-35.1 libtiff5-debuginfo-32bit-4.0.7-35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.7-35.1 libtiff5-debuginfo-4.0.7-35.1 tiff-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.7-35.1 libtiff5-debuginfo-32bit-4.0.7-35.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libtiff5-32bit-4.0.7-35.1 libtiff5-4.0.7-35.1 libtiff5-debuginfo-32bit-4.0.7-35.1 libtiff5-debuginfo-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.7-35.1 libtiff5-4.0.7-35.1 libtiff5-debuginfo-32bit-4.0.7-35.1 libtiff5-debuginfo-4.0.7-35.1 tiff-debuginfo-4.0.7-35.1 tiff-debugsource-4.0.7-35.1 References: https://www.suse.com/security/cve/CVE-2014-8127.html https://www.suse.com/security/cve/CVE-2016-3622.html https://www.suse.com/security/cve/CVE-2016-3658.html https://www.suse.com/security/cve/CVE-2016-5321.html https://www.suse.com/security/cve/CVE-2016-5323.html https://www.suse.com/security/cve/CVE-2016-5652.html https://www.suse.com/security/cve/CVE-2016-5875.html https://www.suse.com/security/cve/CVE-2016-9273.html https://www.suse.com/security/cve/CVE-2016-9297.html https://www.suse.com/security/cve/CVE-2016-9448.html https://www.suse.com/security/cve/CVE-2016-9453.html https://bugzilla.suse.com/1007280 https://bugzilla.suse.com/1010161 https://bugzilla.suse.com/1010163 https://bugzilla.suse.com/1011103 https://bugzilla.suse.com/1011107 https://bugzilla.suse.com/914890 https://bugzilla.suse.com/974449 https://bugzilla.suse.com/974840 https://bugzilla.suse.com/984813 https://bugzilla.suse.com/984815 https://bugzilla.suse.com/987351 From sle-updates at lists.suse.com Fri Dec 30 10:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 18:08:10 +0100 (CET) Subject: SUSE-SU-2016:3303-1: important: Security update for gstreamer-plugins-good Message-ID: <20161230170810.38D00F7CB@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3303-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following security issues: - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1939=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1939=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1939=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-good-1.8.3-9.1 gstreamer-plugins-good-debuginfo-1.8.3-9.1 gstreamer-plugins-good-debugsource-1.8.3-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-good-1.8.3-9.1 gstreamer-plugins-good-debuginfo-1.8.3-9.1 gstreamer-plugins-good-debugsource-1.8.3-9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-good-1.8.3-9.1 gstreamer-plugins-good-debuginfo-1.8.3-9.1 gstreamer-plugins-good-debugsource-1.8.3-9.1 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 From sle-updates at lists.suse.com Fri Dec 30 10:09:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 18:09:30 +0100 (CET) Subject: SUSE-SU-2016:3304-1: important: Security update for the Linux Kernel Message-ID: <20161230170930.78229F7CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3304-1 Rating: important References: #1000189 #1000287 #1000304 #1000776 #1001419 #1001486 #1002165 #1003079 #1003153 #1003400 #1003568 #1003925 #1004252 #1004418 #1004462 #1004517 #1004520 #1005666 #1006691 #1007615 #1007886 #744692 #789311 #857397 #860441 #865545 #866130 #868923 #874131 #875631 #876145 #876463 #898675 #904489 #909994 #911687 #915183 #921338 #921784 #922064 #922634 #924381 #924384 #930399 #934067 #937086 #937888 #941420 #946309 #955446 #956514 #959463 #961257 #962846 #963655 #963767 #966864 #967640 #970943 #971975 #971989 #974406 #974620 #975596 #975772 #976195 #977687 #978094 #979451 #979681 #979928 #980371 #981597 #982783 #983619 #984194 #984419 #984779 #984992 #985562 #986362 #986365 #986445 #987192 #987333 #987542 #987565 #987621 #987805 #988440 #988617 #988715 #989152 #989953 #990058 #990245 #991247 #991608 #991665 #991667 #992244 #992555 #992568 #992591 #992593 #992712 #993392 #993841 #993890 #993891 #994167 #994296 #994438 #994520 #994758 #995153 #995968 #996664 #997059 #997299 #997708 #997896 #998689 #998795 #998825 #999577 #999584 #999600 #999779 #999907 #999932 Cross-References: CVE-2015-8956 CVE-2016-2069 CVE-2016-4998 CVE-2016-5195 CVE-2016-5696 CVE-2016-6130 CVE-2016-6327 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 118 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.67 to receive various security and bugfixes. This feature was added: - fate#320805: Execute in place (XIP) support for the ext2 filesystem. The following security bugs were fixed: - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362). - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability (bnc#987542) - CVE-2016-6327: System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes by sending the ABORT_TASK command (bsc#994758) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608) - CVE-2016-6828: Use after free 4 in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296) - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bsc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#995968). - CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932) - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bsc#1004462). The following non-security bugs were fixed: - aacraid: Fix RRQ overload (bsc#1003079). - acpi / PM: Ignore wakeup setting if the ACPI companion can't wake up. - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: don't check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix arg_size computation for when setprocattr is null terminated (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix oops, validate buffer size in apparmor_setprocattr() (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm64: Ensure pmd_present() returns false after pmd_mknotpresent() (Automatic NUMA Balancing). - avoid dentry crash triggered by NFS (bsc#984194). - be2net: Don't leak iomapped memory on removal (bsc#921784 FATE#318561). - be2net: fix BE3-R FW download compatibility check (bsc#921784 FATE#318561). - be2net: fix wrong return value in be_check_ufi_compatibility() (bsc#921784 FATE#318561). - be2net: remove vlan promisc capability from VF's profile descriptors (bsc#921784 FATE#318561). - blkfront: fix an error path memory leak (luckily none so far). - blk-mq: fix undefined behaviour in order_to_size(). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bluetooth: Fix potential NULL dereference in RFCOMM bind callback (bsc#1003925, CVE-2015-8956). - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes. - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring. - bonding: Prevent IPv6 link local address on enslaved devices. - bonding: prevent out of bound accesses. - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: add missing discards when unpinning extents with -o discard (bsc#904489). - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489). - btrfs: Disable btrfs-8448-improve-performance-on-fsync-against-new-inode.patch (bsc#981597). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#904489). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489). - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779) - btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: iterate over unused chunk space in FITRIM (bsc#904489). - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489). - btrfs: properly track when rescan worker is running (bsc#989953). - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489). - btrfs: skip superblocks during discard (bsc#904489). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712). - cdc-acm: added sanity checking for probe() (bsc#993891). - cephfs: ignore error from invalidate_inode_pages2_range() in direct write (bsc#995153). - cephfs: remove warning when ceph_releasepage() is called on dirty page (bsc#995153). - ceph: Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch. After a write, we must free the 'request', not the 'response' (bsc#995153). - clockevents: export clockevents_unbind_device instead of clockevents_unbind (bnc#937888). - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (bsc#966864). - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338). - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943) - efi: Small leak on error in runtime map code (fate#315019). - ext2: Enable ext2 driver in config files (bsc#976195). - ext4: Add parameter for tuning handling of ext2 (bsc#976195). - Fix kabi change cause by adding flock_owner to open_context (bsc#998689). - fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch (bsc#1003153). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - hyperv: enable call to clockevents_unbind_device in kexec/kdump path - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in the base kernel - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659). - ib/iwpm: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338). - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545 FATE#316891). - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772). - ipv6: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257). - ipv6: fix multipath route replace error recovery (bsc#930399). - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555, bsc#987805). - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420). - kernel/printk: fix faulty logic in the case of recursive printk (bnc#744692, bnc#789311). - kvm: do not handle APIC access page if in-kernel irqchip is not in use (bsc#959463). - kvm: vmx: defer load of APIC access page address during reset (bsc#959463). - libceph: enable large, variable-sized OSD requests (bsc#988715). - libceph: make r_request msg_size calculation clearer (bsc#988715). - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715). - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715). - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: sanity check cpu number extracted from xid (bsc#988440). - libfc: send LOGO for PLOGI failure (bsc#962846). - md: check command validity early in md_ioctl() (bsc#1004520). - md: Drop sending a change uevent when stopping (bsc#1003568). - md: lockless I/O submission for RAID1 (bsc#982783). - md/raid5: fix a recently broken BUG_ON() (bsc#1006691). - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - module: Issue warnings when tainting kernel (bsc#974406). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - mpt3sas: Update patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch (bsc#967640, bsc#992244). - msi-x: fix an error path (luckily none so far). - netback: fix flipping mode (bsc#996664). - netback: fix refounting (bsc#978094). - netfront: don't truncate grant references. - netfront: use correct linear area after linearizing an skb (bsc#1007886). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1003400). - nfs: Add a stub for GETDEVICELIST (bnc#898675). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfsd: Use free_conn to free connection (bsc#979451). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: fix BUG() crash in notify_change() with patch to chown_common() (bnc#876463). - nfs: fix pg_test page count calculation (bnc#898675). - nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT (bnc#866130). - oops on restarting network with bonding mode4 (lacp) (bsc#876145). - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131). - perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM (bsc#997896). - PM / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252). - PM / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825). - ppp: defer netns reference release for ppp channel (bsc#980371). - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609) - radeon: avoid boot hang in Xen Dom0 (luckily none so far). - ratelimit: extend to print suppressed messages on release (bsc#979928). - ratelimit: fix bug in time interval by resetting right begin time (bsc#979928). - rbd: truncate objects on cmpext short reads (bsc#988715). - Revert "Input: i8042 - break load dependency between atkbd/psmouse and i8042". - Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports". - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rtnetlink: avoid 0 sized arrays. - RTNL: assertion failed at dev.c (bsc#875631). - s390: add SMT support (bnc#994438). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - sd: Fix memory leak caused by RESET_WP patch (bsc#999779). - squashfs3: properly handle dir_emit() failures (bsc#998795). - SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (bnc#868923). - SUNRPC: Fix a regression when reconnecting (bsc#946309). - supported.conf: Add ext2 - supported.conf: Add iscsi modules to -base (bsc#997299) - supported.conf: Add tun to -base (bsc#992593) - supported.conf: Add veth to -base (bsc#992591) - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP (bsc#987621). - target: Fix race between iscsi-target connection shutdown + ABORT_TASK (bsc#987621). - tcp: add proper TS val into RST packets (bsc#937086). - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086). - tcp: fix child sockets to use system default congestion control if not set. - tcp: fix cwnd limited checking to improve congestion control (bsc#988617). - tcp: refresh skb timestamp at retransmit time (bsc#937086). - timers: Use proper base migration in add_timer_on() (bnc#993392). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vmxnet3: Wake queue from reset work (bsc#999907). - x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058). - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance git-fixes). - xenbus: don't invoke ->is_ready() for most device states (bsc#987333). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen/pciback: Fix conf_space read/write overlap check. - xen-pciback: return proper values during BAR sizing. - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153). - xfs: handle dquot buffer readahead in log recovery correctly (bsc#955446). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - xhci: Check if slot is already in default state before moving it there (FATE#315518). - xhci: silence warnings in switch (bnc#991665). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2016-1938=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): kernel-compute-3.12.67-60.27.1 kernel-compute-base-3.12.67-60.27.1 kernel-compute-base-debuginfo-3.12.67-60.27.1 kernel-compute-debuginfo-3.12.67-60.27.1 kernel-compute-debugsource-3.12.67-60.27.1 kernel-compute-devel-3.12.67-60.27.1 kernel-compute_debug-debuginfo-3.12.67-60.27.1 kernel-compute_debug-debugsource-3.12.67-60.27.1 kernel-compute_debug-devel-3.12.67-60.27.1 kernel-compute_debug-devel-debuginfo-3.12.67-60.27.1 kernel-rt-3.12.67-60.27.1 kernel-rt-base-3.12.67-60.27.1 kernel-rt-base-debuginfo-3.12.67-60.27.1 kernel-rt-debuginfo-3.12.67-60.27.1 kernel-rt-debugsource-3.12.67-60.27.1 kernel-rt-devel-3.12.67-60.27.1 kernel-rt_debug-debuginfo-3.12.67-60.27.1 kernel-rt_debug-debugsource-3.12.67-60.27.1 kernel-rt_debug-devel-3.12.67-60.27.1 kernel-rt_debug-devel-debuginfo-3.12.67-60.27.1 kernel-syms-rt-3.12.67-60.27.1 - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch): kernel-devel-rt-3.12.67-60.27.1 kernel-source-rt-3.12.67-60.27.1 References: https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2016-2069.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-6130.html https://www.suse.com/security/cve/CVE-2016-6327.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-8658.html https://bugzilla.suse.com/1000189 https://bugzilla.suse.com/1000287 https://bugzilla.suse.com/1000304 https://bugzilla.suse.com/1000776 https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1001486 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1003079 https://bugzilla.suse.com/1003153 https://bugzilla.suse.com/1003400 https://bugzilla.suse.com/1003568 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004252 https://bugzilla.suse.com/1004418 https://bugzilla.suse.com/1004462 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1004520 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1006691 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007886 https://bugzilla.suse.com/744692 https://bugzilla.suse.com/789311 https://bugzilla.suse.com/857397 https://bugzilla.suse.com/860441 https://bugzilla.suse.com/865545 https://bugzilla.suse.com/866130 https://bugzilla.suse.com/868923 https://bugzilla.suse.com/874131 https://bugzilla.suse.com/875631 https://bugzilla.suse.com/876145 https://bugzilla.suse.com/876463 https://bugzilla.suse.com/898675 https://bugzilla.suse.com/904489 https://bugzilla.suse.com/909994 https://bugzilla.suse.com/911687 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/921338 https://bugzilla.suse.com/921784 https://bugzilla.suse.com/922064 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/924381 https://bugzilla.suse.com/924384 https://bugzilla.suse.com/930399 https://bugzilla.suse.com/934067 https://bugzilla.suse.com/937086 https://bugzilla.suse.com/937888 https://bugzilla.suse.com/941420 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/955446 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/959463 https://bugzilla.suse.com/961257 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/966864 https://bugzilla.suse.com/967640 https://bugzilla.suse.com/970943 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/974406 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/975596 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/976195 https://bugzilla.suse.com/977687 https://bugzilla.suse.com/978094 https://bugzilla.suse.com/979451 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/979928 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/981597 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/983619 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/984419 https://bugzilla.suse.com/984779 https://bugzilla.suse.com/984992 https://bugzilla.suse.com/985562 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/987192 https://bugzilla.suse.com/987333 https://bugzilla.suse.com/987542 https://bugzilla.suse.com/987565 https://bugzilla.suse.com/987621 https://bugzilla.suse.com/987805 https://bugzilla.suse.com/988440 https://bugzilla.suse.com/988617 https://bugzilla.suse.com/988715 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989953 https://bugzilla.suse.com/990058 https://bugzilla.suse.com/990245 https://bugzilla.suse.com/991247 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/991667 https://bugzilla.suse.com/992244 https://bugzilla.suse.com/992555 https://bugzilla.suse.com/992568 https://bugzilla.suse.com/992591 https://bugzilla.suse.com/992593 https://bugzilla.suse.com/992712 https://bugzilla.suse.com/993392 https://bugzilla.suse.com/993841 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994167 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994438 https://bugzilla.suse.com/994520 https://bugzilla.suse.com/994758 https://bugzilla.suse.com/995153 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/996664 https://bugzilla.suse.com/997059 https://bugzilla.suse.com/997299 https://bugzilla.suse.com/997708 https://bugzilla.suse.com/997896 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/998795 https://bugzilla.suse.com/998825 https://bugzilla.suse.com/999577 https://bugzilla.suse.com/999584 https://bugzilla.suse.com/999600 https://bugzilla.suse.com/999779 https://bugzilla.suse.com/999907 https://bugzilla.suse.com/999932 From sle-updates at lists.suse.com Fri Dec 30 11:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 19:08:31 +0100 (CET) Subject: SUSE-RU-2016:3305-1: Recommended update for shibboleth-sp Message-ID: <20161230180831.2EE4AF7B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for shibboleth-sp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3305-1 Rating: low References: #1014173 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds the memcache-store plugin to shibboleth-sp. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1940=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1940=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1940=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1940=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): shibboleth-sp-debuginfo-2.5.5-5.1 shibboleth-sp-debugsource-2.5.5-5.1 shibboleth-sp-devel-2.5.5-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): shibboleth-sp-debuginfo-2.5.5-5.1 shibboleth-sp-debugsource-2.5.5-5.1 shibboleth-sp-devel-2.5.5-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libshibsp-lite6-2.5.5-5.1 libshibsp-lite6-debuginfo-2.5.5-5.1 libshibsp6-2.5.5-5.1 libshibsp6-debuginfo-2.5.5-5.1 shibboleth-sp-2.5.5-5.1 shibboleth-sp-debuginfo-2.5.5-5.1 shibboleth-sp-debugsource-2.5.5-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libshibsp-lite6-2.5.5-5.1 libshibsp-lite6-debuginfo-2.5.5-5.1 libshibsp6-2.5.5-5.1 libshibsp6-debuginfo-2.5.5-5.1 shibboleth-sp-2.5.5-5.1 shibboleth-sp-debuginfo-2.5.5-5.1 shibboleth-sp-debugsource-2.5.5-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libshibsp-lite6-2.5.5-5.1 libshibsp-lite6-debuginfo-2.5.5-5.1 libshibsp6-2.5.5-5.1 libshibsp6-debuginfo-2.5.5-5.1 shibboleth-sp-2.5.5-5.1 shibboleth-sp-debuginfo-2.5.5-5.1 shibboleth-sp-debugsource-2.5.5-5.1 References: https://bugzilla.suse.com/1014173 From sle-updates at lists.suse.com Fri Dec 30 11:09:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2016 19:09:00 +0100 (CET) Subject: SUSE-RU-2016:3306-1: Recommended update for yast2-trans Message-ID: <20161230180900.44CB8F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-trans ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:3306-1 Rating: low References: #1004064 #1005652 #1012545 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-trans fixes the following issues: - Fix format string error in zh_TW that could lead to a failure when selecting online repositories when using Traditional Chinese. - Fix en_GB translations by removing offending file. (bsc#1012545) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1941=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1941=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1941=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-trans-af-3.0.0-50.1 yast2-trans-ar-3.0.0-50.1 yast2-trans-bg-3.0.0-50.1 yast2-trans-bn-3.0.0-50.1 yast2-trans-bs-3.0.0-50.1 yast2-trans-ca-3.0.0-50.1 yast2-trans-cs-3.0.0-50.1 yast2-trans-cy-3.0.0-50.1 yast2-trans-da-3.0.0-50.1 yast2-trans-de-3.0.0-50.1 yast2-trans-el-3.0.0-50.1 yast2-trans-en_GB-3.0.0-50.1 yast2-trans-en_US-3.0.0-50.1 yast2-trans-es-3.0.0-50.1 yast2-trans-et-3.0.0-50.1 yast2-trans-fa-3.0.0-50.1 yast2-trans-fi-3.0.0-50.1 yast2-trans-fr-3.0.0-50.1 yast2-trans-gl-3.0.0-50.1 yast2-trans-gu-3.0.0-50.1 yast2-trans-hi-3.0.0-50.1 yast2-trans-hr-3.0.0-50.1 yast2-trans-hu-3.0.0-50.1 yast2-trans-id-3.0.0-50.1 yast2-trans-it-3.0.0-50.1 yast2-trans-ja-3.0.0-50.1 yast2-trans-jv-3.0.0-50.1 yast2-trans-ka-3.0.0-50.1 yast2-trans-km-3.0.0-50.1 yast2-trans-ko-3.0.0-50.1 yast2-trans-lo-3.0.0-50.1 yast2-trans-lt-3.0.0-50.1 yast2-trans-mk-3.0.0-50.1 yast2-trans-mr-3.0.0-50.1 yast2-trans-nb-3.0.0-50.1 yast2-trans-nl-3.0.0-50.1 yast2-trans-pa-3.0.0-50.1 yast2-trans-pl-3.0.0-50.1 yast2-trans-pt-3.0.0-50.1 yast2-trans-pt_BR-3.0.0-50.1 yast2-trans-ro-3.0.0-50.1 yast2-trans-ru-3.0.0-50.1 yast2-trans-si-3.0.0-50.1 yast2-trans-sk-3.0.0-50.1 yast2-trans-sl-3.0.0-50.1 yast2-trans-sr-3.0.0-50.1 yast2-trans-sv-3.0.0-50.1 yast2-trans-ta-3.0.0-50.1 yast2-trans-th-3.0.0-50.1 yast2-trans-tr-3.0.0-50.1 yast2-trans-uk-3.0.0-50.1 yast2-trans-vi-3.0.0-50.1 yast2-trans-wa-3.0.0-50.1 yast2-trans-xh-3.0.0-50.1 yast2-trans-zh_CN-3.0.0-50.1 yast2-trans-zh_TW-3.0.0-50.1 yast2-trans-zu-3.0.0-50.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-trans-af-3.0.0-50.1 yast2-trans-ar-3.0.0-50.1 yast2-trans-bg-3.0.0-50.1 yast2-trans-bn-3.0.0-50.1 yast2-trans-bs-3.0.0-50.1 yast2-trans-ca-3.0.0-50.1 yast2-trans-cs-3.0.0-50.1 yast2-trans-cy-3.0.0-50.1 yast2-trans-da-3.0.0-50.1 yast2-trans-de-3.0.0-50.1 yast2-trans-el-3.0.0-50.1 yast2-trans-en_GB-3.0.0-50.1 yast2-trans-en_US-3.0.0-50.1 yast2-trans-es-3.0.0-50.1 yast2-trans-et-3.0.0-50.1 yast2-trans-fa-3.0.0-50.1 yast2-trans-fi-3.0.0-50.1 yast2-trans-fr-3.0.0-50.1 yast2-trans-gl-3.0.0-50.1 yast2-trans-gu-3.0.0-50.1 yast2-trans-hi-3.0.0-50.1 yast2-trans-hr-3.0.0-50.1 yast2-trans-hu-3.0.0-50.1 yast2-trans-id-3.0.0-50.1 yast2-trans-it-3.0.0-50.1 yast2-trans-ja-3.0.0-50.1 yast2-trans-jv-3.0.0-50.1 yast2-trans-ka-3.0.0-50.1 yast2-trans-km-3.0.0-50.1 yast2-trans-ko-3.0.0-50.1 yast2-trans-lo-3.0.0-50.1 yast2-trans-lt-3.0.0-50.1 yast2-trans-mk-3.0.0-50.1 yast2-trans-mr-3.0.0-50.1 yast2-trans-nb-3.0.0-50.1 yast2-trans-nl-3.0.0-50.1 yast2-trans-pa-3.0.0-50.1 yast2-trans-pl-3.0.0-50.1 yast2-trans-pt-3.0.0-50.1 yast2-trans-pt_BR-3.0.0-50.1 yast2-trans-ro-3.0.0-50.1 yast2-trans-ru-3.0.0-50.1 yast2-trans-si-3.0.0-50.1 yast2-trans-sk-3.0.0-50.1 yast2-trans-sl-3.0.0-50.1 yast2-trans-sr-3.0.0-50.1 yast2-trans-sv-3.0.0-50.1 yast2-trans-ta-3.0.0-50.1 yast2-trans-th-3.0.0-50.1 yast2-trans-tr-3.0.0-50.1 yast2-trans-uk-3.0.0-50.1 yast2-trans-vi-3.0.0-50.1 yast2-trans-wa-3.0.0-50.1 yast2-trans-xh-3.0.0-50.1 yast2-trans-zh_CN-3.0.0-50.1 yast2-trans-zh_TW-3.0.0-50.1 yast2-trans-zu-3.0.0-50.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-trans-af-3.0.0-50.1 yast2-trans-ar-3.0.0-50.1 yast2-trans-bg-3.0.0-50.1 yast2-trans-bn-3.0.0-50.1 yast2-trans-bs-3.0.0-50.1 yast2-trans-ca-3.0.0-50.1 yast2-trans-cs-3.0.0-50.1 yast2-trans-cy-3.0.0-50.1 yast2-trans-da-3.0.0-50.1 yast2-trans-de-3.0.0-50.1 yast2-trans-el-3.0.0-50.1 yast2-trans-en_GB-3.0.0-50.1 yast2-trans-en_US-3.0.0-50.1 yast2-trans-es-3.0.0-50.1 yast2-trans-et-3.0.0-50.1 yast2-trans-fa-3.0.0-50.1 yast2-trans-fi-3.0.0-50.1 yast2-trans-fr-3.0.0-50.1 yast2-trans-gl-3.0.0-50.1 yast2-trans-gu-3.0.0-50.1 yast2-trans-hi-3.0.0-50.1 yast2-trans-hr-3.0.0-50.1 yast2-trans-hu-3.0.0-50.1 yast2-trans-id-3.0.0-50.1 yast2-trans-it-3.0.0-50.1 yast2-trans-ja-3.0.0-50.1 yast2-trans-jv-3.0.0-50.1 yast2-trans-ka-3.0.0-50.1 yast2-trans-km-3.0.0-50.1 yast2-trans-ko-3.0.0-50.1 yast2-trans-lo-3.0.0-50.1 yast2-trans-lt-3.0.0-50.1 yast2-trans-mk-3.0.0-50.1 yast2-trans-mr-3.0.0-50.1 yast2-trans-nb-3.0.0-50.1 yast2-trans-nl-3.0.0-50.1 yast2-trans-pa-3.0.0-50.1 yast2-trans-pl-3.0.0-50.1 yast2-trans-pt-3.0.0-50.1 yast2-trans-pt_BR-3.0.0-50.1 yast2-trans-ro-3.0.0-50.1 yast2-trans-ru-3.0.0-50.1 yast2-trans-si-3.0.0-50.1 yast2-trans-sk-3.0.0-50.1 yast2-trans-sl-3.0.0-50.1 yast2-trans-sr-3.0.0-50.1 yast2-trans-sv-3.0.0-50.1 yast2-trans-ta-3.0.0-50.1 yast2-trans-th-3.0.0-50.1 yast2-trans-tr-3.0.0-50.1 yast2-trans-uk-3.0.0-50.1 yast2-trans-vi-3.0.0-50.1 yast2-trans-wa-3.0.0-50.1 yast2-trans-xh-3.0.0-50.1 yast2-trans-zh_CN-3.0.0-50.1 yast2-trans-zh_TW-3.0.0-50.1 yast2-trans-zu-3.0.0-50.1 References: https://bugzilla.suse.com/1004064 https://bugzilla.suse.com/1005652 https://bugzilla.suse.com/1012545