From sle-updates at lists.suse.com Wed Jun 1 04:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 12:07:50 +0200 (CEST) Subject: SUSE-SU-2016:1459-1: important: Security update for cyrus-imapd Message-ID: <20160601100750.D3297FF4F@maintenance.suse.de> SUSE Security Update: Security update for cyrus-imapd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1459-1 Rating: important References: #860611 #901748 #954200 #954201 #981670 Cross-References: CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include "tls_versions: tls1_0 tls1_1 tls1_2". New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie???Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-cyrus-imapd-12589=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-cyrus-imapd-12589=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cyrus-imapd-12589=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-devel-2.3.11-60.65.67.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): perl-Cyrus-IMAP-2.3.11-60.65.67.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-2.3.11-60.65.67.1 perl-Cyrus-IMAP-2.3.11-60.65.67.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-debuginfo-2.3.11-60.65.67.1 cyrus-imapd-debugsource-2.3.11-60.65.67.1 References: https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2015-8076.html https://www.suse.com/security/cve/CVE-2015-8077.html https://www.suse.com/security/cve/CVE-2015-8078.html https://bugzilla.suse.com/860611 https://bugzilla.suse.com/901748 https://bugzilla.suse.com/954200 https://bugzilla.suse.com/954201 https://bugzilla.suse.com/981670 From sle-updates at lists.suse.com Wed Jun 1 07:10:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 15:10:18 +0200 (CEST) Subject: SUSE-SU-2016:1465-1: moderate: Recommended update for NetworkManager-kde4 Message-ID: <20160601131018.89EA5FF50@maintenance.suse.de> SUSE Security Update: Recommended update for NetworkManager-kde4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1465-1 Rating: moderate References: #663413 #726349 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This NetworkManager-kde4 update fixes the following security and non security issues: - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send it to NetworkManager for it to do a network validation in the absence of a real certificate (bsc#726349) - Disabled the loading by default of the NetworkManager plasma applet since it doesn't work. - Fixed a crash due to the use of an uninitialized variable in the plasma applet in case someone runs it manually (bsc#663413) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-NetworkManager-kde4-12590=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-NetworkManager-kde4-12590=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): NetworkManager-kde4-0.9.svn1043876-1.3.15 NetworkManager-kde4-lang-0.9.svn1043876-1.3.15 NetworkManager-kde4-libs-0.9.svn1043876-1.3.15 NetworkManager-openvpn-kde4-0.9.svn1043876-1.3.15 NetworkManager-pptp-kde4-0.9.svn1043876-1.3.15 plasmoid-networkmanagement-0.9.svn1043876-1.3.15 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): NetworkManager-kde4-debuginfo-0.9.svn1043876-1.3.15 NetworkManager-kde4-debugsource-0.9.svn1043876-1.3.15 References: https://bugzilla.suse.com/663413 https://bugzilla.suse.com/726349 From sle-updates at lists.suse.com Wed Jun 1 09:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 17:08:16 +0200 (CEST) Subject: SUSE-RU-2016:1468-1: moderate: Recommended update for systemd Message-ID: <20160601150816.E4E69FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1468-1 Rating: moderate References: #964934 #980303 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Re-add NVMe entries to udev's 60-persistent-storage.rules. (bsc#980303) - Always create dependencies for bind mounts and loop devices. (bsc#964934) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-870=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-870=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-870=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgudev-1_0-devel-210-70.51.1 libudev-devel-210-70.51.1 systemd-debuginfo-210-70.51.1 systemd-debugsource-210-70.51.1 systemd-devel-210-70.51.1 typelib-1_0-GUdev-1_0-210-70.51.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgudev-1_0-0-210-70.51.1 libgudev-1_0-0-debuginfo-210-70.51.1 libudev1-210-70.51.1 libudev1-debuginfo-210-70.51.1 systemd-210-70.51.1 systemd-debuginfo-210-70.51.1 systemd-debugsource-210-70.51.1 systemd-sysvinit-210-70.51.1 udev-210-70.51.1 udev-debuginfo-210-70.51.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgudev-1_0-0-32bit-210-70.51.1 libgudev-1_0-0-debuginfo-32bit-210-70.51.1 libudev1-32bit-210-70.51.1 libudev1-debuginfo-32bit-210-70.51.1 systemd-32bit-210-70.51.1 systemd-debuginfo-32bit-210-70.51.1 - SUSE Linux Enterprise Server 12 (noarch): systemd-bash-completion-210-70.51.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgudev-1_0-0-210-70.51.1 libgudev-1_0-0-32bit-210-70.51.1 libgudev-1_0-0-debuginfo-210-70.51.1 libgudev-1_0-0-debuginfo-32bit-210-70.51.1 libudev1-210-70.51.1 libudev1-32bit-210-70.51.1 libudev1-debuginfo-210-70.51.1 libudev1-debuginfo-32bit-210-70.51.1 systemd-210-70.51.1 systemd-32bit-210-70.51.1 systemd-debuginfo-210-70.51.1 systemd-debuginfo-32bit-210-70.51.1 systemd-debugsource-210-70.51.1 systemd-sysvinit-210-70.51.1 udev-210-70.51.1 udev-debuginfo-210-70.51.1 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-bash-completion-210-70.51.1 References: https://bugzilla.suse.com/964934 https://bugzilla.suse.com/980303 From sle-updates at lists.suse.com Wed Jun 1 09:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 17:08:48 +0200 (CEST) Subject: SUSE-RU-2016:1469-1: moderate: Recommended update for susestudio Message-ID: <20160601150848.B5374FF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for susestudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1469-1 Rating: moderate References: #947233 #955230 #962466 #963028 #963035 #963861 #977677 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides SUSE Studio 1.3.13, which brings templates for SLES 12 SP1. Additionally, the following issues have been fixed: - No SLES 11 SP4 upgrade option for SLES 11 SP3 based appliance when SLES 11 SP4 template is released to Studio Onsite. (bsc#963861) - Overlay files have several highlighted in green. (bsc#947233) - Diary does not provide appliance detail. (bsc#955230) - "View Files" button missing from PXE builds. (bsc#963028) - Cannot configure SLES 11 SP4 appliances after update. (bsc#963035) - Boot script fails to run with SLES 12 appliance. (bsc#962466) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-12591=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): Containment-Studio-SLE12_SP1-7.02.75-20160511172436 susestudio-1.3.13-42.1 susestudio-bundled-packages-1.3.13-42.1 susestudio-common-1.3.13-42.1 susestudio-runner-1.3.13-42.1 susestudio-sid-1.3.13-42.1 susestudio-ui-server-1.3.13-42.1 References: https://bugzilla.suse.com/947233 https://bugzilla.suse.com/955230 https://bugzilla.suse.com/962466 https://bugzilla.suse.com/963028 https://bugzilla.suse.com/963035 https://bugzilla.suse.com/963861 https://bugzilla.suse.com/977677 From sle-updates at lists.suse.com Wed Jun 1 09:10:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 17:10:03 +0200 (CEST) Subject: SUSE-RU-2016:1470-1: moderate: Recommended update for systemd Message-ID: <20160601151003.19520FF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1470-1 Rating: moderate References: #964934 #980303 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Re-add NVMe entries to udev's 60-persistent-storage.rules. (bsc#980303) - Always create dependencies for bind mounts and loop devices. (bsc#964934) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-869=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-869=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-869=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-107.1 libudev-devel-210-107.1 systemd-debuginfo-210-107.1 systemd-debugsource-210-107.1 systemd-devel-210-107.1 typelib-1_0-GUdev-1_0-210-107.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-107.1 libgudev-1_0-0-debuginfo-210-107.1 libudev1-210-107.1 libudev1-debuginfo-210-107.1 systemd-210-107.1 systemd-debuginfo-210-107.1 systemd-debugsource-210-107.1 systemd-sysvinit-210-107.1 udev-210-107.1 udev-debuginfo-210-107.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-107.1 libgudev-1_0-0-debuginfo-32bit-210-107.1 libudev1-32bit-210-107.1 libudev1-debuginfo-32bit-210-107.1 systemd-32bit-210-107.1 systemd-debuginfo-32bit-210-107.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-107.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-107.1 libgudev-1_0-0-32bit-210-107.1 libgudev-1_0-0-debuginfo-210-107.1 libgudev-1_0-0-debuginfo-32bit-210-107.1 libudev1-210-107.1 libudev1-32bit-210-107.1 libudev1-debuginfo-210-107.1 libudev1-debuginfo-32bit-210-107.1 systemd-210-107.1 systemd-32bit-210-107.1 systemd-debuginfo-210-107.1 systemd-debuginfo-32bit-210-107.1 systemd-debugsource-210-107.1 systemd-sysvinit-210-107.1 udev-210-107.1 udev-debuginfo-210-107.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-107.1 References: https://bugzilla.suse.com/964934 https://bugzilla.suse.com/980303 From sle-updates at lists.suse.com Wed Jun 1 10:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 18:08:18 +0200 (CEST) Subject: SUSE-SU-2016:1471-1: important: Security update for ntp Message-ID: <20160601160818.1B5B8FF51@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1471-1 Rating: important References: #957226 #977446 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ntp-12592=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ntp-12592=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ntp-12592=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-12592=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ntp-12592=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-12592=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ntp-12592=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Manager Proxy 2.1 (x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Manager 2.1 (s390x x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p7-44.1 ntp-debugsource-4.2.8p7-44.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ntp-debuginfo-4.2.8p7-44.1 ntp-debugsource-4.2.8p7-44.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://bugzilla.suse.com/957226 https://bugzilla.suse.com/977446 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 From sle-updates at lists.suse.com Wed Jun 1 13:07:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 21:07:58 +0200 (CEST) Subject: SUSE-RU-2016:1472-1: important: Recommended update for multipath-tools Message-ID: <20160601190758.7EC84FF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1472-1 Rating: important References: #980933 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for multipath-tools fixes a regression introduced with the previous update. After a single path loss, multipath could loose the complete map. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-multipath-tools-12593=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-multipath-tools-12593=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kpartx-0.4.9-115.1 multipath-tools-0.4.9-115.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): multipath-tools-debuginfo-0.4.9-115.1 multipath-tools-debugsource-0.4.9-115.1 References: https://bugzilla.suse.com/980933 From sle-updates at lists.suse.com Wed Jun 1 15:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 23:08:41 +0200 (CEST) Subject: SUSE-RU-2016:1473-1: important: Recommended update for java-1_6_0-ibm Message-ID: <20160601210841.2EF9FFF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1473-1 Rating: important References: #981087 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-1_6_0-ibm fixes the following issues: - Update to sr16 fp26 to fix a regression in TLS handling. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_6_0-ibm-12594=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_6_0-ibm-12594=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_6_0-ibm-12594=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-12594=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12594=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Manager 2.1 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 - SUSE Manager 2.1 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.26-72.1 References: https://bugzilla.suse.com/981087 From sle-updates at lists.suse.com Wed Jun 1 17:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 01:07:41 +0200 (CEST) Subject: SUSE-RU-2016:1474-1: moderate: Recommended update for rubygem-chef Message-ID: <20160601230741.CB3F1FF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1474-1 Rating: moderate References: #960012 #967792 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Enterprise Storage 2 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef fixes the following issues: - Handle zypper exit code 106 (failure to refresh one or more repositories) as not fatal. (bsc#967792) - Use /usr/bin/chef-client instead of startproc in init file. (bsc#960012) - Update the public key of an existing client. This is needed to be able to restore the webui and validation keys, which are usually already existing when restoring a backup. - Allow (re-)creating clients with public_key. E.g. when restoring from JSON. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-875=1 - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-875=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-875=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-15.2 rubygem-chef-10.32.2-15.2 - SUSE Enterprise Storage 2 (x86_64): ruby2.1-rubygem-chef-10.32.2-15.2 rubygem-chef-10.32.2-15.2 - SUSE Enterprise Storage 1.0 (x86_64): ruby2.1-rubygem-chef-10.32.2-15.2 rubygem-chef-10.32.2-15.2 References: https://bugzilla.suse.com/960012 https://bugzilla.suse.com/967792 From sle-updates at lists.suse.com Thu Jun 2 03:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 11:08:10 +0200 (CEST) Subject: SUSE-SU-2016:1475-1: important: Security update for java-1_8_0-ibm Message-ID: <20160602090810.D461CFF51@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1475-1 Rating: important References: #965665 #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - IBM Java 80-3.0 released: (bsc#977646 bsc#977648 bsc#977650 bsc#979252) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 - There is no HtmlConverter and apt provided by jdk8 bsc#965665 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-876=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-876=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr3.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1 java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/965665 https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Thu Jun 2 07:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 15:08:56 +0200 (CEST) Subject: SUSE-RU-2016:1477-1: moderate: Recommended update for clamav Message-ID: <20160602130856.F002DFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1477-1 Rating: moderate References: #978459 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ClamAV was updated to version 0.99.2, which brings fixes and enhancements: - Fix 7z's FolderStartPackStreamIndex array index check. - Print all CDBNAME entries for a zip file when using the -z flag. - clamunrar: Notice if unpacking comment failed. - Use temporary variable for realloc to prevent pointer loss. - freshclam: Avoid random data in mirrors.dat. - libclamav: Print raw certificate metadata. - Fix download and verification of *.cld through PrivateMirrors. - Suppress IP notification when using proxy. - Remove redundant mempool assignment. - Divide out dumpcerts output for better readability. - Fix dconf and option handling for nocert and dumpcert. - Increase clamd's soft file descriptor to its potential maximum on 64-bit systems. - Move libfreshclam config to m4/reorganization. - Add 'cdb' datafile to sigtools list of datafile types. - Prevent memory allocations on used pointers. - Check packSizes prior to dereference - Fix inconsistent folder state on failure. - Add sanity checks to 7z header parsing. For a comprehensive list of fixes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-877=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-877=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-877=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-877=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 References: https://bugzilla.suse.com/978459 From sle-updates at lists.suse.com Thu Jun 2 10:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 18:08:33 +0200 (CEST) Subject: SUSE-RU-2016:1478-1: important: Recommended update for samba Message-ID: <20160602160833.E67EFFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1478-1 Rating: important References: #977669 #979268 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Samba provides the following fixes: - Fix libads' record session expiry for spnego sasl binds. (bsc#979268) - Fix NT_STATUS_ACCESS_DENIED when accessing windows public share. - Only validate MIC if "map to guest" is not being used. - NetAPP SMB servers don't negotiate NTLMSSP_SIGN. (bsc#977669) - Fix non-working anonymous smb connections. - Handle broken mechListMIC response from Windows 2000. - wbinfo -u or net ads search doesn't work anymore. - Fix regressions regarding the NTLMSSP hardening of CVE-2016-2110. - Allow Domain member resolve trusted domains' users. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-878=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-878=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-878=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-878=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-18.20.1 ctdb-devel-4.2.4-18.20.1 libdcerpc-atsvc-devel-4.2.4-18.20.1 libdcerpc-atsvc0-4.2.4-18.20.1 libdcerpc-atsvc0-debuginfo-4.2.4-18.20.1 libdcerpc-devel-4.2.4-18.20.1 libdcerpc-samr-devel-4.2.4-18.20.1 libdcerpc-samr0-4.2.4-18.20.1 libdcerpc-samr0-debuginfo-4.2.4-18.20.1 libgensec-devel-4.2.4-18.20.1 libndr-devel-4.2.4-18.20.1 libndr-krb5pac-devel-4.2.4-18.20.1 libndr-nbt-devel-4.2.4-18.20.1 libndr-standard-devel-4.2.4-18.20.1 libnetapi-devel-4.2.4-18.20.1 libregistry-devel-4.2.4-18.20.1 libsamba-credentials-devel-4.2.4-18.20.1 libsamba-hostconfig-devel-4.2.4-18.20.1 libsamba-passdb-devel-4.2.4-18.20.1 libsamba-policy-devel-4.2.4-18.20.1 libsamba-policy0-4.2.4-18.20.1 libsamba-policy0-debuginfo-4.2.4-18.20.1 libsamba-util-devel-4.2.4-18.20.1 libsamdb-devel-4.2.4-18.20.1 libsmbclient-devel-4.2.4-18.20.1 libsmbclient-raw-devel-4.2.4-18.20.1 libsmbconf-devel-4.2.4-18.20.1 libsmbldap-devel-4.2.4-18.20.1 libtevent-util-devel-4.2.4-18.20.1 libwbclient-devel-4.2.4-18.20.1 samba-core-devel-4.2.4-18.20.1 samba-debuginfo-4.2.4-18.20.1 samba-debugsource-4.2.4-18.20.1 samba-test-devel-4.2.4-18.20.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-4.2.4-18.20.1 libdcerpc0-4.2.4-18.20.1 libdcerpc0-debuginfo-4.2.4-18.20.1 libgensec0-4.2.4-18.20.1 libgensec0-debuginfo-4.2.4-18.20.1 libndr-krb5pac0-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-4.2.4-18.20.1 libndr-nbt0-4.2.4-18.20.1 libndr-nbt0-debuginfo-4.2.4-18.20.1 libndr-standard0-4.2.4-18.20.1 libndr-standard0-debuginfo-4.2.4-18.20.1 libndr0-4.2.4-18.20.1 libndr0-debuginfo-4.2.4-18.20.1 libnetapi0-4.2.4-18.20.1 libnetapi0-debuginfo-4.2.4-18.20.1 libregistry0-4.2.4-18.20.1 libregistry0-debuginfo-4.2.4-18.20.1 libsamba-credentials0-4.2.4-18.20.1 libsamba-credentials0-debuginfo-4.2.4-18.20.1 libsamba-hostconfig0-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-4.2.4-18.20.1 libsamba-passdb0-4.2.4-18.20.1 libsamba-passdb0-debuginfo-4.2.4-18.20.1 libsamba-util0-4.2.4-18.20.1 libsamba-util0-debuginfo-4.2.4-18.20.1 libsamdb0-4.2.4-18.20.1 libsamdb0-debuginfo-4.2.4-18.20.1 libsmbclient-raw0-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-4.2.4-18.20.1 libsmbclient0-4.2.4-18.20.1 libsmbclient0-debuginfo-4.2.4-18.20.1 libsmbconf0-4.2.4-18.20.1 libsmbconf0-debuginfo-4.2.4-18.20.1 libsmbldap0-4.2.4-18.20.1 libsmbldap0-debuginfo-4.2.4-18.20.1 libtevent-util0-4.2.4-18.20.1 libtevent-util0-debuginfo-4.2.4-18.20.1 libwbclient0-4.2.4-18.20.1 libwbclient0-debuginfo-4.2.4-18.20.1 samba-4.2.4-18.20.1 samba-client-4.2.4-18.20.1 samba-client-debuginfo-4.2.4-18.20.1 samba-debuginfo-4.2.4-18.20.1 samba-debugsource-4.2.4-18.20.1 samba-libs-4.2.4-18.20.1 samba-libs-debuginfo-4.2.4-18.20.1 samba-winbind-4.2.4-18.20.1 samba-winbind-debuginfo-4.2.4-18.20.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.20.1 libdcerpc0-32bit-4.2.4-18.20.1 libdcerpc0-debuginfo-32bit-4.2.4-18.20.1 libgensec0-32bit-4.2.4-18.20.1 libgensec0-debuginfo-32bit-4.2.4-18.20.1 libndr-krb5pac0-32bit-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.20.1 libndr-nbt0-32bit-4.2.4-18.20.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.20.1 libndr-standard0-32bit-4.2.4-18.20.1 libndr-standard0-debuginfo-32bit-4.2.4-18.20.1 libndr0-32bit-4.2.4-18.20.1 libndr0-debuginfo-32bit-4.2.4-18.20.1 libnetapi0-32bit-4.2.4-18.20.1 libnetapi0-debuginfo-32bit-4.2.4-18.20.1 libsamba-credentials0-32bit-4.2.4-18.20.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.20.1 libsamba-hostconfig0-32bit-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.20.1 libsamba-passdb0-32bit-4.2.4-18.20.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.20.1 libsamba-util0-32bit-4.2.4-18.20.1 libsamba-util0-debuginfo-32bit-4.2.4-18.20.1 libsamdb0-32bit-4.2.4-18.20.1 libsamdb0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient-raw0-32bit-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient0-32bit-4.2.4-18.20.1 libsmbclient0-debuginfo-32bit-4.2.4-18.20.1 libsmbconf0-32bit-4.2.4-18.20.1 libsmbconf0-debuginfo-32bit-4.2.4-18.20.1 libsmbldap0-32bit-4.2.4-18.20.1 libsmbldap0-debuginfo-32bit-4.2.4-18.20.1 libtevent-util0-32bit-4.2.4-18.20.1 libtevent-util0-debuginfo-32bit-4.2.4-18.20.1 libwbclient0-32bit-4.2.4-18.20.1 libwbclient0-debuginfo-32bit-4.2.4-18.20.1 samba-32bit-4.2.4-18.20.1 samba-client-32bit-4.2.4-18.20.1 samba-client-debuginfo-32bit-4.2.4-18.20.1 samba-debuginfo-32bit-4.2.4-18.20.1 samba-libs-32bit-4.2.4-18.20.1 samba-libs-debuginfo-32bit-4.2.4-18.20.1 samba-winbind-32bit-4.2.4-18.20.1 samba-winbind-debuginfo-32bit-4.2.4-18.20.1 - SUSE Linux Enterprise Server 12 (noarch): samba-doc-4.2.4-18.20.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.20.1 ctdb-debuginfo-4.2.4-18.20.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libdcerpc-binding0-32bit-4.2.4-18.20.1 libdcerpc-binding0-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-4.2.4-18.20.1 libdcerpc0-32bit-4.2.4-18.20.1 libdcerpc0-4.2.4-18.20.1 libdcerpc0-debuginfo-32bit-4.2.4-18.20.1 libdcerpc0-debuginfo-4.2.4-18.20.1 libgensec0-32bit-4.2.4-18.20.1 libgensec0-4.2.4-18.20.1 libgensec0-debuginfo-32bit-4.2.4-18.20.1 libgensec0-debuginfo-4.2.4-18.20.1 libndr-krb5pac0-32bit-4.2.4-18.20.1 libndr-krb5pac0-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-4.2.4-18.20.1 libndr-nbt0-32bit-4.2.4-18.20.1 libndr-nbt0-4.2.4-18.20.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.20.1 libndr-nbt0-debuginfo-4.2.4-18.20.1 libndr-standard0-32bit-4.2.4-18.20.1 libndr-standard0-4.2.4-18.20.1 libndr-standard0-debuginfo-32bit-4.2.4-18.20.1 libndr-standard0-debuginfo-4.2.4-18.20.1 libndr0-32bit-4.2.4-18.20.1 libndr0-4.2.4-18.20.1 libndr0-debuginfo-32bit-4.2.4-18.20.1 libndr0-debuginfo-4.2.4-18.20.1 libnetapi0-32bit-4.2.4-18.20.1 libnetapi0-4.2.4-18.20.1 libnetapi0-debuginfo-32bit-4.2.4-18.20.1 libnetapi0-debuginfo-4.2.4-18.20.1 libregistry0-4.2.4-18.20.1 libregistry0-debuginfo-4.2.4-18.20.1 libsamba-credentials0-32bit-4.2.4-18.20.1 libsamba-credentials0-4.2.4-18.20.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.20.1 libsamba-credentials0-debuginfo-4.2.4-18.20.1 libsamba-hostconfig0-32bit-4.2.4-18.20.1 libsamba-hostconfig0-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-4.2.4-18.20.1 libsamba-passdb0-32bit-4.2.4-18.20.1 libsamba-passdb0-4.2.4-18.20.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.20.1 libsamba-passdb0-debuginfo-4.2.4-18.20.1 libsamba-util0-32bit-4.2.4-18.20.1 libsamba-util0-4.2.4-18.20.1 libsamba-util0-debuginfo-32bit-4.2.4-18.20.1 libsamba-util0-debuginfo-4.2.4-18.20.1 libsamdb0-32bit-4.2.4-18.20.1 libsamdb0-4.2.4-18.20.1 libsamdb0-debuginfo-32bit-4.2.4-18.20.1 libsamdb0-debuginfo-4.2.4-18.20.1 libsmbclient-raw0-32bit-4.2.4-18.20.1 libsmbclient-raw0-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-4.2.4-18.20.1 libsmbclient0-32bit-4.2.4-18.20.1 libsmbclient0-4.2.4-18.20.1 libsmbclient0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient0-debuginfo-4.2.4-18.20.1 libsmbconf0-32bit-4.2.4-18.20.1 libsmbconf0-4.2.4-18.20.1 libsmbconf0-debuginfo-32bit-4.2.4-18.20.1 libsmbconf0-debuginfo-4.2.4-18.20.1 libsmbldap0-32bit-4.2.4-18.20.1 libsmbldap0-4.2.4-18.20.1 libsmbldap0-debuginfo-32bit-4.2.4-18.20.1 libsmbldap0-debuginfo-4.2.4-18.20.1 libtevent-util0-32bit-4.2.4-18.20.1 libtevent-util0-4.2.4-18.20.1 libtevent-util0-debuginfo-32bit-4.2.4-18.20.1 libtevent-util0-debuginfo-4.2.4-18.20.1 libwbclient0-32bit-4.2.4-18.20.1 libwbclient0-4.2.4-18.20.1 libwbclient0-debuginfo-32bit-4.2.4-18.20.1 libwbclient0-debuginfo-4.2.4-18.20.1 samba-32bit-4.2.4-18.20.1 samba-4.2.4-18.20.1 samba-client-32bit-4.2.4-18.20.1 samba-client-4.2.4-18.20.1 samba-client-debuginfo-32bit-4.2.4-18.20.1 samba-client-debuginfo-4.2.4-18.20.1 samba-debuginfo-32bit-4.2.4-18.20.1 samba-debuginfo-4.2.4-18.20.1 samba-debugsource-4.2.4-18.20.1 samba-libs-32bit-4.2.4-18.20.1 samba-libs-4.2.4-18.20.1 samba-libs-debuginfo-32bit-4.2.4-18.20.1 samba-libs-debuginfo-4.2.4-18.20.1 samba-winbind-32bit-4.2.4-18.20.1 samba-winbind-4.2.4-18.20.1 samba-winbind-debuginfo-32bit-4.2.4-18.20.1 samba-winbind-debuginfo-4.2.4-18.20.1 - SUSE Linux Enterprise Desktop 12 (noarch): samba-doc-4.2.4-18.20.1 References: https://bugzilla.suse.com/977669 https://bugzilla.suse.com/979268 From sle-updates at lists.suse.com Thu Jun 2 10:09:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 18:09:04 +0200 (CEST) Subject: SUSE-RU-2016:1479-1: important: Recommended update for samba Message-ID: <20160602160904.B00BCFF72@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1479-1 Rating: important References: #977669 #979268 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Samba provides the following fixes: - Fix libads' record session expiry for spnego sasl binds. (bsc#979268) - Fix NT_STATUS_ACCESS_DENIED when accessing windows public share. - Only validate MIC if "map to guest" is not being used. - NetAPP SMB servers don't negotiate NTLMSSP_SIGN. (bsc#977669) - Fix non-working anonymous smb connections. - Handle broken mechListMIC response from Windows 2000. - wbinfo -u or net ads search doesn't work anymore. - Fix regressions regarding the NTLMSSP hardening of CVE-2016-2110. - Allow Domain member resolve trusted domains' users. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-879=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-879=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-879=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-879=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-19.1 ctdb-devel-4.2.4-19.1 libdcerpc-atsvc-devel-4.2.4-19.1 libdcerpc-atsvc0-4.2.4-19.1 libdcerpc-atsvc0-debuginfo-4.2.4-19.1 libdcerpc-devel-4.2.4-19.1 libdcerpc-samr-devel-4.2.4-19.1 libdcerpc-samr0-4.2.4-19.1 libdcerpc-samr0-debuginfo-4.2.4-19.1 libgensec-devel-4.2.4-19.1 libndr-devel-4.2.4-19.1 libndr-krb5pac-devel-4.2.4-19.1 libndr-nbt-devel-4.2.4-19.1 libndr-standard-devel-4.2.4-19.1 libnetapi-devel-4.2.4-19.1 libregistry-devel-4.2.4-19.1 libsamba-credentials-devel-4.2.4-19.1 libsamba-hostconfig-devel-4.2.4-19.1 libsamba-passdb-devel-4.2.4-19.1 libsamba-policy-devel-4.2.4-19.1 libsamba-policy0-4.2.4-19.1 libsamba-policy0-debuginfo-4.2.4-19.1 libsamba-util-devel-4.2.4-19.1 libsamdb-devel-4.2.4-19.1 libsmbclient-devel-4.2.4-19.1 libsmbclient-raw-devel-4.2.4-19.1 libsmbconf-devel-4.2.4-19.1 libsmbldap-devel-4.2.4-19.1 libtevent-util-devel-4.2.4-19.1 libwbclient-devel-4.2.4-19.1 samba-core-devel-4.2.4-19.1 samba-debuginfo-4.2.4-19.1 samba-debugsource-4.2.4-19.1 samba-test-devel-4.2.4-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-19.1 libdcerpc-binding0-debuginfo-4.2.4-19.1 libdcerpc0-4.2.4-19.1 libdcerpc0-debuginfo-4.2.4-19.1 libgensec0-4.2.4-19.1 libgensec0-debuginfo-4.2.4-19.1 libndr-krb5pac0-4.2.4-19.1 libndr-krb5pac0-debuginfo-4.2.4-19.1 libndr-nbt0-4.2.4-19.1 libndr-nbt0-debuginfo-4.2.4-19.1 libndr-standard0-4.2.4-19.1 libndr-standard0-debuginfo-4.2.4-19.1 libndr0-4.2.4-19.1 libndr0-debuginfo-4.2.4-19.1 libnetapi0-4.2.4-19.1 libnetapi0-debuginfo-4.2.4-19.1 libregistry0-4.2.4-19.1 libregistry0-debuginfo-4.2.4-19.1 libsamba-credentials0-4.2.4-19.1 libsamba-credentials0-debuginfo-4.2.4-19.1 libsamba-hostconfig0-4.2.4-19.1 libsamba-hostconfig0-debuginfo-4.2.4-19.1 libsamba-passdb0-4.2.4-19.1 libsamba-passdb0-debuginfo-4.2.4-19.1 libsamba-util0-4.2.4-19.1 libsamba-util0-debuginfo-4.2.4-19.1 libsamdb0-4.2.4-19.1 libsamdb0-debuginfo-4.2.4-19.1 libsmbclient-raw0-4.2.4-19.1 libsmbclient-raw0-debuginfo-4.2.4-19.1 libsmbclient0-4.2.4-19.1 libsmbclient0-debuginfo-4.2.4-19.1 libsmbconf0-4.2.4-19.1 libsmbconf0-debuginfo-4.2.4-19.1 libsmbldap0-4.2.4-19.1 libsmbldap0-debuginfo-4.2.4-19.1 libtevent-util0-4.2.4-19.1 libtevent-util0-debuginfo-4.2.4-19.1 libwbclient0-4.2.4-19.1 libwbclient0-debuginfo-4.2.4-19.1 samba-4.2.4-19.1 samba-client-4.2.4-19.1 samba-client-debuginfo-4.2.4-19.1 samba-debuginfo-4.2.4-19.1 samba-debugsource-4.2.4-19.1 samba-libs-4.2.4-19.1 samba-libs-debuginfo-4.2.4-19.1 samba-winbind-4.2.4-19.1 samba-winbind-debuginfo-4.2.4-19.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-19.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-19.1 libdcerpc0-32bit-4.2.4-19.1 libdcerpc0-debuginfo-32bit-4.2.4-19.1 libgensec0-32bit-4.2.4-19.1 libgensec0-debuginfo-32bit-4.2.4-19.1 libndr-krb5pac0-32bit-4.2.4-19.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-19.1 libndr-nbt0-32bit-4.2.4-19.1 libndr-nbt0-debuginfo-32bit-4.2.4-19.1 libndr-standard0-32bit-4.2.4-19.1 libndr-standard0-debuginfo-32bit-4.2.4-19.1 libndr0-32bit-4.2.4-19.1 libndr0-debuginfo-32bit-4.2.4-19.1 libnetapi0-32bit-4.2.4-19.1 libnetapi0-debuginfo-32bit-4.2.4-19.1 libsamba-credentials0-32bit-4.2.4-19.1 libsamba-credentials0-debuginfo-32bit-4.2.4-19.1 libsamba-hostconfig0-32bit-4.2.4-19.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-19.1 libsamba-passdb0-32bit-4.2.4-19.1 libsamba-passdb0-debuginfo-32bit-4.2.4-19.1 libsamba-util0-32bit-4.2.4-19.1 libsamba-util0-debuginfo-32bit-4.2.4-19.1 libsamdb0-32bit-4.2.4-19.1 libsamdb0-debuginfo-32bit-4.2.4-19.1 libsmbclient-raw0-32bit-4.2.4-19.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-19.1 libsmbclient0-32bit-4.2.4-19.1 libsmbclient0-debuginfo-32bit-4.2.4-19.1 libsmbconf0-32bit-4.2.4-19.1 libsmbconf0-debuginfo-32bit-4.2.4-19.1 libsmbldap0-32bit-4.2.4-19.1 libsmbldap0-debuginfo-32bit-4.2.4-19.1 libtevent-util0-32bit-4.2.4-19.1 libtevent-util0-debuginfo-32bit-4.2.4-19.1 libwbclient0-32bit-4.2.4-19.1 libwbclient0-debuginfo-32bit-4.2.4-19.1 samba-32bit-4.2.4-19.1 samba-client-32bit-4.2.4-19.1 samba-client-debuginfo-32bit-4.2.4-19.1 samba-debuginfo-32bit-4.2.4-19.1 samba-libs-32bit-4.2.4-19.1 samba-libs-debuginfo-32bit-4.2.4-19.1 samba-winbind-32bit-4.2.4-19.1 samba-winbind-debuginfo-32bit-4.2.4-19.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-19.1 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): ctdb-4.2.4-19.1 ctdb-debuginfo-4.2.4-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-19.1 libdcerpc-binding0-4.2.4-19.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-19.1 libdcerpc-binding0-debuginfo-4.2.4-19.1 libdcerpc0-32bit-4.2.4-19.1 libdcerpc0-4.2.4-19.1 libdcerpc0-debuginfo-32bit-4.2.4-19.1 libdcerpc0-debuginfo-4.2.4-19.1 libgensec0-32bit-4.2.4-19.1 libgensec0-4.2.4-19.1 libgensec0-debuginfo-32bit-4.2.4-19.1 libgensec0-debuginfo-4.2.4-19.1 libndr-krb5pac0-32bit-4.2.4-19.1 libndr-krb5pac0-4.2.4-19.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-19.1 libndr-krb5pac0-debuginfo-4.2.4-19.1 libndr-nbt0-32bit-4.2.4-19.1 libndr-nbt0-4.2.4-19.1 libndr-nbt0-debuginfo-32bit-4.2.4-19.1 libndr-nbt0-debuginfo-4.2.4-19.1 libndr-standard0-32bit-4.2.4-19.1 libndr-standard0-4.2.4-19.1 libndr-standard0-debuginfo-32bit-4.2.4-19.1 libndr-standard0-debuginfo-4.2.4-19.1 libndr0-32bit-4.2.4-19.1 libndr0-4.2.4-19.1 libndr0-debuginfo-32bit-4.2.4-19.1 libndr0-debuginfo-4.2.4-19.1 libnetapi0-32bit-4.2.4-19.1 libnetapi0-4.2.4-19.1 libnetapi0-debuginfo-32bit-4.2.4-19.1 libnetapi0-debuginfo-4.2.4-19.1 libregistry0-4.2.4-19.1 libregistry0-debuginfo-4.2.4-19.1 libsamba-credentials0-32bit-4.2.4-19.1 libsamba-credentials0-4.2.4-19.1 libsamba-credentials0-debuginfo-32bit-4.2.4-19.1 libsamba-credentials0-debuginfo-4.2.4-19.1 libsamba-hostconfig0-32bit-4.2.4-19.1 libsamba-hostconfig0-4.2.4-19.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-19.1 libsamba-hostconfig0-debuginfo-4.2.4-19.1 libsamba-passdb0-32bit-4.2.4-19.1 libsamba-passdb0-4.2.4-19.1 libsamba-passdb0-debuginfo-32bit-4.2.4-19.1 libsamba-passdb0-debuginfo-4.2.4-19.1 libsamba-util0-32bit-4.2.4-19.1 libsamba-util0-4.2.4-19.1 libsamba-util0-debuginfo-32bit-4.2.4-19.1 libsamba-util0-debuginfo-4.2.4-19.1 libsamdb0-32bit-4.2.4-19.1 libsamdb0-4.2.4-19.1 libsamdb0-debuginfo-32bit-4.2.4-19.1 libsamdb0-debuginfo-4.2.4-19.1 libsmbclient-raw0-32bit-4.2.4-19.1 libsmbclient-raw0-4.2.4-19.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-19.1 libsmbclient-raw0-debuginfo-4.2.4-19.1 libsmbclient0-32bit-4.2.4-19.1 libsmbclient0-4.2.4-19.1 libsmbclient0-debuginfo-32bit-4.2.4-19.1 libsmbclient0-debuginfo-4.2.4-19.1 libsmbconf0-32bit-4.2.4-19.1 libsmbconf0-4.2.4-19.1 libsmbconf0-debuginfo-32bit-4.2.4-19.1 libsmbconf0-debuginfo-4.2.4-19.1 libsmbldap0-32bit-4.2.4-19.1 libsmbldap0-4.2.4-19.1 libsmbldap0-debuginfo-32bit-4.2.4-19.1 libsmbldap0-debuginfo-4.2.4-19.1 libtevent-util0-32bit-4.2.4-19.1 libtevent-util0-4.2.4-19.1 libtevent-util0-debuginfo-32bit-4.2.4-19.1 libtevent-util0-debuginfo-4.2.4-19.1 libwbclient0-32bit-4.2.4-19.1 libwbclient0-4.2.4-19.1 libwbclient0-debuginfo-32bit-4.2.4-19.1 libwbclient0-debuginfo-4.2.4-19.1 samba-32bit-4.2.4-19.1 samba-4.2.4-19.1 samba-client-32bit-4.2.4-19.1 samba-client-4.2.4-19.1 samba-client-debuginfo-32bit-4.2.4-19.1 samba-client-debuginfo-4.2.4-19.1 samba-debuginfo-32bit-4.2.4-19.1 samba-debuginfo-4.2.4-19.1 samba-debugsource-4.2.4-19.1 samba-libs-32bit-4.2.4-19.1 samba-libs-4.2.4-19.1 samba-libs-debuginfo-32bit-4.2.4-19.1 samba-libs-debuginfo-4.2.4-19.1 samba-winbind-32bit-4.2.4-19.1 samba-winbind-4.2.4-19.1 samba-winbind-debuginfo-32bit-4.2.4-19.1 samba-winbind-debuginfo-4.2.4-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-19.1 References: https://bugzilla.suse.com/977669 https://bugzilla.suse.com/979268 From sle-updates at lists.suse.com Thu Jun 2 15:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 23:08:38 +0200 (CEST) Subject: SUSE-RU-2016:1480-1: Recommended update for supportutils Message-ID: <20160602210838.D5292FF72@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1480-1 Rating: low References: #976358 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils provides the following fixes: - Added new SLE12 SP2 kernel taint flags. (bsc#976358) - Fixed NFS service detection. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-880=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-880=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-880=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-880=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): supportutils-3.0-77.1 - SUSE Linux Enterprise Server 12 (noarch): supportutils-3.0-77.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): supportutils-3.0-77.1 - SUSE Linux Enterprise Desktop 12 (noarch): supportutils-3.0-77.1 References: https://bugzilla.suse.com/976358 From sle-updates at lists.suse.com Fri Jun 3 05:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 13:08:22 +0200 (CEST) Subject: SUSE-SU-2016:1481-1: moderate: Security update for imlib2 Message-ID: <20160603110822.F199DFFA6@maintenance.suse.de> SUSE Security Update: Security update for imlib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1481-1 Rating: moderate References: #963797 #963800 #973759 #973761 #974202 #977538 Cross-References: CVE-2011-5326 CVE-2014-9763 CVE-2014-9764 CVE-2016-3993 CVE-2016-3994 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for imlib2 fixes the following issues: Security issues fixed: - CVE-2016-3994: Potential DOS in giflib loader (bsc#973759) - CVE-2016-3993: Off buy 1 in merge update (bsc#973761) - CVE-2014-9764: fix segmentation fault when opening specifically crafted input (bsc#963797) - CVE-2014-9763: Prevent division-by-zero crashes (bsc#963800) - CVE-2011-5326: Ellipse of width 1 triggers crashes (bsc#974202) Bugs fixed: - bsc#977538: Fix various potential crashes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-imlib2-12595=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-imlib2-12595=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): imlib2-1.4.2-2.20.1 imlib2-devel-1.4.2-2.20.1 imlib2-filters-1.4.2-2.20.1 imlib2-loaders-1.4.2-2.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): imlib2-debuginfo-1.4.2-2.20.1 imlib2-debugsource-1.4.2-2.20.1 References: https://www.suse.com/security/cve/CVE-2011-5326.html https://www.suse.com/security/cve/CVE-2014-9763.html https://www.suse.com/security/cve/CVE-2014-9764.html https://www.suse.com/security/cve/CVE-2016-3993.html https://www.suse.com/security/cve/CVE-2016-3994.html https://bugzilla.suse.com/963797 https://bugzilla.suse.com/963800 https://bugzilla.suse.com/973759 https://bugzilla.suse.com/973761 https://bugzilla.suse.com/974202 https://bugzilla.suse.com/977538 From sle-updates at lists.suse.com Fri Jun 3 09:08:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 17:08:06 +0200 (CEST) Subject: SUSE-SU-2016:1482-1: moderate: Security update for quagga Message-ID: <20160603150806.96709FFA7@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1482-1 Rating: moderate References: #977012 Cross-References: CVE-2016-4049 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-882=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-882=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-882=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 quagga-devel-0.99.22.1-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 quagga-devel-0.99.22.1-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): quagga-0.99.22.1-12.1 quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): quagga-0.99.22.1-12.1 quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 References: https://www.suse.com/security/cve/CVE-2016-4049.html https://bugzilla.suse.com/977012 From sle-updates at lists.suse.com Fri Jun 3 09:08:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 17:08:23 +0200 (CEST) Subject: SUSE-SU-2016:1483-1: moderate: Security update for quagga Message-ID: <20160603150823.20D0BFFA6@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1483-1 Rating: moderate References: #977012 Cross-References: CVE-2016-4049 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-quagga-12596=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-quagga-12596=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-quagga-12596=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-devel-0.99.15-0.24.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): quagga-0.99.15-0.24.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-0.99.15-0.24.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-debuginfo-0.99.15-0.24.2 quagga-debugsource-0.99.15-0.24.2 References: https://www.suse.com/security/cve/CVE-2016-4049.html https://bugzilla.suse.com/977012 From sle-updates at lists.suse.com Fri Jun 3 10:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 18:07:49 +0200 (CEST) Subject: SUSE-RU-2016:1484-1: Recommended update for SUSEConnect and zypper-migration-plugin Message-ID: <20160603160749.55510FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect and zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1484-1 Rating: low References: #972688 #973315 #973851 #973886 #975485 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SUSEConnect and zypper-migration-plugin provides fixes and enhancements. SUSEConnect: - Implement more flexible exit codes handling in internal zypper calls. (bsc#973851) - Direct update from versions older than 0.2.27 does not remove /usr/bin symlink. (bsc#973315) zypper-migration-plugin: - Improve help text for --download-only option. (bsc#973886) - Call rollback only if release package can't be installed. - Improve error messages. (bsc#975485) - Add zypper-migration.8 man page. (bsc#972688) - Install release packages and call SUSEConnect rollback before getting migration target. (fate#320533) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-884=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-884=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): SUSEConnect-0.2.36-9.19.1 - SUSE Linux Enterprise Server 12 (noarch): zypper-migration-plugin-0.9-13.1 - SUSE Linux Enterprise Desktop 12 (noarch): zypper-migration-plugin-0.9-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): SUSEConnect-0.2.36-9.19.1 References: https://bugzilla.suse.com/972688 https://bugzilla.suse.com/973315 https://bugzilla.suse.com/973851 https://bugzilla.suse.com/973886 https://bugzilla.suse.com/975485 From sle-updates at lists.suse.com Fri Jun 3 10:08:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 18:08:34 +0200 (CEST) Subject: SUSE-RU-2016:1485-1: Recommended update for SUSEConnect and zypper-migration-plugin Message-ID: <20160603160835.01036FF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect and zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1485-1 Rating: low References: #972688 #973315 #973851 #973886 #975485 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SUSEConnect and zypper-migration-plugin provides fixes and enhancements. SUSEConnect: - Implement more flexible exit codes handling in internal zypper calls. (bsc#973851) - Direct update from versions older than 0.2.27 does not remove /usr/bin symlink. (bsc#973315) zypper-migration-plugin: - Improve help text for --download-only option. (bsc#973886) - Call rollback only if release package can't be installed. - Improve error messages. (bsc#975485) - Add zypper-migration.8 man page. (bsc#972688) - Install release packages and call SUSEConnect rollback before getting migration target. (fate#320533) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-885=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-885=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): SUSEConnect-0.2.36-15.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): zypper-migration-plugin-0.9-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): SUSEConnect-0.2.36-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): zypper-migration-plugin-0.9-6.1 References: https://bugzilla.suse.com/972688 https://bugzilla.suse.com/973315 https://bugzilla.suse.com/973851 https://bugzilla.suse.com/973886 https://bugzilla.suse.com/975485 From sle-updates at lists.suse.com Fri Jun 3 13:07:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 21:07:52 +0200 (CEST) Subject: SUSE-RU-2016:1486-1: moderate: Recommended update for yast2-cluster Message-ID: <20160603190752.25756FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1486-1 Rating: moderate References: #971961 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issue: - Fix error when using ipv6 (bsc#971961) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-886=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): yast2-cluster-3.1.19-8.6 References: https://bugzilla.suse.com/971961 From sle-updates at lists.suse.com Fri Jun 3 13:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 21:08:07 +0200 (CEST) Subject: SUSE-RU-2016:1487-1: moderate: Recommended update for the SUSE Linux Enterprise Containers module Message-ID: <20160603190807.02B16FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Linux Enterprise Containers module ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1487-1 Rating: moderate References: #939702 #980707 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update adjusts the product definitions of the Containers module on ppc64le, allowing it's installation on top of the upcoming Service Packs for SLE 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-888=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le): sle-module-containers-release-12-5.1 References: https://bugzilla.suse.com/939702 https://bugzilla.suse.com/980707 From sle-updates at lists.suse.com Fri Jun 3 13:08:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 21:08:32 +0200 (CEST) Subject: SUSE-RU-2016:1488-1: moderate: Recommended update for yast2-cluster Message-ID: <20160603190832.58C52FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1488-1 Rating: moderate References: #971961 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issue: - Fix error when using ipv6 (bsc#971961) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-887=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): yast2-cluster-3.1.23-9.1 References: https://bugzilla.suse.com/971961 From sle-updates at lists.suse.com Sat Jun 4 04:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jun 2016 12:07:56 +0200 (CEST) Subject: SUSE-SU-2016:1490-1: important: Security update for Chromium Message-ID: <20160604100756.91CFCFF6C@maintenance.suse.de> SUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1490-1 Rating: important References: #982719 Cross-References: CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Chromium was updated to 51.0.2704.79 to fix a number of security issues. [boo#982719] - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-51.0.2704.79-81.1 chromedriver-debuginfo-51.0.2704.79-81.1 chromium-51.0.2704.79-81.1 chromium-debuginfo-51.0.2704.79-81.1 chromium-debugsource-51.0.2704.79-81.1 chromium-desktop-gnome-51.0.2704.79-81.1 chromium-desktop-kde-51.0.2704.79-81.1 chromium-ffmpegsumo-51.0.2704.79-81.1 chromium-ffmpegsumo-debuginfo-51.0.2704.79-81.1 References: https://www.suse.com/security/cve/CVE-2016-1696.html https://www.suse.com/security/cve/CVE-2016-1697.html https://www.suse.com/security/cve/CVE-2016-1698.html https://www.suse.com/security/cve/CVE-2016-1699.html https://www.suse.com/security/cve/CVE-2016-1700.html https://www.suse.com/security/cve/CVE-2016-1701.html https://www.suse.com/security/cve/CVE-2016-1702.html https://www.suse.com/security/cve/CVE-2016-1703.html https://bugzilla.suse.com/982719 From sle-updates at lists.suse.com Mon Jun 6 04:07:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 12:07:59 +0200 (CEST) Subject: SUSE-RU-2016:1498-1: important: Recommended update for crowbar-barclamp-provisioner Message-ID: <20160606100759.3A9A4FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-provisioner ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1498-1 Rating: important References: #962397 #968251 #980569 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes a regression introduced with the latest ntp update. (bsc#980569) Additionally the following issues have been fixed: - Use ntpdate on systems with newer ntpd. (bsc#980569) - Add common glance user+group. (bsc#968251) - Workaround random mksquashfs race. (bsc#962397) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-provisioner-12597=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-provisioner-1.9+git.1464107184.da59cc1-12.1 References: https://bugzilla.suse.com/962397 https://bugzilla.suse.com/968251 https://bugzilla.suse.com/980569 From sle-updates at lists.suse.com Mon Jun 6 04:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 12:09:05 +0200 (CEST) Subject: SUSE-RU-2016:1501-1: Recommended update for mailx Message-ID: <20160606100905.6414AFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailx ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1501-1 Rating: low References: #974561 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mailx fixes the following issues: - Correct parenthese expansion to fulfill natural order (bsc#974561) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-890=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-890=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-890=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 - SUSE Linux Enterprise Desktop 12 (x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 References: https://bugzilla.suse.com/974561 From sle-updates at lists.suse.com Mon Jun 6 07:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 15:07:41 +0200 (CEST) Subject: SUSE-RU-2016:1502-1: Recommended update for openCryptoki Message-ID: <20160606130741.606EAFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1502-1 Rating: low References: #963612 #982287 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openCryptoki fixes the following issues: - C_SignInit fails with CKR_MECHANISM_INVALID when CKM_DSA_SHA1 or CKM_ECDSA_SHA1 are used. (bsc#963612) - Wrapped "Requires: libica2-devel" in %ifarch for s390 and s390x. (bsc#982287) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-892=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-892=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): openCryptoki-debuginfo-3.2-8.1 openCryptoki-debugsource-3.2-8.1 openCryptoki-devel-3.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390 s390x x86_64): openCryptoki-3.2-8.1 openCryptoki-debuginfo-3.2-8.1 openCryptoki-debugsource-3.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openCryptoki-64bit-3.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (s390): openCryptoki-32bit-3.2-8.1 References: https://bugzilla.suse.com/963612 https://bugzilla.suse.com/982287 From sle-updates at lists.suse.com Mon Jun 6 09:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 17:07:49 +0200 (CEST) Subject: SUSE-OU-2016:1503-1: Optional update for wayland Message-ID: <20160606150749.5AC52FF5F@maintenance.suse.de> SUSE Optional Update: Optional update for wayland ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1503-1 Rating: low References: #960181 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds Wayland libraries to SUSE Linux Software Development Kit 12 SP1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-894=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-894=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-894=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-894=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-894=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-894=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-894=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-894=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 wayland-devel-1.2.1-10.1 wayland-devel-debuginfo-1.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wayland-debugsource-1.2.1-10.1 wayland-devel-1.2.1-10.1 wayland-devel-debuginfo-1.2.1-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 References: https://bugzilla.suse.com/960181 From sle-updates at lists.suse.com Mon Jun 6 13:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 21:07:42 +0200 (CEST) Subject: SUSE-SU-2016:1504-1: moderate: Security update for php5 Message-ID: <20160606190742.A2BE1FF5D@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1504-1 Rating: moderate References: #977991 #977994 #978827 #978828 #978829 #978830 #980366 #980373 #980375 Cross-References: CVE-2015-4116 CVE-2015-8873 CVE-2015-8874 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-895=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-895=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-895=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-59.2 php5-debugsource-5.5.14-59.2 php5-devel-5.5.14-59.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-59.2 php5-debugsource-5.5.14-59.2 php5-devel-5.5.14-59.2 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-59.2 apache2-mod_php5-debuginfo-5.5.14-59.2 php5-5.5.14-59.2 php5-bcmath-5.5.14-59.2 php5-bcmath-debuginfo-5.5.14-59.2 php5-bz2-5.5.14-59.2 php5-bz2-debuginfo-5.5.14-59.2 php5-calendar-5.5.14-59.2 php5-calendar-debuginfo-5.5.14-59.2 php5-ctype-5.5.14-59.2 php5-ctype-debuginfo-5.5.14-59.2 php5-curl-5.5.14-59.2 php5-curl-debuginfo-5.5.14-59.2 php5-dba-5.5.14-59.2 php5-dba-debuginfo-5.5.14-59.2 php5-debuginfo-5.5.14-59.2 php5-debugsource-5.5.14-59.2 php5-dom-5.5.14-59.2 php5-dom-debuginfo-5.5.14-59.2 php5-enchant-5.5.14-59.2 php5-enchant-debuginfo-5.5.14-59.2 php5-exif-5.5.14-59.2 php5-exif-debuginfo-5.5.14-59.2 php5-fastcgi-5.5.14-59.2 php5-fastcgi-debuginfo-5.5.14-59.2 php5-fileinfo-5.5.14-59.2 php5-fileinfo-debuginfo-5.5.14-59.2 php5-fpm-5.5.14-59.2 php5-fpm-debuginfo-5.5.14-59.2 php5-ftp-5.5.14-59.2 php5-ftp-debuginfo-5.5.14-59.2 php5-gd-5.5.14-59.2 php5-gd-debuginfo-5.5.14-59.2 php5-gettext-5.5.14-59.2 php5-gettext-debuginfo-5.5.14-59.2 php5-gmp-5.5.14-59.2 php5-gmp-debuginfo-5.5.14-59.2 php5-iconv-5.5.14-59.2 php5-iconv-debuginfo-5.5.14-59.2 php5-intl-5.5.14-59.2 php5-intl-debuginfo-5.5.14-59.2 php5-json-5.5.14-59.2 php5-json-debuginfo-5.5.14-59.2 php5-ldap-5.5.14-59.2 php5-ldap-debuginfo-5.5.14-59.2 php5-mbstring-5.5.14-59.2 php5-mbstring-debuginfo-5.5.14-59.2 php5-mcrypt-5.5.14-59.2 php5-mcrypt-debuginfo-5.5.14-59.2 php5-mysql-5.5.14-59.2 php5-mysql-debuginfo-5.5.14-59.2 php5-odbc-5.5.14-59.2 php5-odbc-debuginfo-5.5.14-59.2 php5-opcache-5.5.14-59.2 php5-opcache-debuginfo-5.5.14-59.2 php5-openssl-5.5.14-59.2 php5-openssl-debuginfo-5.5.14-59.2 php5-pcntl-5.5.14-59.2 php5-pcntl-debuginfo-5.5.14-59.2 php5-pdo-5.5.14-59.2 php5-pdo-debuginfo-5.5.14-59.2 php5-pgsql-5.5.14-59.2 php5-pgsql-debuginfo-5.5.14-59.2 php5-phar-5.5.14-59.2 php5-phar-debuginfo-5.5.14-59.2 php5-posix-5.5.14-59.2 php5-posix-debuginfo-5.5.14-59.2 php5-pspell-5.5.14-59.2 php5-pspell-debuginfo-5.5.14-59.2 php5-shmop-5.5.14-59.2 php5-shmop-debuginfo-5.5.14-59.2 php5-snmp-5.5.14-59.2 php5-snmp-debuginfo-5.5.14-59.2 php5-soap-5.5.14-59.2 php5-soap-debuginfo-5.5.14-59.2 php5-sockets-5.5.14-59.2 php5-sockets-debuginfo-5.5.14-59.2 php5-sqlite-5.5.14-59.2 php5-sqlite-debuginfo-5.5.14-59.2 php5-suhosin-5.5.14-59.2 php5-suhosin-debuginfo-5.5.14-59.2 php5-sysvmsg-5.5.14-59.2 php5-sysvmsg-debuginfo-5.5.14-59.2 php5-sysvsem-5.5.14-59.2 php5-sysvsem-debuginfo-5.5.14-59.2 php5-sysvshm-5.5.14-59.2 php5-sysvshm-debuginfo-5.5.14-59.2 php5-tokenizer-5.5.14-59.2 php5-tokenizer-debuginfo-5.5.14-59.2 php5-wddx-5.5.14-59.2 php5-wddx-debuginfo-5.5.14-59.2 php5-xmlreader-5.5.14-59.2 php5-xmlreader-debuginfo-5.5.14-59.2 php5-xmlrpc-5.5.14-59.2 php5-xmlrpc-debuginfo-5.5.14-59.2 php5-xmlwriter-5.5.14-59.2 php5-xmlwriter-debuginfo-5.5.14-59.2 php5-xsl-5.5.14-59.2 php5-xsl-debuginfo-5.5.14-59.2 php5-zip-5.5.14-59.2 php5-zip-debuginfo-5.5.14-59.2 php5-zlib-5.5.14-59.2 php5-zlib-debuginfo-5.5.14-59.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-59.2 References: https://www.suse.com/security/cve/CVE-2015-4116.html https://www.suse.com/security/cve/CVE-2015-8873.html https://www.suse.com/security/cve/CVE-2015-8874.html https://www.suse.com/security/cve/CVE-2016-4342.html https://www.suse.com/security/cve/CVE-2016-4346.html https://www.suse.com/security/cve/CVE-2016-4537.html https://www.suse.com/security/cve/CVE-2016-4538.html https://www.suse.com/security/cve/CVE-2016-4539.html https://www.suse.com/security/cve/CVE-2016-4540.html https://www.suse.com/security/cve/CVE-2016-4541.html https://www.suse.com/security/cve/CVE-2016-4542.html https://www.suse.com/security/cve/CVE-2016-4543.html https://www.suse.com/security/cve/CVE-2016-4544.html https://bugzilla.suse.com/977991 https://bugzilla.suse.com/977994 https://bugzilla.suse.com/978827 https://bugzilla.suse.com/978828 https://bugzilla.suse.com/978829 https://bugzilla.suse.com/978830 https://bugzilla.suse.com/980366 https://bugzilla.suse.com/980373 https://bugzilla.suse.com/980375 From sle-updates at lists.suse.com Mon Jun 6 23:07:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 07:07:37 +0200 (CEST) Subject: SUSE-RU-2016:1505-1: moderate: Recommended update for tboot Message-ID: <20160607050737.DA33CFF5D@maintenance.suse.de> SUSE Recommended Update: Recommended update for tboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1505-1 Rating: moderate References: #967441 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tboot fixes an excessive stack usage pattern that could lead to resets or crashes. (bsc#967441) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-896=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): tboot-20140728_1.8.3-3.1 tboot-debuginfo-20140728_1.8.3-3.1 tboot-debugsource-20140728_1.8.3-3.1 References: https://bugzilla.suse.com/967441 From sle-updates at lists.suse.com Tue Jun 7 05:07:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 13:07:43 +0200 (CEST) Subject: SUSE-SU-2016:1507-1: moderate: Security update for supportutils Message-ID: <20160607110744.022B5FF72@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1507-1 Rating: moderate References: #980670 Cross-References: CVE-2016-1602 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-897=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-897=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-897=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-897=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): supportutils-3.0-82.1 - SUSE Linux Enterprise Server 12 (noarch): supportutils-3.0-82.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): supportutils-3.0-82.1 - SUSE Linux Enterprise Desktop 12 (noarch): supportutils-3.0-82.1 References: https://www.suse.com/security/cve/CVE-2016-1602.html https://bugzilla.suse.com/980670 From sle-updates at lists.suse.com Tue Jun 7 05:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 13:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1508-1: important: Security update for expat Message-ID: <20160607110801.81BACFFA7@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1508-1 Rating: important References: #979441 #980391 Cross-References: CVE-2015-1283 CVE-2016-0718 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-898=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-898=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-898=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-898=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-898=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-898=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat-devel-2.1.0-17.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat-devel-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): expat-debuginfo-32bit-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): expat-debuginfo-32bit-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debuginfo-32bit-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12 (x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debuginfo-32bit-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 References: https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2016-0718.html https://bugzilla.suse.com/979441 https://bugzilla.suse.com/980391 From sle-updates at lists.suse.com Tue Jun 7 06:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 14:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1509-1: moderate: Security update for libksba Message-ID: <20160607120801.87327FF72@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1509-1 Rating: moderate References: #979261 #979906 Cross-References: CVE-2016-4574 CVE-2016-4579 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libksba-12598=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libksba-12598=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libksba-12598=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-devel-1.0.4-1.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-1.0.4-1.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-debuginfo-1.0.4-1.25.1 libksba-debugsource-1.0.4-1.25.1 References: https://www.suse.com/security/cve/CVE-2016-4574.html https://www.suse.com/security/cve/CVE-2016-4579.html https://bugzilla.suse.com/979261 https://bugzilla.suse.com/979906 From sle-updates at lists.suse.com Tue Jun 7 06:08:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 14:08:28 +0200 (CEST) Subject: SUSE-SU-2016:1510-1: moderate: Security update for libksba Message-ID: <20160607120828.9A84DFFA6@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1510-1 Rating: moderate References: #979261 #979906 Cross-References: CVE-2016-4574 CVE-2016-4579 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-900=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-900=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-900=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-900=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-900=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-900=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba-devel-1.3.0-23.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba-devel-1.3.0-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 References: https://www.suse.com/security/cve/CVE-2016-4574.html https://www.suse.com/security/cve/CVE-2016-4579.html https://bugzilla.suse.com/979261 https://bugzilla.suse.com/979906 From sle-updates at lists.suse.com Tue Jun 7 09:08:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 17:08:14 +0200 (CEST) Subject: SUSE-SU-2016:1511-1: moderate: Security update for subversion Message-ID: <20160607150814.0E2A2FF72@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1511-1 Rating: moderate References: #939517 #976849 #976850 Cross-References: CVE-2015-3187 CVE-2016-2167 CVE-2016-2168 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for subversion fixes the following issues: - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden by authz (bsc#939517) - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-12599=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-subversion-12599=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-subversion-12599=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.35.1 subversion-devel-1.6.17-1.35.1 subversion-perl-1.6.17-1.35.1 subversion-python-1.6.17-1.35.1 subversion-server-1.6.17-1.35.1 subversion-tools-1.6.17-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): subversion-debuginfo-1.6.17-1.35.1 subversion-debugsource-1.6.17-1.35.1 References: https://www.suse.com/security/cve/CVE-2015-3187.html https://www.suse.com/security/cve/CVE-2016-2167.html https://www.suse.com/security/cve/CVE-2016-2168.html https://bugzilla.suse.com/939517 https://bugzilla.suse.com/976849 https://bugzilla.suse.com/976850 From sle-updates at lists.suse.com Tue Jun 7 09:08:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 17:08:51 +0200 (CEST) Subject: SUSE-SU-2016:1512-1: important: Security update for expat Message-ID: <20160607150851.65084FFA6@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1512-1 Rating: important References: #979441 #980391 Cross-References: CVE-2015-1283 CVE-2016-0718 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-expat-12600=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-expat-12600=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-expat-12600=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-expat-12600=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libexpat-devel-2.0.1-88.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexpat-devel-2.0.1-88.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): expat-2.0.1-88.38.1 libexpat1-2.0.1-88.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.38.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libexpat1-x86-2.0.1-88.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): expat-debuginfo-2.0.1-88.38.1 expat-debugsource-2.0.1-88.38.1 References: https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2016-0718.html https://bugzilla.suse.com/979441 https://bugzilla.suse.com/980391 From sle-updates at lists.suse.com Tue Jun 7 09:09:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 17:09:18 +0200 (CEST) Subject: SUSE-RU-2016:1513-1: moderate: Recommended update for vsftpd Message-ID: <20160607150918.33866FFA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1513-1 Rating: moderate References: #935279 #941395 #968138 #969411 #970982 #972169 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: - User creation to not report errors when user already exists (bnc#972169). - Hang on pam_exec in pam.d (bnc#970982). - Memory leaks in ls.c (bnc#968138). - ? wildcard matching broken (bnc#969411). - Don't sent data after client disconnect (bnc#941395). - Fix logrotate script to not fail when vsftpd is not running (bnc#935279). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vsftpd-12601=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vsftpd-12601=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): vsftpd-2.0.7-4.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): vsftpd-debuginfo-2.0.7-4.39.1 vsftpd-debugsource-2.0.7-4.39.1 References: https://bugzilla.suse.com/935279 https://bugzilla.suse.com/941395 https://bugzilla.suse.com/968138 https://bugzilla.suse.com/969411 https://bugzilla.suse.com/970982 https://bugzilla.suse.com/972169 From sle-updates at lists.suse.com Tue Jun 7 11:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 19:07:56 +0200 (CEST) Subject: SUSE-SU-2016:1514-1: moderate: Security update for supportutils Message-ID: <20160607170756.11BEDFF72@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1514-1 Rating: moderate References: #980670 Cross-References: CVE-2016-1602 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-supportutils-12602=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): supportutils-1.20-121.1 References: https://www.suse.com/security/cve/CVE-2016-1602.html https://bugzilla.suse.com/980670 From sle-updates at lists.suse.com Tue Jun 7 12:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 20:07:45 +0200 (CEST) Subject: SUSE-RU-2016:1515-1: moderate: Recommended update for bash-completion, util-linux Message-ID: <20160607180746.00CAEFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash-completion, util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1515-1 Rating: moderate References: #880468 #889319 #903362 #903440 #903738 #905348 #922758 #923777 #924994 #931955 #940835 #940837 #943415 #946875 #947494 #949754 #950778 #953691 #954482 #956540 #958462 #959299 #963140 #963399 #970404 #972684 #975082 #976141 #977259 #977336 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 29 fixes is now available. Description: This update provides fixes and enhancements to bash-completion and util-linux. bash-completion: - Improve completion of LVM commands. (bsc#946875) - Fix completion with backticks. (bsc#940835) - Make ls completion smarter. (bsc#889319) - Avoid negative cword position counter. (bsc#922758) - Avoid trouble if restricted characters of the shell (e.g. exclamation mark) are used in PS1. (bsc#903362) - Expand variables whose value is a directory to avoid escaped dollar sign. (bsc#905348) - Remove completions conflicting with util-linux. (bsc#977259) - Improve handling of sub commands which will be expanded by backticks. (bsc#963140) - Fix completion within a directory even if local sub directories exist. (bsc#977336) - Allow completions list. (bsc#958462) - Improve handling of completions of which result in variables. (bsc#940837, bsc#959299) util-linux: - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file. (bsc#947494) - Remove incorrect --with-bashcompletiondir that breaks bash-completion, use path in bash-completion.pc instead. (bsc#977259) - Fix blkid to wipe correct area for probes with offset. (bsc#976141) - Fix and improve function of lscpu on Power Systems. (bsc#975082) - Fix crash while evaluating root of btrfs. (bsc#972684) - Make sulogin call tcfinal unconditionally. (bsc#970404) - Fixing "mount -a" for loop devices. (bsc#947494) - Prevent "mount -a" from mounting btrfs volumes multiple times. (bsc#947494) - Add support for locked root accounts in sulogin. (bsc#963399) - Remove Persistent= directive from fstrim for systemd versions older than 212. (bsc#956540, bsc#953691, bsc#954482) - Prevent colcrt buffer overflow. (bsc#949754, CVE-2015-5218) - Do not segfault when TERM is not defined or wrong. (bsc#903440) - Fix fsck -C {fd} parsing. (bsc#923777, bsc#903738) - Add patches to fix lsblk output in some situations. (bsc#943415, bsc#950778) - Fix mount point lookup (and mount -a) if the path contains //. (bsc#931955) - Follow multipath-tools partition names configuration. (bsc#880468) - Fix recognition of /dev/dm-N partitions names. (bsc#880468) - Fix lsblk -f and fdisk -l on devices with nodes in /dev subdirectory. (bsc#924994) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-905=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-905=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-905=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-905=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-905=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-905=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libuuid-devel-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libblkid-devel-2.25-24.3.2 libmount-devel-2.25-24.3.2 libsmartcols-devel-2.25-24.3.2 libuuid-devel-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): bash-completion-2.1-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libblkid1-2.25-24.3.2 libblkid1-debuginfo-2.25-24.3.2 libmount1-2.25-24.3.2 libmount1-debuginfo-2.25-24.3.2 libsmartcols1-2.25-24.3.2 libsmartcols1-debuginfo-2.25-24.3.2 libuuid1-2.25-24.3.2 libuuid1-debuginfo-2.25-24.3.2 python-libmount-2.25-24.3.3 python-libmount-debuginfo-2.25-24.3.3 python-libmount-debugsource-2.25-24.3.3 util-linux-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 util-linux-systemd-2.25-24.3.1 util-linux-systemd-debuginfo-2.25-24.3.1 util-linux-systemd-debugsource-2.25-24.3.1 uuidd-2.25-24.3.1 uuidd-debuginfo-2.25-24.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libblkid1-32bit-2.25-24.3.2 libblkid1-debuginfo-32bit-2.25-24.3.2 libmount1-32bit-2.25-24.3.2 libmount1-debuginfo-32bit-2.25-24.3.2 libuuid1-32bit-2.25-24.3.2 libuuid1-debuginfo-32bit-2.25-24.3.2 - SUSE Linux Enterprise Server 12 (noarch): bash-completion-2.1-8.1 util-linux-lang-2.25-24.3.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): bash-completion-2.1-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libblkid1-2.25-24.3.2 libblkid1-32bit-2.25-24.3.2 libblkid1-debuginfo-2.25-24.3.2 libblkid1-debuginfo-32bit-2.25-24.3.2 libmount1-2.25-24.3.2 libmount1-32bit-2.25-24.3.2 libmount1-debuginfo-2.25-24.3.2 libmount1-debuginfo-32bit-2.25-24.3.2 libsmartcols1-2.25-24.3.2 libsmartcols1-debuginfo-2.25-24.3.2 libuuid-devel-2.25-24.3.2 libuuid1-2.25-24.3.2 libuuid1-32bit-2.25-24.3.2 libuuid1-debuginfo-2.25-24.3.2 libuuid1-debuginfo-32bit-2.25-24.3.2 python-libmount-2.25-24.3.3 python-libmount-debuginfo-2.25-24.3.3 python-libmount-debugsource-2.25-24.3.3 util-linux-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 util-linux-systemd-2.25-24.3.1 util-linux-systemd-debuginfo-2.25-24.3.1 util-linux-systemd-debugsource-2.25-24.3.1 uuidd-2.25-24.3.1 uuidd-debuginfo-2.25-24.3.1 - SUSE Linux Enterprise Desktop 12 (noarch): bash-completion-2.1-8.1 util-linux-lang-2.25-24.3.2 References: https://www.suse.com/security/cve/CVE-2015-5218.html https://bugzilla.suse.com/880468 https://bugzilla.suse.com/889319 https://bugzilla.suse.com/903362 https://bugzilla.suse.com/903440 https://bugzilla.suse.com/903738 https://bugzilla.suse.com/905348 https://bugzilla.suse.com/922758 https://bugzilla.suse.com/923777 https://bugzilla.suse.com/924994 https://bugzilla.suse.com/931955 https://bugzilla.suse.com/940835 https://bugzilla.suse.com/940837 https://bugzilla.suse.com/943415 https://bugzilla.suse.com/946875 https://bugzilla.suse.com/947494 https://bugzilla.suse.com/949754 https://bugzilla.suse.com/950778 https://bugzilla.suse.com/953691 https://bugzilla.suse.com/954482 https://bugzilla.suse.com/956540 https://bugzilla.suse.com/958462 https://bugzilla.suse.com/959299 https://bugzilla.suse.com/963140 https://bugzilla.suse.com/963399 https://bugzilla.suse.com/970404 https://bugzilla.suse.com/972684 https://bugzilla.suse.com/975082 https://bugzilla.suse.com/976141 https://bugzilla.suse.com/977259 https://bugzilla.suse.com/977336 From sle-updates at lists.suse.com Wed Jun 8 08:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 16:08:56 +0200 (CEST) Subject: SUSE-SU-2016:1528-1: moderate: Security update for openssh Message-ID: <20160608140856.26381FF6E@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1528-1 Rating: moderate References: #729190 #932483 #948902 #960414 #961368 #961494 #962313 #965576 #970632 #975865 Cross-References: CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions (bsc#970632). - CVE-2016-1908: Possible fallback from untrusted to trusted X11 forwarding (bsc#962313). - CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes (bsc#975865). These non-security issues were fixed: - Correctly parse GSSAPI KEX algorithms (bsc#961368) - More verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - Fix PRNG re-seeding (bsc#960414, bsc#729190) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow empty Match blocks (bsc#961494) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-12603=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-12603=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-21.1 openssh-askpass-gnome-6.6p1-21.3 openssh-fips-6.6p1-21.1 openssh-helpers-6.6p1-21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-21.3 openssh-debuginfo-6.6p1-21.1 openssh-debugsource-6.6p1-21.1 References: https://www.suse.com/security/cve/CVE-2015-8325.html https://www.suse.com/security/cve/CVE-2016-1908.html https://www.suse.com/security/cve/CVE-2016-3115.html https://bugzilla.suse.com/729190 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/948902 https://bugzilla.suse.com/960414 https://bugzilla.suse.com/961368 https://bugzilla.suse.com/961494 https://bugzilla.suse.com/962313 https://bugzilla.suse.com/965576 https://bugzilla.suse.com/970632 https://bugzilla.suse.com/975865 From sle-updates at lists.suse.com Wed Jun 8 09:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:07:53 +0200 (CEST) Subject: SUSE-RU-2016:1529-1: Recommended update for glib2, pango Message-ID: <20160608150754.0AC94FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2, pango ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1529-1 Rating: low References: #978972 #981957 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glib2 and pango provides the following fixes: - Ignore postun/postin errors in 32bit case too. (bsc#978972) - Add missing pcre-devel dependency to glib2-devel. (bsc#981957) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glib2-pango-12605=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glib2-pango-12605=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glib2-pango-12605=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.26.1 libgio-fam-2.22.5-0.8.26.1 pango-devel-1.26.2-1.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): glib2-devel-32bit-2.22.5-0.8.26.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glib2-doc-2.22.5-0.8.26.1 pango-doc-1.26.2-1.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): pango-devel-32bit-1.26.2-1.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.26.1 glib2-doc-2.22.5-0.8.26.1 glib2-lang-2.22.5-0.8.26.1 libgio-2_0-0-2.22.5-0.8.26.1 libglib-2_0-0-2.22.5-0.8.26.1 libgmodule-2_0-0-2.22.5-0.8.26.1 libgobject-2_0-0-2.22.5-0.8.26.1 libgthread-2_0-0-2.22.5-0.8.26.1 pango-1.26.2-1.5.1 pango-doc-1.26.2-1.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.26.1 libglib-2_0-0-32bit-2.22.5-0.8.26.1 libgmodule-2_0-0-32bit-2.22.5-0.8.26.1 libgobject-2_0-0-32bit-2.22.5-0.8.26.1 libgthread-2_0-0-32bit-2.22.5-0.8.26.1 pango-32bit-1.26.2-1.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgio-2_0-0-x86-2.22.5-0.8.26.1 libglib-2_0-0-x86-2.22.5-0.8.26.1 libgmodule-2_0-0-x86-2.22.5-0.8.26.1 libgobject-2_0-0-x86-2.22.5-0.8.26.1 libgthread-2_0-0-x86-2.22.5-0.8.26.1 pango-x86-1.26.2-1.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-debuginfo-2.22.5-0.8.26.1 glib2-debugsource-2.22.5-0.8.26.1 pango-debuginfo-1.26.2-1.5.1 pango-debugsource-1.26.2-1.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): pango-debuginfo-32bit-1.26.2-1.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): pango-debuginfo-x86-1.26.2-1.5.1 References: https://bugzilla.suse.com/978972 https://bugzilla.suse.com/981957 From sle-updates at lists.suse.com Wed Jun 8 09:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:08:22 +0200 (CEST) Subject: SUSE-RU-2016:1530-1: moderate: Recommended update for Mesa Message-ID: <20160608150822.48142FF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1530-1 Rating: moderate References: #980382 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Mesa fixes the following issues: - Potential crash due to out of bounds ScreenCount check. (bsc#980382). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-907=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-907=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-907=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-907=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-907=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-907=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-907=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-devel-10.0.2-100.1 Mesa-libEGL-devel-10.0.2-100.1 Mesa-libGL-devel-10.0.2-100.1 Mesa-libGLESv1_CM-devel-10.0.2-100.1 Mesa-libGLESv1_CM1-10.0.2-100.1 Mesa-libGLESv1_CM1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-devel-10.0.2-100.1 Mesa-libGLESv3-devel-10.0.2-100.1 Mesa-libglapi-devel-10.0.2-100.1 libOSMesa-devel-10.0.2-100.1 libOSMesa9-10.0.2-100.1 libOSMesa9-debuginfo-10.0.2-100.1 libgbm-devel-10.0.2-100.1 libxatracker-devel-1.0.0-100.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): Mesa-debuginfo-32bit-10.0.2-100.1 libOSMesa9-32bit-10.0.2-100.1 libOSMesa9-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-devel-10.0.2-100.1 Mesa-libEGL-devel-10.0.2-100.1 Mesa-libGL-devel-10.0.2-100.1 Mesa-libGLESv1_CM-devel-10.0.2-100.1 Mesa-libGLESv1_CM1-10.0.2-100.1 Mesa-libGLESv1_CM1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-devel-10.0.2-100.1 Mesa-libGLESv3-devel-10.0.2-100.1 Mesa-libglapi-devel-10.0.2-100.1 libOSMesa-devel-10.0.2-100.1 libOSMesa9-10.0.2-100.1 libOSMesa9-debuginfo-10.0.2-100.1 libgbm-devel-10.0.2-100.1 libxatracker-devel-1.0.0-100.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): libOSMesa9-32bit-10.0.2-100.1 libOSMesa9-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): Mesa-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): Mesa-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): Mesa-10.0.2-100.1 Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 - SUSE Linux Enterprise Desktop 12 (x86_64): Mesa-10.0.2-100.1 Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 References: https://bugzilla.suse.com/980382 From sle-updates at lists.suse.com Wed Jun 8 09:08:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:08:39 +0200 (CEST) Subject: SUSE-RU-2016:1531-1: moderate: Recommended update for irqbalance Message-ID: <20160608150839.68177FF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1531-1 Rating: moderate References: #949276 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance fixes the following issues: - Add parameter IRQBALANCE_ARGS to sysconfig file, allowing users to pass arbitrary parameters to the daemon. (bsc#949276) - Balance correctly IRQs reappearing. (bsc#949276) - Classify PCI Sub-Class for better performance. (bsc#949276) - Continuously balance single socket systems. (bsc#949276) - Fix CPU hotplug segmentation fault. (bsc#949276) - NUMA is not available fix. (bsc#949276) - Follow latest PCI class code spec. (bsc#949276) - Make irqbalance work with Xen PV guest. (bsc#949276) - Re-calibrate some IRQ classes and levels. (bsc#949276) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-irqbalance-12604=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-irqbalance-12604=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-1.0.4-0.15.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-debuginfo-1.0.4-0.15.2 irqbalance-debugsource-1.0.4-0.15.2 References: https://bugzilla.suse.com/949276 From sle-updates at lists.suse.com Wed Jun 8 09:09:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:09:01 +0200 (CEST) Subject: SUSE-RU-2016:1532-1: moderate: Recommended update for irqbalance Message-ID: <20160608150901.8D48EFF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1532-1 Rating: moderate References: #949276 #968711 #968870 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - Fix banned IRQ balance list. (bsc#968711) - Remove unused sysconfig variable IRQBALANCE_BANNED_INTERRUPTS. (bsc#968870) - Balance correctly IRQs reappearing. (bsc#949276) - Classify PCI Sub-Class for better performance. (bsc#949276) - Follow latest PCI class code spec. (bsc#949276) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-909=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-909=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-909=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-909=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 References: https://bugzilla.suse.com/949276 https://bugzilla.suse.com/968711 https://bugzilla.suse.com/968870 From sle-updates at lists.suse.com Wed Jun 8 12:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 20:07:56 +0200 (CEST) Subject: SUSE-RU-2016:1533-1: moderate: Recommended update for gnome-packagekit Message-ID: <20160608180756.679D1FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-packagekit ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1533-1 Rating: moderate References: #939278 #946886 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Gnome PackageKit enhances handling of GPG signatures in package repositories. Users will now be asked if signatures should be installed when necessary. Additionally, it prevents the applet from asking the administrator password to early when an update requires a system reboot. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-911=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-911=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-911=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-911=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 - SUSE Linux Enterprise Server 12 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 References: https://bugzilla.suse.com/939278 https://bugzilla.suse.com/946886 From sle-updates at lists.suse.com Thu Jun 9 05:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 13:08:18 +0200 (CEST) Subject: SUSE-RU-2016:1535-1: moderate: Recommended update for vsftpd Message-ID: <20160609110818.31EA9FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1535-1 Rating: moderate References: #786024 #935279 #968138 #969411 #970982 #971784 #972169 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: - ? wildcard matching broken (bsc#969411). - Hang when using seccomp and syslog (bsc#971784). - User creation to not report errors when user already exists (bsc#972169). - Hang on pam_exec in pam.d (bsc#970982). - Memory leaks in ls.c (bsc#968138). - Logrotate script fails when vsftpd is not running. (bsc#935279) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-912=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-912=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): vsftpd-3.0.2-31.1 vsftpd-debuginfo-3.0.2-31.1 vsftpd-debugsource-3.0.2-31.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vsftpd-3.0.2-31.1 vsftpd-debuginfo-3.0.2-31.1 vsftpd-debugsource-3.0.2-31.1 References: https://bugzilla.suse.com/786024 https://bugzilla.suse.com/935279 https://bugzilla.suse.com/968138 https://bugzilla.suse.com/969411 https://bugzilla.suse.com/970982 https://bugzilla.suse.com/971784 https://bugzilla.suse.com/972169 From sle-updates at lists.suse.com Thu Jun 9 08:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 16:11:15 +0200 (CEST) Subject: SUSE-RU-2016:1536-1: Recommended update for xorg-x11-driver-input Message-ID: <20160609141115.2B664FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-driver-input ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1536-1 Rating: low References: #967836 #979895 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-driver-input provides the following enhancements: - Add Kiosk mode: Implement a filter for the evdev driver which provides click-on-touch and click-on-release. (fate#319647, bsc#967836) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-driver-input-12606=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-driver-input-12606=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): xorg-x11-driver-input-7.4-13.70.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): xorg-x11-driver-input-7.4-13.70.1 References: https://bugzilla.suse.com/967836 https://bugzilla.suse.com/979895 From sle-updates at lists.suse.com Thu Jun 9 09:08:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 17:08:11 +0200 (CEST) Subject: SUSE-RU-2016:1537-1: Recommended update for xrdp Message-ID: <20160609150811.4385DFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1537-1 Rating: low References: #965647 #973130 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xrdp enhances the startwm.sh script, allowing the administrator to easily configure which desktop session should be started on xrdp displays. Additionally, it fixes a logic error in the package's post installation script when checking if the rsakeys.ini file was correctly generated. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-914=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-914=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-914=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-914=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 References: https://bugzilla.suse.com/965647 https://bugzilla.suse.com/973130 From sle-updates at lists.suse.com Thu Jun 9 10:07:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 18:07:55 +0200 (CEST) Subject: SUSE-SU-2016:1538-1: important: Security update for libxml2 Message-ID: <20160609160755.74BBCFF6C@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1538-1 Rating: important References: #963963 #965283 #978395 #981040 #981041 #981108 #981109 #981111 #981112 #981114 #981115 #981548 #981549 #981550 Cross-References: CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-915=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-915=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-915=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-915=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-915=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-915=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-24.1 libxml2-devel-2.9.1-24.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-24.1 libxml2-devel-2.9.1-24.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-24.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libxml2-2-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 - SUSE Linux Enterprise Server 12 (noarch): libxml2-doc-2.9.1-24.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-24.1 libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxml2-2-2.9.1-24.1 libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 References: https://www.suse.com/security/cve/CVE-2015-8806.html https://www.suse.com/security/cve/CVE-2016-1762.html https://www.suse.com/security/cve/CVE-2016-1833.html https://www.suse.com/security/cve/CVE-2016-1834.html https://www.suse.com/security/cve/CVE-2016-1835.html https://www.suse.com/security/cve/CVE-2016-1837.html https://www.suse.com/security/cve/CVE-2016-1838.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-1840.html https://www.suse.com/security/cve/CVE-2016-2073.html https://www.suse.com/security/cve/CVE-2016-3705.html https://www.suse.com/security/cve/CVE-2016-4447.html https://www.suse.com/security/cve/CVE-2016-4448.html https://www.suse.com/security/cve/CVE-2016-4449.html https://www.suse.com/security/cve/CVE-2016-4483.html https://bugzilla.suse.com/963963 https://bugzilla.suse.com/965283 https://bugzilla.suse.com/978395 https://bugzilla.suse.com/981040 https://bugzilla.suse.com/981041 https://bugzilla.suse.com/981108 https://bugzilla.suse.com/981109 https://bugzilla.suse.com/981111 https://bugzilla.suse.com/981112 https://bugzilla.suse.com/981114 https://bugzilla.suse.com/981115 https://bugzilla.suse.com/981548 https://bugzilla.suse.com/981549 https://bugzilla.suse.com/981550 From sle-updates at lists.suse.com Thu Jun 9 11:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 19:07:35 +0200 (CEST) Subject: SUSE-RU-2016:1539-1: moderate: Recommended update for util-linux Message-ID: <20160609170735.0DDE3FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1539-1 Rating: moderate References: #947494 #953691 #954482 #956540 #963399 #968733 #970404 #972684 #975082 #976141 #977259 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for util-linux provides the following fixes: - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file. (bsc#947494) - Remove incorrect --with-bashcompletiondir that breaks bash-completion, use path in bash-completion.pc instead. (bsc#977259) - Fix blkid to wipe correct area for probes with offset. (bsc#976141) - Fix and improve function of lscpu on Power Systems. (bsc#975082) - Fix crash while evaluating root of btrfs. (bsc#972684) - Make sulogin call tcfinal unconditionally. (bsc#970404) - Fix "mount -a" for loopdev (bsc#947494) - Prevent "mount -a" from mounting btrfs volumes multiple times. (bsc#947494) - Add support for locked root accounts in sulogin. (bsc#963399, bsc#968733) - Remove Persistent= directive from fstrim for systemd versions older than 212. (bsc#956540, bsc#953691, bsc#954482) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-916=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-916=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-916=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-916=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libuuid-devel-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libblkid-devel-2.25-32.4 libmount-devel-2.25-32.4 libsmartcols-devel-2.25-32.4 libuuid-devel-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libblkid1-2.25-32.4 libblkid1-debuginfo-2.25-32.4 libmount1-2.25-32.4 libmount1-debuginfo-2.25-32.4 libsmartcols1-2.25-32.4 libsmartcols1-debuginfo-2.25-32.4 libuuid1-2.25-32.4 libuuid1-debuginfo-2.25-32.4 python-libmount-2.25-32.8 python-libmount-debuginfo-2.25-32.8 python-libmount-debugsource-2.25-32.8 util-linux-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 util-linux-systemd-2.25-32.2 util-linux-systemd-debuginfo-2.25-32.2 util-linux-systemd-debugsource-2.25-32.2 uuidd-2.25-32.2 uuidd-debuginfo-2.25-32.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libblkid1-32bit-2.25-32.4 libblkid1-debuginfo-32bit-2.25-32.4 libmount1-32bit-2.25-32.4 libmount1-debuginfo-32bit-2.25-32.4 libuuid1-32bit-2.25-32.4 libuuid1-debuginfo-32bit-2.25-32.4 - SUSE Linux Enterprise Server 12-SP1 (noarch): util-linux-lang-2.25-32.4 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): util-linux-lang-2.25-32.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libblkid1-2.25-32.4 libblkid1-32bit-2.25-32.4 libblkid1-debuginfo-2.25-32.4 libblkid1-debuginfo-32bit-2.25-32.4 libmount1-2.25-32.4 libmount1-32bit-2.25-32.4 libmount1-debuginfo-2.25-32.4 libmount1-debuginfo-32bit-2.25-32.4 libsmartcols1-2.25-32.4 libsmartcols1-debuginfo-2.25-32.4 libuuid-devel-2.25-32.4 libuuid1-2.25-32.4 libuuid1-32bit-2.25-32.4 libuuid1-debuginfo-2.25-32.4 libuuid1-debuginfo-32bit-2.25-32.4 python-libmount-2.25-32.8 python-libmount-debuginfo-2.25-32.8 python-libmount-debugsource-2.25-32.8 util-linux-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 util-linux-systemd-2.25-32.2 util-linux-systemd-debuginfo-2.25-32.2 util-linux-systemd-debugsource-2.25-32.2 uuidd-2.25-32.2 uuidd-debuginfo-2.25-32.2 References: https://bugzilla.suse.com/947494 https://bugzilla.suse.com/953691 https://bugzilla.suse.com/954482 https://bugzilla.suse.com/956540 https://bugzilla.suse.com/963399 https://bugzilla.suse.com/968733 https://bugzilla.suse.com/970404 https://bugzilla.suse.com/972684 https://bugzilla.suse.com/975082 https://bugzilla.suse.com/976141 https://bugzilla.suse.com/977259 From sle-updates at lists.suse.com Thu Jun 9 16:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 00:07:50 +0200 (CEST) Subject: SUSE-RU-2016:1540-1: Recommended update for release-notes-slepos Message-ID: <20160609220750.9C5F1F402@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-slepos ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1540-1 Rating: low References: #979892 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Server Point of Service 11 SP3. - Add notes about running SLEPOS11-SP3 on top of SLES11-SP4 (bsc#979892) - Fix a wording issue with the HA functionality description - Various minor fixes Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-release-notes-slepos-12607=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): release-notes-slepos-11-1.26.3 References: https://bugzilla.suse.com/979892 From sle-updates at lists.suse.com Fri Jun 10 07:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 15:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1541-1: important: Security update for bind Message-ID: <20160610130801.5B5ECF39D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1541-1 Rating: important References: #970072 #970073 Cross-References: CVE-2016-1285 CVE-2016-1286 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes two assertion failures that could lead to a remote denial of service attack: - CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) - CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-12608=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-12608=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-12608=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.27.1 bind-chrootenv-9.9.6P1-0.27.1 bind-doc-9.9.6P1-0.27.1 bind-libs-32bit-9.9.6P1-0.27.1 bind-libs-9.9.6P1-0.27.1 bind-utils-9.9.6P1-0.27.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.27.1 bind-chrootenv-9.9.6P1-0.27.1 bind-doc-9.9.6P1-0.27.1 bind-libs-32bit-9.9.6P1-0.27.1 bind-libs-9.9.6P1-0.27.1 bind-utils-9.9.6P1-0.27.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.27.1 bind-chrootenv-9.9.6P1-0.27.1 bind-doc-9.9.6P1-0.27.1 bind-libs-32bit-9.9.6P1-0.27.1 bind-libs-9.9.6P1-0.27.1 bind-utils-9.9.6P1-0.27.1 References: https://www.suse.com/security/cve/CVE-2016-1285.html https://www.suse.com/security/cve/CVE-2016-1286.html https://bugzilla.suse.com/970072 https://bugzilla.suse.com/970073 From sle-updates at lists.suse.com Fri Jun 10 08:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 16:08:05 +0200 (CEST) Subject: SUSE-RU-2016:1542-1: moderate: Recommended update for sysconfig Message-ID: <20160610140805.0B492F39D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1542-1 Rating: moderate References: #865573 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysconfig fixes the following issue: - ppp: install refactored ip-up and related scripts (bsc#865573) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-920=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-920=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-920=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-920=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 References: https://bugzilla.suse.com/865573 From sle-updates at lists.suse.com Fri Jun 10 12:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 20:07:50 +0200 (CEST) Subject: SUSE-SU-2016:1543-1: moderate: Security update for poppler Message-ID: <20160610180750.9F168F39D@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1543-1 Rating: moderate References: #976844 Cross-References: CVE-2015-8868 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-922=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-922=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-922=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-922=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-922=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpoppler-devel-0.24.4-12.1 libpoppler-glib-devel-0.24.4-12.1 libpoppler-qt4-devel-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 typelib-1_0-Poppler-0_18-0.24.4-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libpoppler-devel-0.24.4-12.1 libpoppler-glib-devel-0.24.4-12.1 libpoppler-qt4-devel-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 typelib-1_0-Poppler-0_18-0.24.4-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 References: https://www.suse.com/security/cve/CVE-2015-8868.html https://bugzilla.suse.com/976844 From sle-updates at lists.suse.com Fri Jun 10 12:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 20:08:10 +0200 (CEST) Subject: SUSE-SU-2016:1544-1: moderate: Security update for poppler Message-ID: <20160610180810.1A88EF3F9@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1544-1 Rating: moderate References: #976844 Cross-References: CVE-2015-8868 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-poppler-12609=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-poppler-12609=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-poppler-12609=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpoppler-devel-0.12.3-1.12.1 libpoppler-glib-devel-0.12.3-1.12.1 libpoppler-qt2-0.12.3-1.12.1 libpoppler-qt3-devel-0.12.3-1.12.1 libpoppler-qt4-devel-0.12.3-1.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): poppler-tools-0.12.3-1.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpoppler-glib4-0.12.3-1.12.1 libpoppler-qt4-3-0.12.3-1.12.1 libpoppler5-0.12.3-1.12.1 poppler-tools-0.12.3-1.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): poppler-debuginfo-0.12.3-1.12.1 poppler-debugsource-0.12.3-1.12.1 References: https://www.suse.com/security/cve/CVE-2015-8868.html https://bugzilla.suse.com/976844 From sle-updates at lists.suse.com Mon Jun 13 05:07:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 13:07:34 +0200 (CEST) Subject: SUSE-SU-2016:1559-1: moderate: Security update for spice Message-ID: <20160613110734.78ED5FFB8@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1559-1 Rating: moderate References: #944787 #948976 #982385 #982386 Cross-References: CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: spice was updated to fix four security issues. These security issues were fixed: - CVE-2016-2150: Guest escape using crafted primary surface parameters (bsc#982386). - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction (bsc#982385). - CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787). - CVE-2015-5261: Host memory access from guest using crafted images (bsc#948976). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-925=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-925=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-925=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): libspice-server-devel-0.12.5-4.1 spice-debugsource-0.12.5-4.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libspice-server1-0.12.5-4.1 libspice-server1-debuginfo-0.12.5-4.1 spice-debugsource-0.12.5-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libspice-server1-0.12.5-4.1 libspice-server1-debuginfo-0.12.5-4.1 spice-debugsource-0.12.5-4.1 References: https://www.suse.com/security/cve/CVE-2015-5260.html https://www.suse.com/security/cve/CVE-2015-5261.html https://www.suse.com/security/cve/CVE-2016-0749.html https://www.suse.com/security/cve/CVE-2016-2150.html https://bugzilla.suse.com/944787 https://bugzilla.suse.com/948976 https://bugzilla.suse.com/982385 https://bugzilla.suse.com/982386 From sle-updates at lists.suse.com Mon Jun 13 05:08:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 13:08:26 +0200 (CEST) Subject: SUSE-SU-2016:1560-1: important: Security update for qemu Message-ID: <20160613110826.64260FFBA@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1560-1 Rating: important References: #886378 #895528 #901508 #928393 #934069 #940929 #944463 #947159 #958491 #958917 #959005 #959386 #960334 #960708 #960725 #960835 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964413 #967969 #969121 #969122 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 #981266 Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718 CVE-2015-3214 CVE-2015-5239 CVE-2015-5745 CVE-2015-7295 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 37 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI DMA I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI DMA I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-924=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-924=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-48.19.1 qemu-block-curl-2.0.2-48.19.1 qemu-block-curl-debuginfo-2.0.2-48.19.1 qemu-debugsource-2.0.2-48.19.1 qemu-guest-agent-2.0.2-48.19.1 qemu-guest-agent-debuginfo-2.0.2-48.19.1 qemu-lang-2.0.2-48.19.1 qemu-tools-2.0.2-48.19.1 qemu-tools-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-48.19.1 qemu-ppc-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-block-rbd-2.0.2-48.19.1 qemu-block-rbd-debuginfo-2.0.2-48.19.1 qemu-x86-2.0.2-48.19.1 qemu-x86-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-48.19.1 qemu-seabios-1.7.4-48.19.1 qemu-sgabios-8-48.19.1 qemu-vgabios-1.7.4-48.19.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-48.19.1 qemu-s390-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-48.19.1 qemu-block-curl-2.0.2-48.19.1 qemu-block-curl-debuginfo-2.0.2-48.19.1 qemu-debugsource-2.0.2-48.19.1 qemu-kvm-2.0.2-48.19.1 qemu-tools-2.0.2-48.19.1 qemu-tools-debuginfo-2.0.2-48.19.1 qemu-x86-2.0.2-48.19.1 qemu-x86-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-48.19.1 qemu-seabios-1.7.4-48.19.1 qemu-sgabios-8-48.19.1 qemu-vgabios-1.7.4-48.19.1 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2014-9718.html https://www.suse.com/security/cve/CVE-2015-3214.html https://www.suse.com/security/cve/CVE-2015-5239.html https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-7295.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4952.html https://bugzilla.suse.com/886378 https://bugzilla.suse.com/895528 https://bugzilla.suse.com/901508 https://bugzilla.suse.com/928393 https://bugzilla.suse.com/934069 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/944463 https://bugzilla.suse.com/947159 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/959386 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960708 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/960835 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969121 https://bugzilla.suse.com/969122 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 https://bugzilla.suse.com/981266 From sle-updates at lists.suse.com Mon Jun 13 09:08:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 17:08:29 +0200 (CEST) Subject: SUSE-SU-2016:1561-1: moderate: Security update for spice Message-ID: <20160613150829.59BFCFFAA@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1561-1 Rating: moderate References: #982385 #982386 Cross-References: CVE-2016-0749 CVE-2016-2150 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: spice was updated to fix two security issues. These security issues were fixed: - CVE-2016-2150: Guest escape using crafted primary surface parameters (bsc#982386). - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction (bsc#982385). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-928=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-928=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-928=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): libspice-server-devel-0.12.4-8.9.1 spice-debugsource-0.12.4-8.9.1 - SUSE Linux Enterprise Server 12 (x86_64): libspice-server1-0.12.4-8.9.1 libspice-server1-debuginfo-0.12.4-8.9.1 spice-debugsource-0.12.4-8.9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libspice-server1-0.12.4-8.9.1 libspice-server1-debuginfo-0.12.4-8.9.1 spice-debugsource-0.12.4-8.9.1 References: https://www.suse.com/security/cve/CVE-2016-0749.html https://www.suse.com/security/cve/CVE-2016-2150.html https://bugzilla.suse.com/982385 https://bugzilla.suse.com/982386 From sle-updates at lists.suse.com Mon Jun 13 09:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 17:08:53 +0200 (CEST) Subject: SUSE-RU-2016:1562-1: Recommended update for mtools Message-ID: <20160613150853.1AB85FFB9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mtools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1562-1 Rating: low References: #957007 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mtools provides the following fixes: - Add glibc-locale as a runtime dependency. Tools like mcopy(1) use it. (bsc#957007) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-929=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-929=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-929=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-929=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 - SUSE Linux Enterprise Desktop 12 (x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 References: https://bugzilla.suse.com/957007 From sle-updates at lists.suse.com Mon Jun 13 10:37:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 18:37:43 +0200 (CEST) Subject: SUSE-SU-2016:1563-1: important: Security update for ntp Message-ID: <20160613163743.C4059FFB9@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1563-1 Rating: important References: #979302 #979981 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-930=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p8-14.1 ntp-debuginfo-4.2.8p8-14.1 ntp-debugsource-4.2.8p8-14.1 ntp-doc-4.2.8p8-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p8-14.1 ntp-debuginfo-4.2.8p8-14.1 ntp-debugsource-4.2.8p8-14.1 ntp-doc-4.2.8p8-14.1 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/979981 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Mon Jun 13 12:07:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 20:07:58 +0200 (CEST) Subject: SUSE-RU-2016:1564-1: Recommended update for yasm Message-ID: <20160613180758.848ECFFB9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1564-1 Rating: low References: #959429 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yasm increases the symbol hash table size from 31 to 4k entries. This has a significant effect on performance when building some applications. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-931=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-931=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yasm-1.2.0-10.1 yasm-debuginfo-1.2.0-10.1 yasm-debugsource-1.2.0-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): yasm-1.2.0-10.1 yasm-debuginfo-1.2.0-10.1 yasm-debugsource-1.2.0-10.1 References: https://bugzilla.suse.com/959429 From sle-updates at lists.suse.com Mon Jun 13 12:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 20:08:17 +0200 (CEST) Subject: SUSE-RU-2016:1565-1: Recommended update for nautilus Message-ID: <20160613180817.87768FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1565-1 Rating: low References: #948796 #963724 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nautilus fixes the following issues: - Nautilus could terminate when inspecting properties of files owned by users that have just been created. (bsc#963724) - Make the path bar at the top of Nautilus windows size itself correctly, instead of only allocating space for a single button. (bsc#948796) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-932=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-932=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-932=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-932=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-932=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-932=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-932=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-932=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 nautilus-devel-3.10.1-15.5 typelib-1_0-Nautilus-3_0-3.10.1-15.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 nautilus-devel-3.10.1-15.5 typelib-1_0-Nautilus-3_0-3.10.1-15.5 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Server 12-SP1 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Server 12 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 References: https://bugzilla.suse.com/948796 https://bugzilla.suse.com/963724 From sle-updates at lists.suse.com Tue Jun 14 04:08:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 12:08:32 +0200 (CEST) Subject: SUSE-SU-2016:1568-1: important: Security update for ntp Message-ID: <20160614100832.66023FFA8@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1568-1 Rating: important References: #957226 #962960 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 #979302 #979981 #981422 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has two fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). - CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key (bsc#962960). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). - CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch (bsc#977452). - CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated (bsc#977455). - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459). - CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering (bsc#977450). - CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing (bsc#977464). - CVE-2016-1548: Interleave-pivot - MITIGATION ONLY (bsc#977461). - CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY (bsc#977451). This release also contained improved patches for CVE-2015-7704, CVE-2015-7705, CVE-2015-7974. These non-security issues were fixed: - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - bsc#957226: Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-933=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-933=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.8p8-46.8.1 ntp-debuginfo-4.2.8p8-46.8.1 ntp-debugsource-4.2.8p8-46.8.1 ntp-doc-4.2.8p8-46.8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.8p8-46.8.1 ntp-debuginfo-4.2.8p8-46.8.1 ntp-debugsource-4.2.8p8-46.8.1 ntp-doc-4.2.8p8-46.8.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/957226 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 https://bugzilla.suse.com/979302 https://bugzilla.suse.com/979981 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Tue Jun 14 07:08:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 15:08:04 +0200 (CEST) Subject: SUSE-SU-2016:1569-1: moderate: Security update for python-Pillow Message-ID: <20160614130804.44951FFA8@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1569-1 Rating: moderate References: #965579 #965582 Cross-References: CVE-2016-0740 CVE-2016-0775 Affected Products: SUSE Enterprise Storage 2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Pillow fixes the following security issues: * CVE-2016-0775: Fixed a buffer overflow in FliDecode.c causing a segfault when opening FLI files. (bsc#965582) * CVE-2016-0740: Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file. (bsc#965579) * Fixed an integer overflow in Resample.c causing writes in the Python heap. * Fixed a buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2 (x86_64): python-Pillow-2.7.0-3.2 python-Pillow-debuginfo-2.7.0-3.2 python-Pillow-debugsource-2.7.0-3.2 References: https://www.suse.com/security/cve/CVE-2016-0740.html https://www.suse.com/security/cve/CVE-2016-0775.html https://bugzilla.suse.com/965579 https://bugzilla.suse.com/965582 From sle-updates at lists.suse.com Tue Jun 14 08:09:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 16:09:15 +0200 (CEST) Subject: SUSE-SU-2016:1570-1: important: Security update for ImageMagick Message-ID: <20160614140915.5EB12FFA8@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1570-1 Rating: important References: #867943 #982178 Cross-References: CVE-2016-5118 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) This non-security issue was fixed: - Fix encoding of /Title in generated PDFs. (bsc#867943) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-935=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-935=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-935=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-935=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-935=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-935=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-935=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-935=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 ImageMagick-devel-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagick++-devel-6.8.8.1-25.1 perl-PerlMagick-6.8.8.1-25.1 perl-PerlMagick-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 ImageMagick-devel-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagick++-devel-6.8.8.1-25.1 perl-PerlMagick-6.8.8.1-25.1 perl-PerlMagick-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 References: https://www.suse.com/security/cve/CVE-2016-5118.html https://bugzilla.suse.com/867943 https://bugzilla.suse.com/982178 From sle-updates at lists.suse.com Tue Jun 14 10:14:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 18:14:48 +0200 (CEST) Subject: SUSE-RU-2016:1577-1: moderate: Recommended update for lio-utils Message-ID: <20160614161448.8FF1FFFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for lio-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1577-1 Rating: moderate References: #972717 #972720 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lio-utils fixes the following issues: - Provide target status by adding a helper script (bsc#972717) - Update HOWTO to talk about systemd instead of init (bsc#972720) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-937=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-937=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): lio-mibs-4.1-15.11.1 lio-mibs-debuginfo-4.1-15.11.1 lio-utils-4.1-15.11.1 lio-utils-debuginfo-4.1-15.11.1 lio-utils-debugsource-4.1-15.11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): lio-mibs-4.1-15.11.1 lio-mibs-debuginfo-4.1-15.11.1 lio-utils-4.1-15.11.1 lio-utils-debuginfo-4.1-15.11.1 lio-utils-debugsource-4.1-15.11.1 References: https://bugzilla.suse.com/972717 https://bugzilla.suse.com/972720 From sle-updates at lists.suse.com Tue Jun 14 12:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 20:07:57 +0200 (CEST) Subject: SUSE-SU-2016:1581-1: important: Security update for php53 Message-ID: <20160614180757.AE574FFB9@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1581-1 Rating: important References: #949961 #968284 #969821 #971611 #971612 #971912 #973351 #973792 #976996 #976997 #977003 #977005 #977991 #977994 #978827 #978828 #978829 #978830 #980366 #980373 #980375 #981050 #982010 #982011 #982012 #982013 #982162 Cross-References: CVE-2014-9767 CVE-2015-4116 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012) - CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013) - CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162) - CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994) - CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) - CVE-2015-8879: odbc_bindcols function in ext/odbc/php_odbc.c mishandles driver behavior for SQL_WVARCHAR (bsc#981050) Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet shipped to SUSE Linux Enterprise Server 11 SP3 LTSS: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-php53-12611=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-php53-12611=1 - SUSE Manager 2.1: zypper in -t patch sleman21-php53-12611=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12611=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12611=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-php53-12611=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12611=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-12611=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Manager Proxy 2.1 (x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Manager 2.1 (s390x x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-71.1 php53-imap-5.3.17-71.1 php53-posix-5.3.17-71.1 php53-readline-5.3.17-71.1 php53-sockets-5.3.17-71.1 php53-sqlite-5.3.17-71.1 php53-tidy-5.3.17-71.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-71.1 php53-debugsource-5.3.17-71.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-71.1 php53-debugsource-5.3.17-71.1 References: https://www.suse.com/security/cve/CVE-2014-9767.html https://www.suse.com/security/cve/CVE-2015-4116.html https://www.suse.com/security/cve/CVE-2015-7803.html https://www.suse.com/security/cve/CVE-2015-8835.html https://www.suse.com/security/cve/CVE-2015-8838.html https://www.suse.com/security/cve/CVE-2015-8866.html https://www.suse.com/security/cve/CVE-2015-8867.html https://www.suse.com/security/cve/CVE-2015-8873.html https://www.suse.com/security/cve/CVE-2015-8874.html https://www.suse.com/security/cve/CVE-2015-8879.html https://www.suse.com/security/cve/CVE-2016-2554.html https://www.suse.com/security/cve/CVE-2016-3141.html https://www.suse.com/security/cve/CVE-2016-3142.html https://www.suse.com/security/cve/CVE-2016-3185.html https://www.suse.com/security/cve/CVE-2016-4070.html https://www.suse.com/security/cve/CVE-2016-4073.html https://www.suse.com/security/cve/CVE-2016-4342.html https://www.suse.com/security/cve/CVE-2016-4346.html https://www.suse.com/security/cve/CVE-2016-4537.html https://www.suse.com/security/cve/CVE-2016-4538.html https://www.suse.com/security/cve/CVE-2016-4539.html https://www.suse.com/security/cve/CVE-2016-4540.html https://www.suse.com/security/cve/CVE-2016-4541.html https://www.suse.com/security/cve/CVE-2016-4542.html https://www.suse.com/security/cve/CVE-2016-4543.html https://www.suse.com/security/cve/CVE-2016-4544.html https://www.suse.com/security/cve/CVE-2016-5093.html https://www.suse.com/security/cve/CVE-2016-5094.html https://www.suse.com/security/cve/CVE-2016-5095.html https://www.suse.com/security/cve/CVE-2016-5096.html https://www.suse.com/security/cve/CVE-2016-5114.html https://bugzilla.suse.com/949961 https://bugzilla.suse.com/968284 https://bugzilla.suse.com/969821 https://bugzilla.suse.com/971611 https://bugzilla.suse.com/971612 https://bugzilla.suse.com/971912 https://bugzilla.suse.com/973351 https://bugzilla.suse.com/973792 https://bugzilla.suse.com/976996 https://bugzilla.suse.com/976997 https://bugzilla.suse.com/977003 https://bugzilla.suse.com/977005 https://bugzilla.suse.com/977991 https://bugzilla.suse.com/977994 https://bugzilla.suse.com/978827 https://bugzilla.suse.com/978828 https://bugzilla.suse.com/978829 https://bugzilla.suse.com/978830 https://bugzilla.suse.com/980366 https://bugzilla.suse.com/980373 https://bugzilla.suse.com/980375 https://bugzilla.suse.com/981050 https://bugzilla.suse.com/982010 https://bugzilla.suse.com/982011 https://bugzilla.suse.com/982012 https://bugzilla.suse.com/982013 https://bugzilla.suse.com/982162 From sle-updates at lists.suse.com Wed Jun 15 06:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 14:08:22 +0200 (CEST) Subject: SUSE-SU-2016:1584-1: important: Security update for ntp Message-ID: <20160615120822.7BC30FFAB@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1584-1 Rating: important References: #979302 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12612=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12612=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p8-14.1 ntp-doc-4.2.8p8-14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p8-14.1 ntp-debugsource-4.2.8p8-14.1 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Wed Jun 15 07:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 15:09:12 +0200 (CEST) Subject: SUSE-SU-2016:1588-1: moderate: Security update for libarchive Message-ID: <20160615130912.5ECB1FFAA@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1588-1 Rating: moderate References: #979005 Cross-References: CVE-2016-1541 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libarchive fixes the following issue: - Fix a heap-based buffer overflow (CVE-2016-1541, bsc#979005) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-940=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-940=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-940=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-940=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-940=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive-devel-3.1.2-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive-devel-3.1.2-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 References: https://www.suse.com/security/cve/CVE-2016-1541.html https://bugzilla.suse.com/979005 From sle-updates at lists.suse.com Wed Jun 15 10:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 18:10:47 +0200 (CEST) Subject: SUSE-RU-2016:1591-1: Recommended update for dmidecode Message-ID: <20160615161047.C87B6FFAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1591-1 Rating: low References: #955705 #974862 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dmidecode fixes the following issues: - Skip the SMBIOS version comparison in quiet mode. (bsc#974862) - Add support for DDR4 memory type. (bsc#955705) - Decode the CPUID of recent AMD processors. - Fix memory voltage labels. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-942=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-942=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-942=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-942=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 - SUSE Linux Enterprise Server 12 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 References: https://bugzilla.suse.com/955705 https://bugzilla.suse.com/974862 From sle-updates at lists.suse.com Wed Jun 15 10:11:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 18:11:18 +0200 (CEST) Subject: SUSE-RU-2016:1592-1: moderate: Recommended update for gcc48 Message-ID: <20160615161118.E0763FFAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1592-1 Rating: moderate References: #955382 #970009 #976627 #977654 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for gcc48 fixes the following issues: - Fix internal compiler error specific to the ppc64le architecture. (bsc#976627) - Fix issue with using gcov and #pragma pack. (bsc#977654) - Fix internal compiler error when building samba on aarch64. (bsc#970009) - Fix HTM built-ins on PowerPC. (bsc#955382) - Build without GRAPHITE where cloog-isl is not available. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-941=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-941=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-941=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-941=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-941=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-941=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-941=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-941=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-fortran-4.8.5-27.1 gcc48-fortran-debuginfo-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 gcc48-java-4.8.5-27.1 gcc48-java-debuginfo-4.8.5-27.1 gcc48-obj-c++-4.8.5-27.1 gcc48-obj-c++-debuginfo-4.8.5-27.1 gcc48-objc-4.8.5-27.1 gcc48-objc-debuginfo-4.8.5-27.1 libffi48-debugsource-4.8.5-27.1 libffi48-devel-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-devel-4.8.5-27.1 libgcj48-devel-debuginfo-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libobjc4-4.8.5-27.1 libobjc4-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): gcc48-objc-32bit-4.8.5-27.1 libobjc4-32bit-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): gcc48-ada-4.8.5-27.1 gcc48-ada-debuginfo-4.8.5-27.1 libada48-4.8.5-27.1 libada48-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-fortran-4.8.5-27.1 gcc48-fortran-debuginfo-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 gcc48-java-4.8.5-27.1 gcc48-java-debuginfo-4.8.5-27.1 gcc48-obj-c++-4.8.5-27.1 gcc48-obj-c++-debuginfo-4.8.5-27.1 gcc48-objc-4.8.5-27.1 gcc48-objc-debuginfo-4.8.5-27.1 libffi48-debugsource-4.8.5-27.1 libffi48-devel-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-devel-4.8.5-27.1 libgcj48-devel-debuginfo-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libobjc4-4.8.5-27.1 libobjc4-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): gcc48-objc-32bit-4.8.5-27.1 libobjc4-32bit-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12 (x86_64): gcc48-ada-4.8.5-27.1 gcc48-ada-debuginfo-4.8.5-27.1 libada48-4.8.5-27.1 libada48-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-locale-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gcc48-32bit-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libasan0-32bit-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gcc48-info-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-locale-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gcc48-32bit-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (x86_64): libasan0-32bit-4.8.5-27.1 libasan0-32bit-debuginfo-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (noarch): gcc48-info-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gcc48-info-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-32bit-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libasan0-32bit-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-32bit-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libasan0-32bit-4.8.5-27.1 libasan0-32bit-debuginfo-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12 (noarch): gcc48-info-4.8.5-27.1 References: https://bugzilla.suse.com/955382 https://bugzilla.suse.com/970009 https://bugzilla.suse.com/976627 https://bugzilla.suse.com/977654 From sle-updates at lists.suse.com Thu Jun 16 03:08:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 11:08:24 +0200 (CEST) Subject: SUSE-SU-2016:1593-1: moderate: Security update for p7zip Message-ID: <20160616090824.9BA9EFFA8@maintenance.suse.de> SUSE Security Update: Security update for p7zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1593-1 Rating: moderate References: #979823 Cross-References: CVE-2016-2335 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for p7zip fixes the following issues: - add p7zip-9.20.1-CVE-2016-2335.patch to fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability [bsc#979823], [CVE-2016-2335] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-943=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-943=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-943=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-943=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 References: https://www.suse.com/security/cve/CVE-2016-2335.html https://bugzilla.suse.com/979823 From sle-updates at lists.suse.com Thu Jun 16 07:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 15:07:57 +0200 (CEST) Subject: SUSE-SU-2016:1596-1: important: Security update for the Linux Kernel Message-ID: <20160616130757.CBC25FFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1596-1 Rating: important References: #983143 Cross-References: CVE-2016-1583 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 GA kernel was updated to fix one security issue. The following security bug was fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-944=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-944=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-944=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-944=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-944=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-944=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.55-52.45.1 kernel-default-debugsource-3.12.55-52.45.1 kernel-default-extra-3.12.55-52.45.1 kernel-default-extra-debuginfo-3.12.55-52.45.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.55-52.45.1 kernel-obs-build-debugsource-3.12.55-52.45.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.55-52.45.4 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.55-52.45.1 kernel-default-base-3.12.55-52.45.1 kernel-default-base-debuginfo-3.12.55-52.45.1 kernel-default-debuginfo-3.12.55-52.45.1 kernel-default-debugsource-3.12.55-52.45.1 kernel-default-devel-3.12.55-52.45.1 kernel-syms-3.12.55-52.45.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.55-52.45.1 kernel-xen-base-3.12.55-52.45.1 kernel-xen-base-debuginfo-3.12.55-52.45.1 kernel-xen-debuginfo-3.12.55-52.45.1 kernel-xen-debugsource-3.12.55-52.45.1 kernel-xen-devel-3.12.55-52.45.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.55-52.45.1 kernel-macros-3.12.55-52.45.1 kernel-source-3.12.55-52.45.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.55-52.45.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.55-52.45.1 kernel-ec2-debuginfo-3.12.55-52.45.1 kernel-ec2-debugsource-3.12.55-52.45.1 kernel-ec2-devel-3.12.55-52.45.1 kernel-ec2-extra-3.12.55-52.45.1 kernel-ec2-extra-debuginfo-3.12.55-52.45.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_55-52_45-default-1-3.1 kgraft-patch-3_12_55-52_45-xen-1-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.55-52.45.1 kernel-default-debuginfo-3.12.55-52.45.1 kernel-default-debugsource-3.12.55-52.45.1 kernel-default-devel-3.12.55-52.45.1 kernel-default-extra-3.12.55-52.45.1 kernel-default-extra-debuginfo-3.12.55-52.45.1 kernel-syms-3.12.55-52.45.1 kernel-xen-3.12.55-52.45.1 kernel-xen-debuginfo-3.12.55-52.45.1 kernel-xen-debugsource-3.12.55-52.45.1 kernel-xen-devel-3.12.55-52.45.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.55-52.45.1 kernel-macros-3.12.55-52.45.1 kernel-source-3.12.55-52.45.1 References: https://www.suse.com/security/cve/CVE-2016-1583.html https://bugzilla.suse.com/983143 From sle-updates at lists.suse.com Thu Jun 16 10:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 18:09:48 +0200 (CEST) Subject: SUSE-RU-2016:1597-1: Recommended update for man-pages Message-ID: <20160616160948.0D375FFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1597-1 Rating: low References: #967488 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for man-pages fixes the following issues: - Document in open(2) that O_TMPFILE support was added to btrfs only in kernel 3.16 and hence is not yet available on SUSE Linux Enterprise 12-SP1. (bsc#967488) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-946=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): man-pages-4.02-5.7 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): man-pages-4.02-5.7 References: https://bugzilla.suse.com/967488 From sle-updates at lists.suse.com Thu Jun 16 10:10:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 18:10:06 +0200 (CEST) Subject: SUSE-RU-2016:1598-1: Recommended update for indic-fonts Message-ID: <20160616161006.18094FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for indic-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1598-1 Rating: low References: #977195 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for indic-fonts fixes the following issue: - Fix distortions of Gujarati fonts (bsc#977195) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-945=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-945=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-945=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-945=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): indic-fonts-20130612-5.1 - SUSE Linux Enterprise Server 12 (noarch): indic-fonts-20130612-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): indic-fonts-20130612-5.1 - SUSE Linux Enterprise Desktop 12 (noarch): indic-fonts-20130612-5.1 References: https://bugzilla.suse.com/977195 From sle-updates at lists.suse.com Thu Jun 16 10:10:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 18:10:23 +0200 (CEST) Subject: SUSE-RU-2016:1599-1: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20160616161023.C4286FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1599-1 Rating: low References: #924298 #970425 #976194 Affected Products: SUSE Manager Proxy 2.1 SUSE Manager 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: SUSE Manager 2.1 Release Notes and SUSE Manager Proxy 2.1 Release Notes have been updated to document: - New channels available: + Support SLE-POS 11 SP3 as addon for SLES 11 SP4 + HAE-GEO is an addon product for SLES 4 SAP + SLE-Live-Patching12 - Bugs fixed by latest updates bsc#922740, bsc#924298, bsc#958923, bsc#961002, bsc#961565 bsc#962253, bsc#966622, bsc#966737, bsc#966890, bsc#968257 bsc#968406, bsc#970223, bsc#970425, bsc#970550, bsc#970672 bsc#970901, bsc#970989, bsc#971237, bsc#972341, bsc#973162 bsc#973432, bsc#976194, bsc#976826, bsc#978166 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-release-notes-susemanager-12613=1 - SUSE Manager 2.1: zypper in -t patch sleman21-release-notes-susemanager-12613=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): release-notes-susemanager-proxy-2.1.0-0.24.1 - SUSE Manager 2.1 (s390x x86_64): release-notes-susemanager-2.1.0-0.50.3 References: https://bugzilla.suse.com/924298 https://bugzilla.suse.com/970425 https://bugzilla.suse.com/976194 From sle-updates at lists.suse.com Thu Jun 16 11:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 19:08:10 +0200 (CEST) Subject: SUSE-SU-2016:1600-1: moderate: Security update for libtasn1 Message-ID: <20160616170810.2F05EFFA8@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1600-1 Rating: moderate References: #929414 #961491 #982779 Cross-References: CVE-2015-3622 CVE-2016-4008 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ntp-12614=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12614=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12614=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtasn1-devel-1.5-1.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtasn1-1.5-1.34.1 libtasn1-3-1.5-1.34.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtasn1-3-32bit-1.5-1.34.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtasn1-3-x86-1.5-1.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtasn1-debuginfo-1.5-1.34.1 libtasn1-debugsource-1.5-1.34.1 References: https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2016-4008.html https://bugzilla.suse.com/929414 https://bugzilla.suse.com/961491 https://bugzilla.suse.com/982779 From sle-updates at lists.suse.com Thu Jun 16 11:08:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 19:08:46 +0200 (CEST) Subject: SUSE-SU-2016:1601-1: moderate: Security update for libtasn1 Message-ID: <20160616170846.C4869FFAB@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1601-1 Rating: moderate References: #929414 #961491 #982779 Cross-References: CVE-2015-3622 CVE-2016-4008 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-949=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-949=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-949=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-949=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-949=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-949=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 libtasn1-devel-3.7-11.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 libtasn1-devel-3.7-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 References: https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2016-4008.html https://bugzilla.suse.com/929414 https://bugzilla.suse.com/961491 https://bugzilla.suse.com/982779 From sle-updates at lists.suse.com Fri Jun 17 06:08:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 14:08:35 +0200 (CEST) Subject: SUSE-SU-2016:1602-1: important: Security update for ntp Message-ID: <20160617120835.729E2FFAC@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1602-1 Rating: important References: #979302 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ntp-12615=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ntp-12615=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ntp-12615=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-12615=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ntp-12615=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-12615=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ntp-12615=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Manager Proxy 2.1 (x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Manager 2.1 (s390x x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p8-47.3 ntp-debugsource-4.2.8p8-47.3 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ntp-debuginfo-4.2.8p8-47.3 ntp-debugsource-4.2.8p8-47.3 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Fri Jun 17 06:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 14:10:10 +0200 (CEST) Subject: SUSE-RU-2016:1603-1: moderate: Recommended update for docker Message-ID: <20160617121010.A01FEFFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1603-1 Rating: moderate References: #964673 #977394 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for docker fixes the following issues: - Fix database soft corruption issues if the Docker daemon terminates in a bad state. (bsc#964673) - Fix go version to 1.5 (bsc#977394) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-951=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-951=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): docker-1.10.3-71.1 docker-debuginfo-1.10.3-71.1 docker-debugsource-1.10.3-71.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-1.10.3-71.1 docker-debuginfo-1.10.3-71.1 docker-debugsource-1.10.3-71.1 References: https://bugzilla.suse.com/964673 https://bugzilla.suse.com/977394 From sle-updates at lists.suse.com Fri Jun 17 07:08:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 15:08:23 +0200 (CEST) Subject: SUSE-SU-2016:1604-1: important: Security update for libxml2 Message-ID: <20160617130823.D9B3EFFAC@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1604-1 Rating: important References: #963963 #965283 #978395 #981040 #981041 #981108 #981109 #981111 #981112 #981114 #981115 #981548 #981549 #981550 Cross-References: CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-libxml2-12616=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-libxml2-12616=1 - SUSE Manager 2.1: zypper in -t patch sleman21-libxml2-12616=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-12616=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-12616=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libxml2-12616=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-libxml2-12616=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-12616=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-12616=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-libxml2-12616=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libxml2-2.7.6-0.44.1 libxml2-32bit-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Manager Proxy 2.1 (x86_64): libxml2-2.7.6-0.44.1 libxml2-32bit-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Manager 2.1 (s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-32bit-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.44.1 libxml2-debugsource-2.7.6-0.44.1 libxml2-python-debuginfo-2.7.6-0.44.4 libxml2-python-debugsource-2.7.6-0.44.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.44.1 libxml2-debugsource-2.7.6-0.44.1 libxml2-python-debuginfo-2.7.6-0.44.4 libxml2-python-debugsource-2.7.6-0.44.4 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.44.1 libxml2-debugsource-2.7.6-0.44.1 libxml2-python-debuginfo-2.7.6-0.44.4 libxml2-python-debugsource-2.7.6-0.44.4 References: https://www.suse.com/security/cve/CVE-2015-8806.html https://www.suse.com/security/cve/CVE-2016-1762.html https://www.suse.com/security/cve/CVE-2016-1833.html https://www.suse.com/security/cve/CVE-2016-1834.html https://www.suse.com/security/cve/CVE-2016-1835.html https://www.suse.com/security/cve/CVE-2016-1837.html https://www.suse.com/security/cve/CVE-2016-1838.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-1840.html https://www.suse.com/security/cve/CVE-2016-2073.html https://www.suse.com/security/cve/CVE-2016-3705.html https://www.suse.com/security/cve/CVE-2016-4447.html https://www.suse.com/security/cve/CVE-2016-4448.html https://www.suse.com/security/cve/CVE-2016-4449.html https://www.suse.com/security/cve/CVE-2016-4483.html https://bugzilla.suse.com/963963 https://bugzilla.suse.com/965283 https://bugzilla.suse.com/978395 https://bugzilla.suse.com/981040 https://bugzilla.suse.com/981041 https://bugzilla.suse.com/981108 https://bugzilla.suse.com/981109 https://bugzilla.suse.com/981111 https://bugzilla.suse.com/981112 https://bugzilla.suse.com/981114 https://bugzilla.suse.com/981115 https://bugzilla.suse.com/981548 https://bugzilla.suse.com/981549 https://bugzilla.suse.com/981550 From sle-updates at lists.suse.com Fri Jun 17 09:11:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:11:39 +0200 (CEST) Subject: SUSE-RU-2016:1606-1: Recommended update for nethogs Message-ID: <20160617151139.E0659FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for nethogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1606-1 Rating: low References: #970024 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nethogs fixes the following issues: - Fix buffer overflow for command line strings of length greater than 80. - Fix creating socket by using normal DGRAM sockets. (bsc#970024) - Correctly display PID's up to 7 characters. - Get all running non-loopback devices by default. - Consider the terminal height when printing the 'total' row. - Add new command line switches: -s, -c, -v. - Change needrefresh default value from true to false. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-956=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nethogs-0.8.1-4.1 nethogs-debuginfo-0.8.1-4.1 nethogs-debugsource-0.8.1-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): nethogs-0.8.1-4.1 nethogs-debuginfo-0.8.1-4.1 nethogs-debugsource-0.8.1-4.1 References: https://bugzilla.suse.com/970024 From sle-updates at lists.suse.com Fri Jun 17 09:11:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:11:58 +0200 (CEST) Subject: SUSE-RU-2016:1607-1: Recommended update for python-dateutil Message-ID: <20160617151158.62C7BFFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dateutil ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1607-1 Rating: low References: #978730 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 SUSE Enterprise Storage 2.1 SUSE Enterprise Storage 2 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-dateutil 2.4.2, which brings several fixes and enhancements: - Updated zoneinfo to 2015b. - Fixed issue with parsing of tzstr on Python 2.7.x; tzstr will now be decoded if not a unicode type. - Fix a parser issue where AM and PM tokens were showing up in fuzzy date stamps, triggering inappropriate errors. - Missing function 'setcachsize' removed from zoneinfo __all__ list, fixing an issue with wildcard imports of dateutil.zoneinfo. - Added explicit check for valid hours if AM/PM is specified in parser. - Fix error where parser allowed some invalid dates, overwriting existing hours with the last 2-digit number in the string. - Fix and add test for Python 2.x compatibility with boolean checking of relativedelta objects. - Replaced parse() calls with explicit datetime objects in unit tests unrelated to parser. - Changed private _byxxx from sets to sorted tuples and fixed one currently unreachable bug in _construct_byset. - Additional documentation for parser and rrule. - Formatting fixes to documentation of rrule and README.rst. - Fix an issue with relativedelta and freezegun. - Fix minimal version requirement for python-six. - Many rrule changes and fixes, including defusing some infinite loops. - Changed many aspects of dealing with the zone info file. Instead of a cache, all the zones are loaded to memory, but symbolic links are loaded only once, so not much memory is used. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-954=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-954=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-954=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-954=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-954=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-954=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-954=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-954=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-954=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-954=1 - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-954=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-954=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-dateutil-2.4.2-14.2 - SUSE OpenStack Cloud 6 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Server 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise High Availability 12-SP1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise High Availability 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Desktop 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Enterprise Storage 2.1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Enterprise Storage 2 (noarch): python-dateutil-2.4.2-14.2 - SUSE Enterprise Storage 1.0 (noarch): python-dateutil-2.4.2-14.2 References: https://bugzilla.suse.com/978730 From sle-updates at lists.suse.com Fri Jun 17 09:12:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:12:14 +0200 (CEST) Subject: SUSE-RU-2016:1608-1: Recommended update for powerpc-utils Message-ID: <20160617151214.75F31FFAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1608-1 Rating: low References: #957445 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Correct drmgr's LMB counting when discovering LMBs. This fixes dynamic addition of memory. (bsc#957445) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-powerpc-utils-12617=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-powerpc-utils-12617=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (ppc64): powerpc-utils-1.2.22-4.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): powerpc-utils-debuginfo-1.2.22-4.3 powerpc-utils-debugsource-1.2.22-4.3 References: https://bugzilla.suse.com/957445 From sle-updates at lists.suse.com Fri Jun 17 09:12:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:12:32 +0200 (CEST) Subject: SUSE-RU-2016:1609-1: Recommended update for libcap1 Message-ID: <20160617151232.0EBEAFFAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1609-1 Rating: low References: #982232 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes building of libcap1 with newer versions of glibc. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-953=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-953=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libcap1-1.10-61.1 libcap1-debuginfo-1.10-61.1 libcap1-debugsource-1.10-61.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcap1-32bit-1.10-61.1 libcap1-debuginfo-32bit-1.10-61.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libcap1-1.10-61.1 libcap1-debuginfo-1.10-61.1 libcap1-debugsource-1.10-61.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcap1-32bit-1.10-61.1 libcap1-debuginfo-32bit-1.10-61.1 References: https://bugzilla.suse.com/982232 From sle-updates at lists.suse.com Fri Jun 17 09:12:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:12:53 +0200 (CEST) Subject: SUSE-SU-2016:1610-1: important: Security update for ImageMagick Message-ID: <20160617151253.106BCFFAE@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1610-1 Rating: important References: #982178 Cross-References: CVE-2016-5118 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ImageMagick-12618=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ImageMagick-12618=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ImageMagick-12618=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12618=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12618=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ImageMagick-12618=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ImageMagick-12618=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12618=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 libMagickCore1-6.4.3.6-7.40.1 - SUSE Manager Proxy 2.1 (x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 libMagickCore1-6.4.3.6-7.40.1 - SUSE Manager 2.1 (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.40.1 ImageMagick-devel-6.4.3.6-7.40.1 libMagick++-devel-6.4.3.6-7.40.1 libMagick++1-6.4.3.6-7.40.1 libMagickWand1-6.4.3.6-7.40.1 perl-PerlMagick-6.4.3.6-7.40.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.40.1 ImageMagick-debugsource-6.4.3.6-7.40.1 References: https://www.suse.com/security/cve/CVE-2016-5118.html https://bugzilla.suse.com/982178 From sle-updates at lists.suse.com Fri Jun 17 10:07:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 18:07:59 +0200 (CEST) Subject: SUSE-SU-2016:1613-1: critical: Security update for flash-player Message-ID: <20160617160759.0F3CCFFB9@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1613-1 Rating: critical References: #984695 Cross-References: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 36 vulnerabilities is now available. Description: Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 (boo#984695): * APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 Please see https://helpx.adobe.com/security/products/flash-player/apsb16-18.html for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-960=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-960=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-960=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-960=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 References: https://www.suse.com/security/cve/CVE-2016-4122.html https://www.suse.com/security/cve/CVE-2016-4123.html https://www.suse.com/security/cve/CVE-2016-4124.html https://www.suse.com/security/cve/CVE-2016-4125.html https://www.suse.com/security/cve/CVE-2016-4127.html https://www.suse.com/security/cve/CVE-2016-4128.html https://www.suse.com/security/cve/CVE-2016-4129.html https://www.suse.com/security/cve/CVE-2016-4130.html https://www.suse.com/security/cve/CVE-2016-4131.html https://www.suse.com/security/cve/CVE-2016-4132.html https://www.suse.com/security/cve/CVE-2016-4133.html https://www.suse.com/security/cve/CVE-2016-4134.html https://www.suse.com/security/cve/CVE-2016-4135.html https://www.suse.com/security/cve/CVE-2016-4136.html https://www.suse.com/security/cve/CVE-2016-4137.html https://www.suse.com/security/cve/CVE-2016-4138.html https://www.suse.com/security/cve/CVE-2016-4139.html https://www.suse.com/security/cve/CVE-2016-4140.html https://www.suse.com/security/cve/CVE-2016-4141.html https://www.suse.com/security/cve/CVE-2016-4142.html https://www.suse.com/security/cve/CVE-2016-4143.html https://www.suse.com/security/cve/CVE-2016-4144.html https://www.suse.com/security/cve/CVE-2016-4145.html https://www.suse.com/security/cve/CVE-2016-4146.html https://www.suse.com/security/cve/CVE-2016-4147.html https://www.suse.com/security/cve/CVE-2016-4148.html https://www.suse.com/security/cve/CVE-2016-4149.html https://www.suse.com/security/cve/CVE-2016-4150.html https://www.suse.com/security/cve/CVE-2016-4151.html https://www.suse.com/security/cve/CVE-2016-4152.html https://www.suse.com/security/cve/CVE-2016-4153.html https://www.suse.com/security/cve/CVE-2016-4154.html https://www.suse.com/security/cve/CVE-2016-4155.html https://www.suse.com/security/cve/CVE-2016-4156.html https://www.suse.com/security/cve/CVE-2016-4166.html https://www.suse.com/security/cve/CVE-2016-4171.html https://bugzilla.suse.com/984695 From sle-updates at lists.suse.com Fri Jun 17 10:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 18:08:17 +0200 (CEST) Subject: SUSE-SU-2016:1614-1: important: Security update for GraphicsMagick Message-ID: <20160617160817.445C7FFAE@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1614-1 Rating: important References: #851064 #965574 #982178 Cross-References: CVE-2013-4589 CVE-2015-8808 CVE-2016-5118 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via special filenames (bnc#982178). - CVE-2013-4589: The ExportAlphaQuantumType function in export.c in GraphicsMagick might have allowed remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image (bsc#851064). - CVE-2015-8808: Out-of-bound read in the parsing of GIF files (bnc#965574). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12619=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12619=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12619=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.38.1 libGraphicsMagick2-1.2.5-4.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.38.1 libGraphicsMagick2-1.2.5-4.38.1 perl-GraphicsMagick-1.2.5-4.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.38.1 GraphicsMagick-debugsource-1.2.5-4.38.1 References: https://www.suse.com/security/cve/CVE-2013-4589.html https://www.suse.com/security/cve/CVE-2015-8808.html https://www.suse.com/security/cve/CVE-2016-5118.html https://bugzilla.suse.com/851064 https://bugzilla.suse.com/965574 https://bugzilla.suse.com/982178 From sle-updates at lists.suse.com Fri Jun 17 10:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 18:08:49 +0200 (CEST) Subject: SUSE-RU-2016:1615-1: Recommended update for release-notes-sled Message-ID: <20160617160849.1163BFFAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1615-1 Rating: low References: #951385 #979703 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Desktop 12 SP1 have been updated to document: - The pax(1) Tool Replaced by spax(1). (fate#318412) - Qt 5 Has Been Updated to 5.5.1. (fate#319961) - Dependency on libHBAAPI Removed from fcoe-utils. (fate#319021) Some entries have been fixed or improved: - Remove mention of non-existent parameter to btrfs tool. (fate#318805) - Remove empty list of deprecated packages. (bsc#951385) - Remove "Upgrading PostgreSQL Installations" section. (fate#319049) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-958=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-958=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): release-notes-sled-12.1.20160616-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): release-notes-sled-12.1.20160616-14.1 References: https://bugzilla.suse.com/951385 https://bugzilla.suse.com/979703 From sle-updates at lists.suse.com Fri Jun 17 11:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 19:07:57 +0200 (CEST) Subject: SUSE-RU-2016:1616-1: Recommended update for perl-Net-SSLeay Message-ID: <20160617170757.DB37AFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Net-SSLeay ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1616-1 Rating: low References: #982234 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Net-SSLeay removes a test which is executed at build time and is now obsolete with newer (1.0.1n+) versions of OpenSSL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-962=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-962=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-962=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-962=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 - SUSE Linux Enterprise Desktop 12 (x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 References: https://bugzilla.suse.com/982234 From sle-updates at lists.suse.com Fri Jun 17 11:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 19:08:15 +0200 (CEST) Subject: SUSE-RU-2016:1617-1: moderate: Recommended update for kiwi Message-ID: <20160617170815.49331FFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1617-1 Rating: moderate References: #982092 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides KIWI v7.02.97, which brings several fixes and enhancements: - Delete vmxboot dracut optimization: For vmx type images, dracut was called in background to speedup the boot process. However this could cause a race condition together with grub2-mkconfig. If grub2-mkconfig is called but dracut has not yet created the initrd, grub2 creates a configuration file without an initrd. The result boot setup is not able to reboot the system because the initrd is not loaded. (bsc#982092) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-961=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-961=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-961=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kiwi-pxeboot-7.02.97-30.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kiwi-7.02.97-30.1 kiwi-debugsource-7.02.97-30.1 kiwi-desc-netboot-7.02.97-30.1 kiwi-desc-oemboot-7.02.97-30.1 kiwi-desc-vmxboot-7.02.97-30.1 kiwi-templates-7.02.97-30.1 kiwi-tools-7.02.97-30.1 kiwi-tools-debuginfo-7.02.97-30.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kiwi-desc-isoboot-7.02.97-30.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kiwi-doc-7.02.97-30.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kiwi-debugsource-7.02.97-30.1 kiwi-tools-7.02.97-30.1 kiwi-tools-debuginfo-7.02.97-30.1 References: https://bugzilla.suse.com/982092 From sle-updates at lists.suse.com Fri Jun 17 12:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 20:08:05 +0200 (CEST) Subject: SUSE-SU-2016:1618-1: moderate: Security update for mysql Message-ID: <20160617180805.AF0FEFF8F@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1618-1 Rating: moderate References: #934789 #959724 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12620=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12620=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysqlclient-devel-5.0.96-0.8.10.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysqlclient_r15-32bit-5.0.96-0.8.10.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysqlclient_r15-x86-5.0.96-0.8.10.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysqlclient15-5.0.96-0.8.10.3 libmysqlclient_r15-5.0.96-0.8.10.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysqlclient15-32bit-5.0.96-0.8.10.3 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysqlclient15-x86-5.0.96-0.8.10.3 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/934789 https://bugzilla.suse.com/959724 From sle-updates at lists.suse.com Fri Jun 17 12:08:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 20:08:36 +0200 (CEST) Subject: SUSE-SU-2016:1619-1: important: Security update for mariadb Message-ID: <20160617180836.B39B6FFAC@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1619-1 Rating: important References: #960961 #961935 #963806 #980904 Cross-References: CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options (bsc#980904). - CVE-2016-0546: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Client (bsc#980904). - CVE-2016-0596: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0597: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0598: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0600: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to InnoDB (bsc#980904). - CVE-2016-0606: Unspecified vulnerability allowed remote authenticated users to affect integrity via unknown vectors related to encryption (bsc#980904). - CVE-2016-0608: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to UDF (bsc#980904). - CVE-2016-0609: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to privileges (bsc#980904). - CVE-2016-0616: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#980904). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#980904). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#980904). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#980904). - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#980904). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#980904). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#980904). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#980904). - CVE-2016-0655: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#980904). - CVE-2016-0668: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). These non-security issues were fixed: - bsc#960961: Use 'plugin-load-add' instead of 'plugin-load' in default_plugins.cnf. It contained 'plugin-load' options which caused that only last plugin was actually loaded ('plugin-load' overrides the previous 'plugin-load') - bsc#961935: Remove the leftovers of "openSUSE" string in the '-DWITH_COMMENT' and 'DCOMPILATION_COMMENT' options Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-964=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-964=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-964=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-964=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libmysqlclient_r18-10.0.25-20.6.1 libmysqlclient_r18-32bit-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.25-20.6.1 libmysqlclient_r18-10.0.25-20.6.1 libmysqld-devel-10.0.25-20.6.1 libmysqld18-10.0.25-20.6.1 libmysqld18-debuginfo-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmysqlclient18-10.0.25-20.6.1 libmysqlclient18-debuginfo-10.0.25-20.6.1 mariadb-10.0.25-20.6.1 mariadb-client-10.0.25-20.6.1 mariadb-client-debuginfo-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 mariadb-errormessages-10.0.25-20.6.1 mariadb-tools-10.0.25-20.6.1 mariadb-tools-debuginfo-10.0.25-20.6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmysqlclient18-32bit-10.0.25-20.6.1 libmysqlclient18-debuginfo-32bit-10.0.25-20.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmysqlclient18-10.0.25-20.6.1 libmysqlclient18-32bit-10.0.25-20.6.1 libmysqlclient18-debuginfo-10.0.25-20.6.1 libmysqlclient18-debuginfo-32bit-10.0.25-20.6.1 libmysqlclient_r18-10.0.25-20.6.1 libmysqlclient_r18-32bit-10.0.25-20.6.1 mariadb-10.0.25-20.6.1 mariadb-client-10.0.25-20.6.1 mariadb-client-debuginfo-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 mariadb-errormessages-10.0.25-20.6.1 References: https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0616.html https://www.suse.com/security/cve/CVE-2016-0640.html https://www.suse.com/security/cve/CVE-2016-0641.html https://www.suse.com/security/cve/CVE-2016-0642.html https://www.suse.com/security/cve/CVE-2016-0643.html https://www.suse.com/security/cve/CVE-2016-0644.html https://www.suse.com/security/cve/CVE-2016-0646.html https://www.suse.com/security/cve/CVE-2016-0647.html https://www.suse.com/security/cve/CVE-2016-0648.html https://www.suse.com/security/cve/CVE-2016-0649.html https://www.suse.com/security/cve/CVE-2016-0650.html https://www.suse.com/security/cve/CVE-2016-0651.html https://www.suse.com/security/cve/CVE-2016-0655.html https://www.suse.com/security/cve/CVE-2016-0666.html https://www.suse.com/security/cve/CVE-2016-0668.html https://www.suse.com/security/cve/CVE-2016-2047.html https://bugzilla.suse.com/960961 https://bugzilla.suse.com/961935 https://bugzilla.suse.com/963806 https://bugzilla.suse.com/980904 From sle-updates at lists.suse.com Fri Jun 17 12:09:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 20:09:20 +0200 (CEST) Subject: SUSE-SU-2016:1620-1: important: Security update for mariadb Message-ID: <20160617180920.9AC95FFAC@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1620-1 Rating: important References: #961935 #963806 #963810 #970287 #970295 #980904 Cross-References: CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options (bsc#980904). - CVE-2016-0546: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Client (bsc#980904). - CVE-2016-0596: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0597: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0598: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0600: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to InnoDB (bsc#980904). - CVE-2016-0606: Unspecified vulnerability allowed remote authenticated users to affect integrity via unknown vectors related to encryption (bsc#980904). - CVE-2016-0608: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to UDF (bsc#980904). - CVE-2016-0609: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to privileges (bsc#980904). - CVE-2016-0616: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#980904). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#980904). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#980904). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#980904). - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#980904). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#980904). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#980904). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#980904). - CVE-2016-0655: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#980904). - CVE-2016-0668: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). These non-security issues were fixed: - bsc#961935: Remove the leftovers of "openSUSE" string in the '-DWITH_COMMENT' and 'DCOMPILATION_COMMENT' options - bsc#970287: remove ha_tokudb.so plugin and tokuft_logprint and tokuftdump binaries as TokuDB storage engine requires the jemalloc library that isn't present in SLE-12-SP1 - bsc#970295: Fix the leftovers of "logrotate.d/mysql" string in the logrotate error message. Occurrences of this string were changed to "logrotate.d/mariadb" - bsc#963810: Add 'log-error' and 'secure-file-priv' configuration options * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-963=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-963=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-963=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.25-6.1 libmysqlclient_r18-32bit-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.25-6.1 libmysqlclient_r18-10.0.25-6.1 libmysqld-devel-10.0.25-6.1 libmysqld18-10.0.25-6.1 libmysqld18-debuginfo-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.25-6.1 libmysqlclient18-debuginfo-10.0.25-6.1 mariadb-10.0.25-6.1 mariadb-client-10.0.25-6.1 mariadb-client-debuginfo-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 mariadb-errormessages-10.0.25-6.1 mariadb-tools-10.0.25-6.1 mariadb-tools-debuginfo-10.0.25-6.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.25-6.1 libmysqlclient18-debuginfo-32bit-10.0.25-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.25-6.1 libmysqlclient18-32bit-10.0.25-6.1 libmysqlclient18-debuginfo-10.0.25-6.1 libmysqlclient18-debuginfo-32bit-10.0.25-6.1 libmysqlclient_r18-10.0.25-6.1 libmysqlclient_r18-32bit-10.0.25-6.1 mariadb-10.0.25-6.1 mariadb-client-10.0.25-6.1 mariadb-client-debuginfo-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 mariadb-errormessages-10.0.25-6.1 References: https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0616.html https://www.suse.com/security/cve/CVE-2016-0640.html https://www.suse.com/security/cve/CVE-2016-0641.html https://www.suse.com/security/cve/CVE-2016-0642.html https://www.suse.com/security/cve/CVE-2016-0643.html https://www.suse.com/security/cve/CVE-2016-0644.html https://www.suse.com/security/cve/CVE-2016-0646.html https://www.suse.com/security/cve/CVE-2016-0647.html https://www.suse.com/security/cve/CVE-2016-0648.html https://www.suse.com/security/cve/CVE-2016-0649.html https://www.suse.com/security/cve/CVE-2016-0650.html https://www.suse.com/security/cve/CVE-2016-0651.html https://www.suse.com/security/cve/CVE-2016-0655.html https://www.suse.com/security/cve/CVE-2016-0666.html https://www.suse.com/security/cve/CVE-2016-0668.html https://www.suse.com/security/cve/CVE-2016-2047.html https://bugzilla.suse.com/961935 https://bugzilla.suse.com/963806 https://bugzilla.suse.com/963810 https://bugzilla.suse.com/970287 https://bugzilla.suse.com/970295 https://bugzilla.suse.com/980904 From sle-updates at lists.suse.com Fri Jun 17 14:08:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 22:08:19 +0200 (CEST) Subject: SUSE-RU-2016:1622-1: Recommended update for ffado Message-ID: <20160617200819.8C46AFFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for ffado ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1622-1 Rating: low References: #982957 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ffado fixes building of the package against newer versions of Gnome. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-966=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-966=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-966=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-966=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-966=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 - SUSE Linux Enterprise Workstation Extension 12 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado-devel-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado-devel-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Desktop 12 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Desktop 12 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 References: https://bugzilla.suse.com/982957 From sle-updates at lists.suse.com Mon Jun 20 07:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2016 15:08:07 +0200 (CEST) Subject: SUSE-RU-2016:1632-1: Recommended update for timezone Message-ID: <20160620130807.66ACAFF8F@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1632-1 Rating: low References: #982833 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016e) for your system, including the following changes: - Africa/Cairo observes DST in 2016 from July 7 to the end of October. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2016-June/000039.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-967=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-967=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-967=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-967=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016e-0.45.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Server 12 (noarch): timezone-java-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12 (x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12 (noarch): timezone-java-2016e-0.45.1 References: https://bugzilla.suse.com/982833 From sle-updates at lists.suse.com Mon Jun 20 08:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2016 16:08:41 +0200 (CEST) Subject: SUSE-SU-2016:1633-1: moderate: Security update for php5 Message-ID: <20160620140841.29146FF8F@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1633-1 Rating: moderate References: #981049 #981050 #981061 #982009 #982010 #982011 #982012 #982013 Cross-References: CVE-2013-7456 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside of valid range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside of valid range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2015-8877: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) as used in PHP used inconsistent allocate and free approaches, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (bsc#981061). - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not validate certain Exception objects, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data (bsc#981049). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-968=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-968=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-968=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-968=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-968=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-968=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-968=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 imap-devel-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 php5-debuginfo-5.5.14-64.5 php5-debugsource-5.5.14-64.5 php5-devel-5.5.14-64.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 imap-devel-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 php5-debuginfo-5.5.14-64.5 php5-debugsource-5.5.14-64.5 php5-devel-5.5.14-64.5 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-64.5 apache2-mod_php5-debuginfo-5.5.14-64.5 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 php5-5.5.14-64.5 php5-bcmath-5.5.14-64.5 php5-bcmath-debuginfo-5.5.14-64.5 php5-bz2-5.5.14-64.5 php5-bz2-debuginfo-5.5.14-64.5 php5-calendar-5.5.14-64.5 php5-calendar-debuginfo-5.5.14-64.5 php5-ctype-5.5.14-64.5 php5-ctype-debuginfo-5.5.14-64.5 php5-curl-5.5.14-64.5 php5-curl-debuginfo-5.5.14-64.5 php5-dba-5.5.14-64.5 php5-dba-debuginfo-5.5.14-64.5 php5-debuginfo-5.5.14-64.5 php5-debugsource-5.5.14-64.5 php5-dom-5.5.14-64.5 php5-dom-debuginfo-5.5.14-64.5 php5-enchant-5.5.14-64.5 php5-enchant-debuginfo-5.5.14-64.5 php5-exif-5.5.14-64.5 php5-exif-debuginfo-5.5.14-64.5 php5-fastcgi-5.5.14-64.5 php5-fastcgi-debuginfo-5.5.14-64.5 php5-fileinfo-5.5.14-64.5 php5-fileinfo-debuginfo-5.5.14-64.5 php5-fpm-5.5.14-64.5 php5-fpm-debuginfo-5.5.14-64.5 php5-ftp-5.5.14-64.5 php5-ftp-debuginfo-5.5.14-64.5 php5-gd-5.5.14-64.5 php5-gd-debuginfo-5.5.14-64.5 php5-gettext-5.5.14-64.5 php5-gettext-debuginfo-5.5.14-64.5 php5-gmp-5.5.14-64.5 php5-gmp-debuginfo-5.5.14-64.5 php5-iconv-5.5.14-64.5 php5-iconv-debuginfo-5.5.14-64.5 php5-imap-5.5.14-64.5 php5-imap-debuginfo-5.5.14-64.5 php5-intl-5.5.14-64.5 php5-intl-debuginfo-5.5.14-64.5 php5-json-5.5.14-64.5 php5-json-debuginfo-5.5.14-64.5 php5-ldap-5.5.14-64.5 php5-ldap-debuginfo-5.5.14-64.5 php5-mbstring-5.5.14-64.5 php5-mbstring-debuginfo-5.5.14-64.5 php5-mcrypt-5.5.14-64.5 php5-mcrypt-debuginfo-5.5.14-64.5 php5-mysql-5.5.14-64.5 php5-mysql-debuginfo-5.5.14-64.5 php5-odbc-5.5.14-64.5 php5-odbc-debuginfo-5.5.14-64.5 php5-opcache-5.5.14-64.5 php5-opcache-debuginfo-5.5.14-64.5 php5-openssl-5.5.14-64.5 php5-openssl-debuginfo-5.5.14-64.5 php5-pcntl-5.5.14-64.5 php5-pcntl-debuginfo-5.5.14-64.5 php5-pdo-5.5.14-64.5 php5-pdo-debuginfo-5.5.14-64.5 php5-pgsql-5.5.14-64.5 php5-pgsql-debuginfo-5.5.14-64.5 php5-phar-5.5.14-64.5 php5-phar-debuginfo-5.5.14-64.5 php5-posix-5.5.14-64.5 php5-posix-debuginfo-5.5.14-64.5 php5-pspell-5.5.14-64.5 php5-pspell-debuginfo-5.5.14-64.5 php5-shmop-5.5.14-64.5 php5-shmop-debuginfo-5.5.14-64.5 php5-snmp-5.5.14-64.5 php5-snmp-debuginfo-5.5.14-64.5 php5-soap-5.5.14-64.5 php5-soap-debuginfo-5.5.14-64.5 php5-sockets-5.5.14-64.5 php5-sockets-debuginfo-5.5.14-64.5 php5-sqlite-5.5.14-64.5 php5-sqlite-debuginfo-5.5.14-64.5 php5-suhosin-5.5.14-64.5 php5-suhosin-debuginfo-5.5.14-64.5 php5-sysvmsg-5.5.14-64.5 php5-sysvmsg-debuginfo-5.5.14-64.5 php5-sysvsem-5.5.14-64.5 php5-sysvsem-debuginfo-5.5.14-64.5 php5-sysvshm-5.5.14-64.5 php5-sysvshm-debuginfo-5.5.14-64.5 php5-tokenizer-5.5.14-64.5 php5-tokenizer-debuginfo-5.5.14-64.5 php5-wddx-5.5.14-64.5 php5-wddx-debuginfo-5.5.14-64.5 php5-xmlreader-5.5.14-64.5 php5-xmlreader-debuginfo-5.5.14-64.5 php5-xmlrpc-5.5.14-64.5 php5-xmlrpc-debuginfo-5.5.14-64.5 php5-xmlwriter-5.5.14-64.5 php5-xmlwriter-debuginfo-5.5.14-64.5 php5-xsl-5.5.14-64.5 php5-xsl-debuginfo-5.5.14-64.5 php5-zip-5.5.14-64.5 php5-zip-debuginfo-5.5.14-64.5 php5-zlib-5.5.14-64.5 php5-zlib-debuginfo-5.5.14-64.5 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-64.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 References: https://www.suse.com/security/cve/CVE-2013-7456.html https://www.suse.com/security/cve/CVE-2015-8876.html https://www.suse.com/security/cve/CVE-2015-8877.html https://www.suse.com/security/cve/CVE-2015-8879.html https://www.suse.com/security/cve/CVE-2016-5093.html https://www.suse.com/security/cve/CVE-2016-5094.html https://www.suse.com/security/cve/CVE-2016-5095.html https://www.suse.com/security/cve/CVE-2016-5096.html https://bugzilla.suse.com/981049 https://bugzilla.suse.com/981050 https://bugzilla.suse.com/981061 https://bugzilla.suse.com/982009 https://bugzilla.suse.com/982010 https://bugzilla.suse.com/982011 https://bugzilla.suse.com/982012 https://bugzilla.suse.com/982013 From sle-updates at lists.suse.com Mon Jun 20 09:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2016 17:08:18 +0200 (CEST) Subject: SUSE-RU-2016:1634-1: Recommended update for release-notes-sles Message-ID: <20160620150818.18E94FF8F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1634-1 Rating: low References: #955437 #979227 #979704 #984470 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Memory Compression with zswap. (fate#318829) - Multitier Block I/O Caching. (fate#315210) Some entries have been fixed or improved: - Improve list of deployment targets. (bsc#984470) - Remove duplicated content from Enabling NFSv2 Support section. (fate#318496) - Remove mention of non-existent parameter to btrfs tool. (fate#318805, bsc#979227) - Add note to PostgreSQL upgrade from 9.1 to 9.4 section. (fate#319049, bsc#955437) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-969=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20160616-20.1 References: https://bugzilla.suse.com/955437 https://bugzilla.suse.com/979227 https://bugzilla.suse.com/979704 https://bugzilla.suse.com/984470 From sle-updates at lists.suse.com Tue Jun 21 05:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 13:08:16 +0200 (CEST) Subject: SUSE-SU-2016:1638-1: important: Security update for php53 Message-ID: <20160621110816.941DEFF8F@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1638-1 Rating: important References: #884986 #884987 #884989 #884990 #884991 #884992 #885961 #886059 #886060 #893849 #893853 #902357 #902360 #902368 #910659 #914690 #917150 #918768 #919080 #921950 #922451 #922452 #923945 #924972 #925109 #928506 #928511 #931421 #931769 #931772 #931776 #933227 #935074 #935224 #935226 #935227 #935229 #935232 #935234 #935274 #935275 #938719 #938721 #942291 #942296 #945412 #945428 #949961 #968284 #969821 #971611 #971612 #971912 #973351 #973792 #976996 #976997 #977003 #977005 #977991 #977994 #978827 #978828 #978829 #978830 #980366 #980373 #980375 #981050 #982010 #982011 #982012 #982013 #982162 Cross-References: CVE-2004-1019 CVE-2006-7243 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5459 CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2783 CVE-2015-2787 CVE-2015-3152 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4116 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5161 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 85 vulnerabilities is now available. Description: This update for php53 to version 5.3.17 fixes the following issues: These security issues were fixed: - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829). - CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829. - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830). - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828). - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991). - CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994). - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003). - CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005). - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997). - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996). - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792). - CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351). - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821). - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location (bsc#971912). - CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612). - CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611). - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284). - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961). - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291). - CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296. - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function (bsc#945428). - CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412). - CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412). - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719). - CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721). - CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue (bsc#935224). - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue (bsc#935226). - CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226). - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226. - CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue (bsc#935234). - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274). - CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275). - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227). - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229). - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232). - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue (bsc#933227). - CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421). - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776). - CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772). - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769). - CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506). - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511). - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972). - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945). - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452). - CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950). - CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451). - CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768). - CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690). - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357). - CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360). - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368). - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions (bsc#893849). - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853). - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (bsc#886059). - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (bsc#886060). - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961). - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986). - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987). - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989). - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990). - CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991). - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992). These non-security issues were fixed: - bnc#935074: compare with SQL_NULL_DATA correctly - bnc#935074: fix segfault in odbc_fetch_array - bnc#919080: fix timezone map - bnc#925109: unserialize SoapClient type confusion Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php53-12621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-47.1 php53-5.3.17-47.1 php53-bcmath-5.3.17-47.1 php53-bz2-5.3.17-47.1 php53-calendar-5.3.17-47.1 php53-ctype-5.3.17-47.1 php53-curl-5.3.17-47.1 php53-dba-5.3.17-47.1 php53-dom-5.3.17-47.1 php53-exif-5.3.17-47.1 php53-fastcgi-5.3.17-47.1 php53-fileinfo-5.3.17-47.1 php53-ftp-5.3.17-47.1 php53-gd-5.3.17-47.1 php53-gettext-5.3.17-47.1 php53-gmp-5.3.17-47.1 php53-iconv-5.3.17-47.1 php53-intl-5.3.17-47.1 php53-json-5.3.17-47.1 php53-ldap-5.3.17-47.1 php53-mbstring-5.3.17-47.1 php53-mcrypt-5.3.17-47.1 php53-mysql-5.3.17-47.1 php53-odbc-5.3.17-47.1 php53-openssl-5.3.17-47.1 php53-pcntl-5.3.17-47.1 php53-pdo-5.3.17-47.1 php53-pear-5.3.17-47.1 php53-pgsql-5.3.17-47.1 php53-pspell-5.3.17-47.1 php53-shmop-5.3.17-47.1 php53-snmp-5.3.17-47.1 php53-soap-5.3.17-47.1 php53-suhosin-5.3.17-47.1 php53-sysvmsg-5.3.17-47.1 php53-sysvsem-5.3.17-47.1 php53-sysvshm-5.3.17-47.1 php53-tokenizer-5.3.17-47.1 php53-wddx-5.3.17-47.1 php53-xmlreader-5.3.17-47.1 php53-xmlrpc-5.3.17-47.1 php53-xmlwriter-5.3.17-47.1 php53-xsl-5.3.17-47.1 php53-zip-5.3.17-47.1 php53-zlib-5.3.17-47.1 References: https://www.suse.com/security/cve/CVE-2004-1019.html https://www.suse.com/security/cve/CVE-2006-7243.html https://www.suse.com/security/cve/CVE-2014-0207.html https://www.suse.com/security/cve/CVE-2014-3478.html https://www.suse.com/security/cve/CVE-2014-3479.html https://www.suse.com/security/cve/CVE-2014-3480.html https://www.suse.com/security/cve/CVE-2014-3487.html https://www.suse.com/security/cve/CVE-2014-3515.html https://www.suse.com/security/cve/CVE-2014-3597.html https://www.suse.com/security/cve/CVE-2014-3668.html https://www.suse.com/security/cve/CVE-2014-3669.html https://www.suse.com/security/cve/CVE-2014-3670.html https://www.suse.com/security/cve/CVE-2014-4049.html https://www.suse.com/security/cve/CVE-2014-4670.html https://www.suse.com/security/cve/CVE-2014-4698.html https://www.suse.com/security/cve/CVE-2014-4721.html https://www.suse.com/security/cve/CVE-2014-5459.html https://www.suse.com/security/cve/CVE-2014-8142.html https://www.suse.com/security/cve/CVE-2014-9652.html https://www.suse.com/security/cve/CVE-2014-9705.html https://www.suse.com/security/cve/CVE-2014-9709.html https://www.suse.com/security/cve/CVE-2014-9767.html https://www.suse.com/security/cve/CVE-2015-0231.html https://www.suse.com/security/cve/CVE-2015-0232.html https://www.suse.com/security/cve/CVE-2015-0273.html https://www.suse.com/security/cve/CVE-2015-1352.html https://www.suse.com/security/cve/CVE-2015-2301.html https://www.suse.com/security/cve/CVE-2015-2305.html https://www.suse.com/security/cve/CVE-2015-2783.html https://www.suse.com/security/cve/CVE-2015-2787.html https://www.suse.com/security/cve/CVE-2015-3152.html https://www.suse.com/security/cve/CVE-2015-3329.html https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4021.html https://www.suse.com/security/cve/CVE-2015-4022.html https://www.suse.com/security/cve/CVE-2015-4024.html https://www.suse.com/security/cve/CVE-2015-4026.html https://www.suse.com/security/cve/CVE-2015-4116.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://www.suse.com/security/cve/CVE-2015-5161.html https://www.suse.com/security/cve/CVE-2015-5589.html https://www.suse.com/security/cve/CVE-2015-5590.html https://www.suse.com/security/cve/CVE-2015-6831.html https://www.suse.com/security/cve/CVE-2015-6833.html https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://www.suse.com/security/cve/CVE-2015-7803.html https://www.suse.com/security/cve/CVE-2015-8835.html https://www.suse.com/security/cve/CVE-2015-8838.html https://www.suse.com/security/cve/CVE-2015-8866.html https://www.suse.com/security/cve/CVE-2015-8867.html https://www.suse.com/security/cve/CVE-2015-8873.html https://www.suse.com/security/cve/CVE-2015-8874.html https://www.suse.com/security/cve/CVE-2015-8879.html https://www.suse.com/security/cve/CVE-2016-2554.html https://www.suse.com/security/cve/CVE-2016-3141.html https://www.suse.com/security/cve/CVE-2016-3142.html https://www.suse.com/security/cve/CVE-2016-3185.html https://www.suse.com/security/cve/CVE-2016-4070.html https://www.suse.com/security/cve/CVE-2016-4073.html https://www.suse.com/security/cve/CVE-2016-4342.html https://www.suse.com/security/cve/CVE-2016-4346.html https://www.suse.com/security/cve/CVE-2016-4537.html https://www.suse.com/security/cve/CVE-2016-4538.html https://www.suse.com/security/cve/CVE-2016-4539.html https://www.suse.com/security/cve/CVE-2016-4540.html https://www.suse.com/security/cve/CVE-2016-4541.html https://www.suse.com/security/cve/CVE-2016-4542.html https://www.suse.com/security/cve/CVE-2016-4543.html https://www.suse.com/security/cve/CVE-2016-4544.html https://www.suse.com/security/cve/CVE-2016-5093.html https://www.suse.com/security/cve/CVE-2016-5094.html https://www.suse.com/security/cve/CVE-2016-5095.html https://www.suse.com/security/cve/CVE-2016-5096.html https://www.suse.com/security/cve/CVE-2016-5114.html https://bugzilla.suse.com/884986 https://bugzilla.suse.com/884987 https://bugzilla.suse.com/884989 https://bugzilla.suse.com/884990 https://bugzilla.suse.com/884991 https://bugzilla.suse.com/884992 https://bugzilla.suse.com/885961 https://bugzilla.suse.com/886059 https://bugzilla.suse.com/886060 https://bugzilla.suse.com/893849 https://bugzilla.suse.com/893853 https://bugzilla.suse.com/902357 https://bugzilla.suse.com/902360 https://bugzilla.suse.com/902368 https://bugzilla.suse.com/910659 https://bugzilla.suse.com/914690 https://bugzilla.suse.com/917150 https://bugzilla.suse.com/918768 https://bugzilla.suse.com/919080 https://bugzilla.suse.com/921950 https://bugzilla.suse.com/922451 https://bugzilla.suse.com/922452 https://bugzilla.suse.com/923945 https://bugzilla.suse.com/924972 https://bugzilla.suse.com/925109 https://bugzilla.suse.com/928506 https://bugzilla.suse.com/928511 https://bugzilla.suse.com/931421 https://bugzilla.suse.com/931769 https://bugzilla.suse.com/931772 https://bugzilla.suse.com/931776 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935074 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935229 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 https://bugzilla.suse.com/938719 https://bugzilla.suse.com/938721 https://bugzilla.suse.com/942291 https://bugzilla.suse.com/942296 https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 https://bugzilla.suse.com/949961 https://bugzilla.suse.com/968284 https://bugzilla.suse.com/969821 https://bugzilla.suse.com/971611 https://bugzilla.suse.com/971612 https://bugzilla.suse.com/971912 https://bugzilla.suse.com/973351 https://bugzilla.suse.com/973792 https://bugzilla.suse.com/976996 https://bugzilla.suse.com/976997 https://bugzilla.suse.com/977003 https://bugzilla.suse.com/977005 https://bugzilla.suse.com/977991 https://bugzilla.suse.com/977994 https://bugzilla.suse.com/978827 https://bugzilla.suse.com/978828 https://bugzilla.suse.com/978829 https://bugzilla.suse.com/978830 https://bugzilla.suse.com/980366 https://bugzilla.suse.com/980373 https://bugzilla.suse.com/980375 https://bugzilla.suse.com/981050 https://bugzilla.suse.com/982010 https://bugzilla.suse.com/982011 https://bugzilla.suse.com/982012 https://bugzilla.suse.com/982013 https://bugzilla.suse.com/982162 From sle-updates at lists.suse.com Tue Jun 21 05:21:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 13:21:27 +0200 (CEST) Subject: SUSE-SU-2016:1639-1: important: Security update for libimobiledevice, usbmuxd Message-ID: <20160621112127.BCB9EFF8F@maintenance.suse.de> SUSE Security Update: Security update for libimobiledevice, usbmuxd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1639-1 Rating: important References: #982014 Cross-References: CVE-2016-5104 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed: - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally (982014). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-973=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-973=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-973=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-973=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-973=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-973=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-973=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-973=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-devel-1.1.5-6.1 libusbmuxd-devel-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-devel-1.1.5-6.1 libusbmuxd-devel-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 References: https://www.suse.com/security/cve/CVE-2016-5104.html https://bugzilla.suse.com/982014 From sle-updates at lists.suse.com Tue Jun 21 05:21:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 13:21:50 +0200 (CEST) Subject: SUSE-SU-2016:1640-1: important: Security update for ctdb Message-ID: <20160621112150.6CF7CFFA3@maintenance.suse.de> SUSE Security Update: Security update for ctdb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1640-1 Rating: important References: #969522 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: ctdb was updated to fix one security issue. This security issue was fixed: - bsc#969522: ctdb opening sockets with htons(IPPROTO_RAW) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ctdb-12622=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-ctdb-12622=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ctdb-12622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-devel-1.0.114.6-0.14.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-1.0.114.6-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-debuginfo-1.0.114.6-0.14.1 ctdb-debugsource-1.0.114.6-0.14.1 References: https://bugzilla.suse.com/969522 From sle-updates at lists.suse.com Tue Jun 21 06:14:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 14:14:42 +0200 (CEST) Subject: SUSE-RU-2016:1642-1: moderate: Recommended update for crowbar-barclamp-ceilometer, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-keystone and crowbar-barclamp-swift Message-ID: <20160621121442.51723FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-keystone and crowbar-barclamp-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1642-1 Rating: moderate References: #935462 #965886 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-ceilometer, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-keystone, and crowbar-barclamp-swift fixes the following issues: - Minimize disruption of services with HA by using interleave for clones (bsc#965886) - Improve reliability of Ceilometer and Heat deployment with HA (bsc#935462) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-ceilometer-12623=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-ceilometer-1.9+git.1460064195.e4b231d-12.1 crowbar-barclamp-glance-1.9+git.1460064128.7bb2fea-16.1 crowbar-barclamp-heat-1.9+git.1460064150.a7e95c0-15.1 crowbar-barclamp-keystone-1.9+git.1460063691.f21a95b-19.1 crowbar-barclamp-swift-1.9+git.1460076316.f7c91cd-15.1 References: https://bugzilla.suse.com/935462 https://bugzilla.suse.com/965886 From sle-updates at lists.suse.com Tue Jun 21 06:15:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 14:15:26 +0200 (CEST) Subject: SUSE-RU-2016:1643-1: important: Recommended update for openstack-neutron Message-ID: <20160621121526.68B93FFA5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1643-1 Rating: important References: #975582 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron provides the latest code from OpenStack Liberty. - Fix neutron start when SSL is enabled (bsc#975582) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-975=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-neutron-7.1.2~a0~dev10-7.1 openstack-neutron-dhcp-agent-7.1.2~a0~dev10-7.1 openstack-neutron-doc-7.1.2~a0~dev10-7.1 openstack-neutron-ha-tool-7.1.2~a0~dev10-7.1 openstack-neutron-l3-agent-7.1.2~a0~dev10-7.1 openstack-neutron-linuxbridge-agent-7.1.2~a0~dev10-7.1 openstack-neutron-metadata-agent-7.1.2~a0~dev10-7.1 openstack-neutron-metering-agent-7.1.2~a0~dev10-7.1 openstack-neutron-mlnx-agent-7.1.2~a0~dev10-7.1 openstack-neutron-nvsd-agent-7.1.2~a0~dev10-7.1 openstack-neutron-openvswitch-agent-7.1.2~a0~dev10-7.1 openstack-neutron-restproxy-agent-7.1.2~a0~dev10-7.1 openstack-neutron-server-7.1.2~a0~dev10-7.1 python-neutron-7.1.2~a0~dev10-7.1 References: https://bugzilla.suse.com/975582 From sle-updates at lists.suse.com Tue Jun 21 07:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 15:08:16 +0200 (CEST) Subject: SUSE-RU-2016:1644-1: moderate: Recommended update for portus Message-ID: <20160621130816.CBFB0FF8F@maintenance.suse.de> SUSE Recommended Update: Recommended update for portus ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1644-1 Rating: moderate References: #967411 #976088 #976113 #976198 #978374 #978658 #978661 #979210 #981312 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for portus provides version 2.0.5 (bsc#981312, bsc#979210) and fixes the following issues: - Improvements * The FQDN can now be specified from the configuration too. This is meant to help users to transition from 2.0.x to 2.1. * Portus is now more explicit on the allowed name format. (bsc#978658) * Portus is now more friendly on errors based on the namespace name. (bsc#978661) * Better Sub-URI handling & configurable config-local.yml path. - portusctl * Disable automatic generation of certificates. For this, now there are two new flags: --ssl-gen-self-signed-certs and --ssl-certs-dir