From sle-updates at lists.suse.com Tue Nov 1 07:07:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 14:07:15 +0100 (CET) Subject: SUSE-RU-2016:2693-1: Recommended update for wget Message-ID: <20161101130715.8724DF7B8@maintenance.suse.de> SUSE Recommended Update: Recommended update for wget ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2693-1 Rating: low References: #1005091 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wget provides the following fixes: - Don't call xfree() on string returned by usr_error(). Fixes a segmentation fault. (bsc#1005091) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wget-12826=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-wget-12826=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wget-12826=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-1.11.4-1.35.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): wget-openssl1-1.11.4-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-debuginfo-1.11.4-1.35.1 wget-debugsource-1.11.4-1.35.1 References: https://bugzilla.suse.com/1005091 From sle-updates at lists.suse.com Tue Nov 1 09:07:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:07:20 +0100 (CET) Subject: SUSE-SU-2016:2477-2: important: Security update for php5 Message-ID: <20161101150720.86FDEFFBC@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2477-2 Rating: important References: #999679 #999680 #999682 #999684 #999685 #999819 #999820 Cross-References: CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for php5 fixes the following security issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1446=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64): apache2-mod_php5-5.5.14-78.1 apache2-mod_php5-debuginfo-5.5.14-78.1 php5-5.5.14-78.1 php5-bcmath-5.5.14-78.1 php5-bcmath-debuginfo-5.5.14-78.1 php5-bz2-5.5.14-78.1 php5-bz2-debuginfo-5.5.14-78.1 php5-calendar-5.5.14-78.1 php5-calendar-debuginfo-5.5.14-78.1 php5-ctype-5.5.14-78.1 php5-ctype-debuginfo-5.5.14-78.1 php5-curl-5.5.14-78.1 php5-curl-debuginfo-5.5.14-78.1 php5-dba-5.5.14-78.1 php5-dba-debuginfo-5.5.14-78.1 php5-debuginfo-5.5.14-78.1 php5-debugsource-5.5.14-78.1 php5-dom-5.5.14-78.1 php5-dom-debuginfo-5.5.14-78.1 php5-enchant-5.5.14-78.1 php5-enchant-debuginfo-5.5.14-78.1 php5-exif-5.5.14-78.1 php5-exif-debuginfo-5.5.14-78.1 php5-fastcgi-5.5.14-78.1 php5-fastcgi-debuginfo-5.5.14-78.1 php5-fileinfo-5.5.14-78.1 php5-fileinfo-debuginfo-5.5.14-78.1 php5-fpm-5.5.14-78.1 php5-fpm-debuginfo-5.5.14-78.1 php5-ftp-5.5.14-78.1 php5-ftp-debuginfo-5.5.14-78.1 php5-gd-5.5.14-78.1 php5-gd-debuginfo-5.5.14-78.1 php5-gettext-5.5.14-78.1 php5-gettext-debuginfo-5.5.14-78.1 php5-gmp-5.5.14-78.1 php5-gmp-debuginfo-5.5.14-78.1 php5-iconv-5.5.14-78.1 php5-iconv-debuginfo-5.5.14-78.1 php5-imap-5.5.14-78.1 php5-imap-debuginfo-5.5.14-78.1 php5-intl-5.5.14-78.1 php5-intl-debuginfo-5.5.14-78.1 php5-json-5.5.14-78.1 php5-json-debuginfo-5.5.14-78.1 php5-ldap-5.5.14-78.1 php5-ldap-debuginfo-5.5.14-78.1 php5-mbstring-5.5.14-78.1 php5-mbstring-debuginfo-5.5.14-78.1 php5-mcrypt-5.5.14-78.1 php5-mcrypt-debuginfo-5.5.14-78.1 php5-mysql-5.5.14-78.1 php5-mysql-debuginfo-5.5.14-78.1 php5-odbc-5.5.14-78.1 php5-odbc-debuginfo-5.5.14-78.1 php5-opcache-5.5.14-78.1 php5-opcache-debuginfo-5.5.14-78.1 php5-openssl-5.5.14-78.1 php5-openssl-debuginfo-5.5.14-78.1 php5-pcntl-5.5.14-78.1 php5-pcntl-debuginfo-5.5.14-78.1 php5-pdo-5.5.14-78.1 php5-pdo-debuginfo-5.5.14-78.1 php5-pgsql-5.5.14-78.1 php5-pgsql-debuginfo-5.5.14-78.1 php5-phar-5.5.14-78.1 php5-phar-debuginfo-5.5.14-78.1 php5-posix-5.5.14-78.1 php5-posix-debuginfo-5.5.14-78.1 php5-pspell-5.5.14-78.1 php5-pspell-debuginfo-5.5.14-78.1 php5-shmop-5.5.14-78.1 php5-shmop-debuginfo-5.5.14-78.1 php5-snmp-5.5.14-78.1 php5-snmp-debuginfo-5.5.14-78.1 php5-soap-5.5.14-78.1 php5-soap-debuginfo-5.5.14-78.1 php5-sockets-5.5.14-78.1 php5-sockets-debuginfo-5.5.14-78.1 php5-sqlite-5.5.14-78.1 php5-sqlite-debuginfo-5.5.14-78.1 php5-suhosin-5.5.14-78.1 php5-suhosin-debuginfo-5.5.14-78.1 php5-sysvmsg-5.5.14-78.1 php5-sysvmsg-debuginfo-5.5.14-78.1 php5-sysvsem-5.5.14-78.1 php5-sysvsem-debuginfo-5.5.14-78.1 php5-sysvshm-5.5.14-78.1 php5-sysvshm-debuginfo-5.5.14-78.1 php5-tokenizer-5.5.14-78.1 php5-tokenizer-debuginfo-5.5.14-78.1 php5-wddx-5.5.14-78.1 php5-wddx-debuginfo-5.5.14-78.1 php5-xmlreader-5.5.14-78.1 php5-xmlreader-debuginfo-5.5.14-78.1 php5-xmlrpc-5.5.14-78.1 php5-xmlrpc-debuginfo-5.5.14-78.1 php5-xmlwriter-5.5.14-78.1 php5-xmlwriter-debuginfo-5.5.14-78.1 php5-xsl-5.5.14-78.1 php5-xsl-debuginfo-5.5.14-78.1 php5-zip-5.5.14-78.1 php5-zip-debuginfo-5.5.14-78.1 php5-zlib-5.5.14-78.1 php5-zlib-debuginfo-5.5.14-78.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-78.1 References: https://www.suse.com/security/cve/CVE-2016-7411.html https://www.suse.com/security/cve/CVE-2016-7412.html https://www.suse.com/security/cve/CVE-2016-7413.html https://www.suse.com/security/cve/CVE-2016-7414.html https://www.suse.com/security/cve/CVE-2016-7416.html https://www.suse.com/security/cve/CVE-2016-7417.html https://www.suse.com/security/cve/CVE-2016-7418.html https://bugzilla.suse.com/999679 https://bugzilla.suse.com/999680 https://bugzilla.suse.com/999682 https://bugzilla.suse.com/999684 https://bugzilla.suse.com/999685 https://bugzilla.suse.com/999819 https://bugzilla.suse.com/999820 From sle-updates at lists.suse.com Tue Nov 1 09:08:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:08:32 +0100 (CET) Subject: SUSE-RU-2016:2534-2: Recommended update for ceph-deploy Message-ID: <20161101150832.B712AFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-deploy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2534-2 Rating: low References: #980708 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph-deploy provides version 1.5.34 and fixes the following issues: - Protect against two rgw using the same port. (bsc#980708) - Do not call partx/partprobe when zapping disks - No longer allow using ext4 - Changed default to systemd for SUSE - No longer depend on automatic ``ceph-create-keys``, use the monitors to fetch keys. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1478=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ceph-deploy-1.5.34+git.1470736983.963ba71-3.1 References: https://bugzilla.suse.com/980708 From sle-updates at lists.suse.com Tue Nov 1 09:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:08:56 +0100 (CET) Subject: SUSE-RU-2016:2547-2: moderate: Recommended update for smt Message-ID: <20161101150856.C6F54FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2547-2 Rating: moderate References: #1004055 #970608 #987559 #992246 #996240 #996517 #996519 #998128 #999051 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Show correct Repository ID in smt-repos verbose output. (bsc#1004055) - Translate hardware data from NCC to SCC format. (bsc#998128) - Adapt EULA Url for products not hosted on SCC. (bsc#970608) - Fix and check product ids during setup custom repositories. (bsc#996517) - Fix removing custom repository. (bsc#996517) - Support adding products to existing custom repository. (bsc#996517, bsc#996519) - Improve no_proxy handling in SMT. (bsc#996240) - Log repositories missing for migration. (bsc#999051) - Renamed remote_ip to client_ip for apache 2.4. (bsc#992246) - Added missing reference for bsc#987559 to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1488=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64): smt-ha-3.0.20-31.1 References: https://bugzilla.suse.com/1004055 https://bugzilla.suse.com/970608 https://bugzilla.suse.com/987559 https://bugzilla.suse.com/992246 https://bugzilla.suse.com/996240 https://bugzilla.suse.com/996517 https://bugzilla.suse.com/996519 https://bugzilla.suse.com/998128 https://bugzilla.suse.com/999051 From sle-updates at lists.suse.com Tue Nov 1 09:10:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:10:49 +0100 (CET) Subject: SUSE-RU-2016:2567-2: Recommended update for ksh Message-ID: <20161101151049.A70BAFFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2567-2 Rating: low References: #988213 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ksh fixes a locking error in spawn implementation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1503=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64): ksh-93vu-18.1 ksh-debuginfo-93vu-18.1 ksh-debugsource-93vu-18.1 References: https://bugzilla.suse.com/988213 From sle-updates at lists.suse.com Tue Nov 1 09:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:11:15 +0100 (CET) Subject: SUSE-RU-2016:2466-2: moderate: Recommended update for lrbd Message-ID: <20161101151115.74ABEFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2466-2 Rating: moderate References: #982788 #987997 #987999 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lrbd provides version 1.1 and fixes the following issues: - Always unmap with -Cu. (bsc#982788) - Adds various features. (bsc#987999, bsc#987997) - Add -n/-p options. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1438=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): lrbd-1.1-8.1 References: https://bugzilla.suse.com/982788 https://bugzilla.suse.com/987997 https://bugzilla.suse.com/987999 From sle-updates at lists.suse.com Tue Nov 1 09:12:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:12:00 +0100 (CET) Subject: SUSE-RU-2016:2087-2: Recommended update for calamari-server Message-ID: <20161101151200.4CE6DFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for calamari-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2087-2 Rating: low References: #981871 #989181 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for calamari-server fixes the following issues: - Mark salt SLS files as %config(noreplace), so as to not have calamari overwrite potentially existing top.sls files on install (bsc#989181) - calamari: Ignore ENOENT in calamari-crush-location (bsc#981871) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1232=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): calamari-server-1.3+git.1465907180.26eea7d-4.1 References: https://bugzilla.suse.com/981871 https://bugzilla.suse.com/989181 From sle-updates at lists.suse.com Tue Nov 1 09:12:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:12:35 +0100 (CET) Subject: SUSE-OU-2016:2319-2: Optional update for gcc6 Message-ID: <20161101151235.CA3E3FFBC@maintenance.suse.de> SUSE Optional Update: Optional update for gcc6 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2319-2 Rating: low References: #983206 Affected Products: SUSE Linux Enterprise Module for Toolchain 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update ships the GNU Compiler Collection (GCC) in version 6.2. This update is shipped in two parts: - SUSE Linux Enterprise Server 12 and Desktop: The runtime libraries libgcc_s1, libstdc++6, libatomic1, libgomp1, libitm1 and some others can now be used by GCC 6 built binaries. - SUSE Linux Enterprise 12 Toolchain Module: The Toolchain module received the GCC 6 compiler suite with this update. Changes: - The default mode for C++ is now -std=gnu++14 instead of -std=gnu++98. Generic Optimization improvements: - UndefinedBehaviorSanitizer gained a new sanitization option, -fsanitize=bounds-strict, which enables strict checking of array bounds. In particular, it enables -fsanitize=bounds as well as instrumentation of flexible array member-like arrays. - Type-based alias analysis now disambiguates accesses to different pointers. This improves precision of the alias oracle by about 20-30% on higher-level C++ programs. Programs doing invalid type punning of pointer types may now need -fno-strict-aliasing to work correctly. - Alias analysis now correctly supports weakref and alias attributes. This makes it possible to access both a variable and its alias in one translation unit which is common with link-time optimization. - Value range propagation now assumes that the this pointer of C++ member functions is non-null. This eliminates common null pointer checks but also breaks some non-conforming code-bases (such as Qt-5, Chromium, KDevelop). As a temporary work-around -fno-delete-null-pointer-checks can be used. Wrong code can be identified by using -fsanitize=undefined. - Various Link-time optimization improvements. - Inter-procedural optimization improvements: - Basic jump threading is now performed before profile construction and inline analysis, resulting in more realistic size and time estimates that drive the heuristics of the of inliner and function cloning passes. - Function cloning now more aggressively eliminates unused function parameters. - Compared to GCC 5, the GCC 6 release series includes a much improved implementation of the OpenACC 2.0a specification. C language specific improvements: - Version 4.5 of the OpenMP specification is now supported in the C and C++ compilers. - Source locations for the C and C++ compilers are now tracked as ranges, rather than just points, making it easier to identify the subexpression of interest within a complicated expression. In addition, there is now initial support for precise diagnostic locations within strings, - Diagnostics can now contain "fix-it hints", which are displayed in context underneath the relevant source code. - The C and C++ compilers now offer suggestions for misspelled field names. - New command-line options have been added for the C and C++ compilers: - -Wshift-negative-value warns about left shifting a negative value. - -Wshift-overflow warns about left shift overflows. This warning is enabled by default. -Wshift-overflow=2 also warns about left-shifting 1 into the sign bit. - -Wtautological-compare warns if a self-comparison always evaluates to true or false. This warning is enabled by -Wall. - -Wnull-dereference warns if the compiler detects paths that trigger erroneous or undefined behavior due to dereferencing a null pointer. This option is only active when -fdelete-null-pointer-checks is active, which is enabled by optimizations in most targets. The precision of the warnings depends on the optimization options used. - -Wduplicated-cond warns about duplicated conditions in an if-else-if chain. - -Wmisleading-indentation warns about places where the indentation of the code gives a misleading idea of the block structure of the code to a human reader. This warning is enabled by -Wall. - The C and C++ compilers now emit saner error messages if merge-conflict markers are present in a source file. C improvements: - It is possible to disable warnings when an initialized field of a structure or a union with side effects is being overridden when using designated initializers via a new warning option -Woverride-init-side-effects. - A new type attribute scalar_storage_order applying to structures and unions has been introduced. It specifies the storage order (aka endianness) in memory of scalar fields in structures or unions. C++ improvements: - The default mode has been changed to -std=gnu++14. - C++ Concepts are now supported when compiling with -fconcepts. - -flifetime-dse is more aggressive in dead-store elimination in situations where a memory store to a location precedes a constructor to that memory location. - G++ now supports C++17 fold expressions, u8 character literals, extended static_assert, and nested namespace definitions. - G++ now allows constant evaluation for all non-type template arguments. - G++ now supports C++ Transactional Memory when compiling with -fgnu-tm. libstdc++ improvements: - Extensions to the C++ Library to support mathematical special functions (ISO/IEC 29124:2010), thanks to Edward Smith-Rowland. - Experimental support for C++17. - An experimental implementation of the File System TS. - Experimental support for most features of the second version of the Library Fundamentals TS. This includes polymorphic memory resources and array support in shared_ptr, thanks to Fan You. - Some assertions checked by Debug Mode can now also be enabled by _GLIBCXX_ASSERTIONS. The subset of checks enabled by the new macro have less run-time overhead than the full _GLIBCXX_DEBUG checks and don't affect the library ABI, so can be enabled per-translation unit. Fortran improvements: - Fortran 2008 SUBMODULE support. - Fortran 2015 EVENT_TYPE, EVENT_POST, EVENT_WAIT, and EVENT_QUERY support. - Improved support for Fortran 2003 deferred-length character variables. - Improved support for OpenMP and OpenACC. - The MATMUL intrinsic is now inlined for straightforward cases if front-end optimization is active. The maximum size for inlining can be set to n with the -finline-matmul-limit=n option and turned off with -finline-matmul-limit=0. - The -Wconversion-extra option will warn about REAL constants which have excess precision for their kind. - The -Winteger-division option has been added, which warns about divisions of integer constants which are truncated. This option is included in -Wall by default. Architecture improvements: - AArch64 received a lot of improvements. IA-32/x86-64 improvements: - GCC now supports the Intel CPU named Skylake with AVX-512 extensions through -march=skylake-avx512. The switch enables the following ISA extensions: AVX-512F, AVX512VL, AVX-512CD, AVX-512BW, AVX-512DQ. - Support for new AMD instructions monitorx and mwaitx has been added. This includes new intrinsic and built-in support. It is enabled through option -mmwaitx. The instructions monitorx and mwaitx implement the same functionality as the old monitor and mwait instructions. In addition mwaitx adds a configurable timer. The timer value is received as third argument and stored in register %ebx. - x86-64 targets now allow stack realignment from a word-aligned stack pointer using the command-line option -mstackrealign or __attribute__ ((force_align_arg_pointer)). This allows functions compiled with a vector-aligned stack to be invoked from objects that keep only word-alignment. - Support for address spaces __seg_fs, __seg_gs, and __seg_tls. These can be used to access data via the %fs and %gs segments without having to resort to inline assembly. - Support for AMD Zen (family 17h) processors is now available through the -march=znver1 and -mtune=znver1 options. PowerPC / PowerPC64 / RS6000 improvements: - PowerPC64 now supports IEEE 128-bit floating-point using the __float128 data type. In GCC 6, this is not enabled by default, but you can enable it with -mfloat128. The IEEE 128-bit floating-point support requires the use of the VSX instruction set. IEEE 128-bit floating-point values are passed and returned as a single vector value. The software emulator for IEEE 128-bit floating-point support is only built on PowerPC GNU/Linux systems where the default CPU is at least power7. On future ISA 3.0 systems (POWER 9 and later), you will be able to use the -mfloat128-hardware option to use the ISA 3.0 instructions that support IEEE 128-bit floating-point. An additional type (__ibm128) has been added to refer to the IBM extended double type that normally implements long double. This will allow for a future transition to implementing long double with IEEE 128-bit floating-point. - Basic support has been added for POWER9 hardware that will use the recently published OpenPOWER ISA 3.0 instructions. The following new switches are available: - -mcpu=power9: Implement all of the ISA 3.0 instructions supported by the compiler. - -mtune=power9: In the future, apply tuning for POWER9 systems. Currently, POWER8 tunings are used. - -mmodulo: Generate code using the ISA 3.0 integer instructions (modulus, count trailing zeros, array index support, integer multiply/add). - -mpower9-fusion: Generate code to suitably fuse instruction sequences for a POWER9 system. - -mpower9-dform: Generate code to use the new D-form (register+offset) memory instructions for the vector registers. - -mpower9-vector: Generate code using the new ISA 3.0 vector (VSX or Altivec) instructions. - -mpower9-minmax: Reserved for future development. - -mtoc-fusion: Keep TOC entries together to provide more fusion opportunities. - New constraints have been added to support IEEE 128-bit floating-point and ISA 3.0 instructions. - Support has been added for __builtin_cpu_is() and __builtin_cpu_supports(), allowing for very fast access to AT_PLATFORM, AT_HWCAP, and AT_HWCAP2 values. This requires use of glibc 2.23 or later. - All hardware transactional memory builtins now correctly behave as memory barriers. Programmers can use #ifdef __TM_FENCE__ to determine whether their "old" compiler treats the builtins as barriers. - Split-stack support has been added for gccgo on PowerPC64 for both big- and little-endian (but not for 32-bit). The gold linker from at least binutils 2.25.1 must be available in the PATH when configuring and building gccgo to enable split stack. (The requirement for binutils 2.25.1 applies to PowerPC64 only.) The split-stack feature allows a small initial stack size to be allocated for each goroutine, which increases as needed. - GCC on PowerPC now supports the standard lround function. - The "q", "S", "T", and "t" asm-constraints have been removed. - The "b", "B", "m", "M", and "W" format modifiers have been removed. S/390, System z, IBM z Systems improvements: - Support for the IBM z13 processor has been added. When using the -march=z13 option, the compiler will generate code making use of the new instructions and registers introduced with the vector extension facility. The -mtune=z13 option enables z13 specific instruction scheduling without making use of new instructions. - Compiling code with -march=z13 reduces the default alignment of vector types bigger than 8 bytes to 8. This is an ABI change and care must be taken when linking modules compiled with different arch levels which interchange variables containing vector type values. For newly compiled code the GNU linker will emit a warning. - The -mzvector option enables a C/C++ language extension. This extension provides a new keyword vector which can be used to define vector type variables. (Note: This is not available when enforcing strict standard compliance e.g. with -std=c99. Either enable GNU extensions with e.g. -std=gnu99 or use __vector instead of vector.) - Additionally a set of overloaded builtins is provided which is partially compatible to the PowerPC Altivec builtins. In order to make use of these builtins the vecintrin.h header file needs to be included. - The new command line options -march=native, and -mtune=native are now available on native IBM z Systems. Specifying these options will cause GCC to auto-detect the host CPU and rewrite these options to the optimal setting for that system. If GCC is unable to detect the host CPU these options have no effect. - The IBM z Systems port now supports target attributes and pragmas. Please refer to the documentation for details of available attributes and pragmas as well as usage instructions. - -fsplit-stack is now supported as part of the IBM z Systems port. This feature requires a recent gold linker to be used. - Support for the g5 and g6 -march=/-mtune= CPU level switches has been deprecated and will be removed in a future GCC release. -m31 from now on defaults to -march=z900 if not specified otherwise. -march=native on a g5/g6 machine will default to -march=z900. An even more detailed list of features can be found at: https://gcc.gnu.org/gcc-6/changes.html Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2016-1358=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Toolchain 12 (aarch64): cpp6-6.2.1+r239768-2.4 cpp6-debuginfo-6.2.1+r239768-2.4 gcc6-6.2.1+r239768-2.4 gcc6-c++-6.2.1+r239768-2.4 gcc6-c++-debuginfo-6.2.1+r239768-2.4 gcc6-debuginfo-6.2.1+r239768-2.4 gcc6-debugsource-6.2.1+r239768-2.4 gcc6-fortran-6.2.1+r239768-2.4 gcc6-fortran-debuginfo-6.2.1+r239768-2.4 gcc6-locale-6.2.1+r239768-2.4 libstdc++6-devel-gcc6-6.2.1+r239768-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc6-info-6.2.1+r239768-2.4 References: https://bugzilla.suse.com/983206 From sle-updates at lists.suse.com Tue Nov 1 09:12:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:12:59 +0100 (CET) Subject: SUSE-RU-2016:2077-2: Recommended update for salt-ceph and python-ceph-cfg Message-ID: <20161101151259.E9947FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt-ceph and python-ceph-cfg ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2077-2 Rating: low References: #982290 #982536 #982548 #983254 #983474 #983654 #987582 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for salt-ceph and python-ceph-cfg fixes the following issues: salt-ceph - Change execution module namespace to ceph_cfg from ceph. (bsc#983654) python-ceph-cfg - Fix permissions on mds and rgw service keys. (bsc#982290) - Enable mon daemons on boot. (bsc#983254) - Add ceph config file parser with tests. (bsc#983474) - Add missing run time dependencies on parted, gptfdisk and util-linux. (bsc#982536) - Fix purge function. (bsc#987582) - Fix handling of floppy disks on target clusters. (bsc#982536) - Added new discover fields for disks and partitions. (bsc#982548) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1225=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): python-ceph-cfg-0.1.7+git.1468408973.22daca0-3.1 salt-ceph-0.1.2+git.1469001759.209bba4-3.1 References: https://bugzilla.suse.com/982290 https://bugzilla.suse.com/982536 https://bugzilla.suse.com/982548 https://bugzilla.suse.com/983254 https://bugzilla.suse.com/983474 https://bugzilla.suse.com/983654 https://bugzilla.suse.com/987582 From sle-updates at lists.suse.com Tue Nov 1 09:14:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:14:23 +0100 (CET) Subject: SUSE-RU-2016:2611-2: moderate: Recommended update for rubygem-chef Message-ID: <20161101151423.49569FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2611-2 Rating: moderate References: #991435 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Fix chef configuration in case multiple partitions are used (bsc#991435) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1531=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): ruby2.1-rubygem-chef-10.32.2-10.1 rubygem-chef-10.32.2-10.1 References: https://bugzilla.suse.com/991435 From sle-updates at lists.suse.com Tue Nov 1 09:14:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:14:51 +0100 (CET) Subject: SUSE-RU-2016:2478-2: moderate: Recommended update for python-azure-agent Message-ID: <20161101151451.0B658FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2478-2 Rating: moderate References: #994592 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent provides the following fixes and enhancements: - Correctly assign IP address to the high speed network interface on Azure's A8 instances. (bsc#994592) - Improved RDMA support. - Extension state migration. - Disabled auto-update. - Enforce http proxy support for calls to storage. - Stop disabling SELinux during provisioning. - Fix partition table race condition. - Fix latest version selection. - Fix extension substatus structure. - Fix shlex related update bug in Python 2.6. - Correct behavior of register-service. - AzureStack fixes. - Support xfs filesystem. - Correct service start/restart behavior. - Support for disabling provisioning. - Stop spamming journal with pidof dhclient related messages. - Add goal state processor to the version output. - Fix walinuxagent.service's Want, After. - Ensure to load latest agents. - Correct proxy port type. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1449=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.0-21.1 References: https://bugzilla.suse.com/994592 From sle-updates at lists.suse.com Tue Nov 1 09:15:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:15:18 +0100 (CET) Subject: SUSE-RU-2016:2509-2: moderate: Recommended update for sleshammer Message-ID: <20161101151518.756A6FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2509-2 Rating: moderate References: #985556 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - Wait for admin IP to be reachable (bsc#985556) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1467=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): sleshammer-debugsource-0.6.1-0.20.1 sleshammer-x86_64-0.6.1-0.20.1 References: https://bugzilla.suse.com/985556 From sle-updates at lists.suse.com Tue Nov 1 09:15:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:15:48 +0100 (CET) Subject: SUSE-RU-2016:2620-2: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20161101151548.C5DFBFFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2620-2 Rating: moderate References: #1002529 #986447 #986978 #990029 #990439 #990440 #990738 #991048 #993039 #993549 #994619 #996455 #998185 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Enabling PXE grub2 support for PowerPC (bsc#986978) rhnlib: - Add function aliases for backward compatibility (bsc#998185) salt: - Setting up OS grains for SLES-ES (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt (bsc#1002529) - Generate Salt Thin with configured extra modules (bsc#990439) - Prevent pkg.install failure for expired keys (bsc#996455) - Required D-Bus and generating machine ID - Fix python-jinja2 requirements in rhel - Fix pkg.installed refresh repository failure (bsc#993549) - Fix salt.states.pkgrepo.management no change failure (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed (bsc#991048) - Fix beacon list to include all beacons being process - Run salt-api as user salt like the master (bsc#990029) spacewalk-backend: - Fix for non-integer IDs for bugzilla bug - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#986447) - Make suseLib usable on a proxy spacewalk-client-tools: - Logging message in case of malformed XML file - Prevent crashes if machine-id is None (bsc#994619) - Print invalid package name and replace the invalid character - Ignore packages with not UTF-8 characters in name, version and release (bsc#990738) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1533=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64): salt-2015.8.7-17.1 salt-doc-2015.8.7-17.1 salt-minion-2015.8.7-17.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-39.1 rhnlib-2.5.84.3-14.1 spacewalk-backend-libs-2.5.24.6-40.1 spacewalk-check-2.5.13.6-42.1 spacewalk-client-setup-2.5.13.6-42.1 spacewalk-client-tools-2.5.13.6-42.1 References: https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/986447 https://bugzilla.suse.com/986978 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/990738 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/994619 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/998185 From sle-updates at lists.suse.com Tue Nov 1 09:18:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:18:25 +0100 (CET) Subject: SUSE-RU-2016:2690-2: Recommended update for supportutils-plugin-suse-openstack-cloud Message-ID: <20161101151825.63118FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2690-2 Rating: low References: #997908 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-suse-openstack-cloud fixes the following issues: - Capture /var/chef/cache/pause-file.lock* files (bsc#997908) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1580=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1472329275.7b7b59b-6.1 References: https://bugzilla.suse.com/997908 From sle-updates at lists.suse.com Tue Nov 1 09:18:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:18:50 +0100 (CET) Subject: SUSE-RU-2016:2694-1: Recommended update for SUSE Linux Enterprise Modules Message-ID: <20161101151850.AB8DFFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Linux Enterprise Modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2694-1 Rating: low References: #1000091 #1001061 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update adjusts the product definitions of the following SUSE Linux Enterprise Modules, allowing their installation on top of SUSE Linux Enterprise Server 12 SP2 for the ARM 64 architecture: - Legacy - Public Cloud - Manager Tools - Web and Scripting - Toolchain. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1405=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1405=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2016-1405=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1405=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1405=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64): sle-manager-tools-release-12-6.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64): sle-module-web-scripting-release-12-6.2 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64): sle-module-toolchain-release-12-5.2 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64): sle-module-public-cloud-release-12-6.2 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64): sle-module-legacy-release-12-6.2 References: https://bugzilla.suse.com/1000091 https://bugzilla.suse.com/1001061 From sle-updates at lists.suse.com Tue Nov 1 09:19:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:19:34 +0100 (CET) Subject: SUSE-SU-2016:2470-2: important: Security update for nodejs4 Message-ID: <20161101151934.29CA3FFBC@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2470-2 Rating: important References: #1001652 #985201 Cross-References: CVE-2016-2178 CVE-2016-2183 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: * Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1439=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64): nodejs4-4.6.0-8.1 nodejs4-debuginfo-4.6.0-8.1 nodejs4-debugsource-4.6.0-8.1 nodejs4-devel-4.6.0-8.1 npm4-4.6.0-8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.6.0-8.1 References: https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-5325.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://www.suse.com/security/cve/CVE-2016-7052.html https://www.suse.com/security/cve/CVE-2016-7099.html https://bugzilla.suse.com/1001652 https://bugzilla.suse.com/985201 From sle-updates at lists.suse.com Tue Nov 1 09:20:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:20:12 +0100 (CET) Subject: SUSE-RU-2016:2689-2: Recommended update for syslog-ng Message-ID: <20161101152012.71777FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for syslog-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2689-2 Rating: low References: #987207 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Syslog-NG was updated to version 3.6.4, which brings several fixes and enhancements: - The new systemd-syslog() source replaces the former implicit support for the same functionality. Users who use systemd are advised to use either the system() source, or this new one when they want to receive logs from systemd via the /run/systemd/journal/syslog socket. - The new source driver systemd-journal() reads from the Journal directly, not via the syslog forwarding socket. The system() source defaults to using this source when systemd is detected. - Fix systemd support on platforms which have systemd older than version 209. - Fix AMQP segmentation fault right after starting on some platforms. - Fix inaccurate time stamps for messages read from /dev/kmsg. - Add DOS/Windows line ending support in configuration files. - Fix issue that prevented all plugins from being loaded by default. - Fix potential crash during stop phase when user wanted syslog-ng to stop immediately after start. - Fix memory leak around reload and internal queuing mechanism. - Add support for the monolithic libsystemd library from systemd 209. For a comprehensive list of changes please refer to the Release Notes document: https://github.com/balabit/syslog-ng/blob/syslog-ng-3.6.4/NEWS.md Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1579=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64): syslog-ng-3.6.4-5.1 syslog-ng-debuginfo-3.6.4-5.1 syslog-ng-debugsource-3.6.4-5.1 References: https://bugzilla.suse.com/987207 From sle-updates at lists.suse.com Tue Nov 1 09:20:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:20:39 +0100 (CET) Subject: SUSE-RU-2016:2691-2: Recommended update for rubygem-ruby-shadow Message-ID: <20161101152039.C24E5FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-ruby-shadow ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2691-2 Rating: low References: #920720 #981565 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-ruby-shadow provides the following fixes: - Fix bug in shadow implementations where sp_expired field was incorrectly set as nil. From now on, -1 is used to indicate not set. (bsc#981565) - Simplified compatibility check, removing check for function not actually used in pwd.h implementations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): ruby2.1-rubygem-ruby-shadow-2.3.4-6.1 References: https://bugzilla.suse.com/920720 https://bugzilla.suse.com/981565 From sle-updates at lists.suse.com Tue Nov 1 09:21:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:21:25 +0100 (CET) Subject: SUSE-SU-2016:2460-2: important: Security update for php7 Message-ID: <20161101152125.B5C6EFFBC@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2460-2 Rating: important References: #1001950 #987580 #988032 #991422 #991424 #991426 #991427 #991428 #991429 #991430 #991434 #991437 #995512 #997206 #997207 #997208 #997210 #997211 #997220 #997225 #997230 #997247 #997248 #997257 #999313 #999679 #999680 #999684 #999685 #999819 #999820 Cross-References: CVE-2016-4473 CVE-2016-5399 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7133 CVE-2016-7134 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 29 vulnerabilities and has two fixes is now available. Description: This update for php7 fixes the following security issues: * CVE-2016-6128: Invalid color index not properly handled [bsc#987580] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422] * CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file() * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7133: memory allocator fails to realloc small block to large one * CVE-2016-7134: Heap overflow in the function curl_escape * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7418: Null pointer dereference in php_wddx_push_element * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1434=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64): apache2-mod_php7-7.0.7-15.1 apache2-mod_php7-debuginfo-7.0.7-15.1 php7-7.0.7-15.1 php7-bcmath-7.0.7-15.1 php7-bcmath-debuginfo-7.0.7-15.1 php7-bz2-7.0.7-15.1 php7-bz2-debuginfo-7.0.7-15.1 php7-calendar-7.0.7-15.1 php7-calendar-debuginfo-7.0.7-15.1 php7-ctype-7.0.7-15.1 php7-ctype-debuginfo-7.0.7-15.1 php7-curl-7.0.7-15.1 php7-curl-debuginfo-7.0.7-15.1 php7-dba-7.0.7-15.1 php7-dba-debuginfo-7.0.7-15.1 php7-debuginfo-7.0.7-15.1 php7-debugsource-7.0.7-15.1 php7-dom-7.0.7-15.1 php7-dom-debuginfo-7.0.7-15.1 php7-enchant-7.0.7-15.1 php7-enchant-debuginfo-7.0.7-15.1 php7-exif-7.0.7-15.1 php7-exif-debuginfo-7.0.7-15.1 php7-fastcgi-7.0.7-15.1 php7-fastcgi-debuginfo-7.0.7-15.1 php7-fileinfo-7.0.7-15.1 php7-fileinfo-debuginfo-7.0.7-15.1 php7-fpm-7.0.7-15.1 php7-fpm-debuginfo-7.0.7-15.1 php7-ftp-7.0.7-15.1 php7-ftp-debuginfo-7.0.7-15.1 php7-gd-7.0.7-15.1 php7-gd-debuginfo-7.0.7-15.1 php7-gettext-7.0.7-15.1 php7-gettext-debuginfo-7.0.7-15.1 php7-gmp-7.0.7-15.1 php7-gmp-debuginfo-7.0.7-15.1 php7-iconv-7.0.7-15.1 php7-iconv-debuginfo-7.0.7-15.1 php7-imap-7.0.7-15.1 php7-imap-debuginfo-7.0.7-15.1 php7-intl-7.0.7-15.1 php7-intl-debuginfo-7.0.7-15.1 php7-json-7.0.7-15.1 php7-json-debuginfo-7.0.7-15.1 php7-ldap-7.0.7-15.1 php7-ldap-debuginfo-7.0.7-15.1 php7-mbstring-7.0.7-15.1 php7-mbstring-debuginfo-7.0.7-15.1 php7-mcrypt-7.0.7-15.1 php7-mcrypt-debuginfo-7.0.7-15.1 php7-mysql-7.0.7-15.1 php7-mysql-debuginfo-7.0.7-15.1 php7-odbc-7.0.7-15.1 php7-odbc-debuginfo-7.0.7-15.1 php7-opcache-7.0.7-15.1 php7-opcache-debuginfo-7.0.7-15.1 php7-openssl-7.0.7-15.1 php7-openssl-debuginfo-7.0.7-15.1 php7-pcntl-7.0.7-15.1 php7-pcntl-debuginfo-7.0.7-15.1 php7-pdo-7.0.7-15.1 php7-pdo-debuginfo-7.0.7-15.1 php7-pgsql-7.0.7-15.1 php7-pgsql-debuginfo-7.0.7-15.1 php7-phar-7.0.7-15.1 php7-phar-debuginfo-7.0.7-15.1 php7-posix-7.0.7-15.1 php7-posix-debuginfo-7.0.7-15.1 php7-pspell-7.0.7-15.1 php7-pspell-debuginfo-7.0.7-15.1 php7-shmop-7.0.7-15.1 php7-shmop-debuginfo-7.0.7-15.1 php7-snmp-7.0.7-15.1 php7-snmp-debuginfo-7.0.7-15.1 php7-soap-7.0.7-15.1 php7-soap-debuginfo-7.0.7-15.1 php7-sockets-7.0.7-15.1 php7-sockets-debuginfo-7.0.7-15.1 php7-sqlite-7.0.7-15.1 php7-sqlite-debuginfo-7.0.7-15.1 php7-sysvmsg-7.0.7-15.1 php7-sysvmsg-debuginfo-7.0.7-15.1 php7-sysvsem-7.0.7-15.1 php7-sysvsem-debuginfo-7.0.7-15.1 php7-sysvshm-7.0.7-15.1 php7-sysvshm-debuginfo-7.0.7-15.1 php7-tokenizer-7.0.7-15.1 php7-tokenizer-debuginfo-7.0.7-15.1 php7-wddx-7.0.7-15.1 php7-wddx-debuginfo-7.0.7-15.1 php7-xmlreader-7.0.7-15.1 php7-xmlreader-debuginfo-7.0.7-15.1 php7-xmlrpc-7.0.7-15.1 php7-xmlrpc-debuginfo-7.0.7-15.1 php7-xmlwriter-7.0.7-15.1 php7-xmlwriter-debuginfo-7.0.7-15.1 php7-xsl-7.0.7-15.1 php7-xsl-debuginfo-7.0.7-15.1 php7-zip-7.0.7-15.1 php7-zip-debuginfo-7.0.7-15.1 php7-zlib-7.0.7-15.1 php7-zlib-debuginfo-7.0.7-15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-15.1 php7-pear-Archive_Tar-7.0.7-15.1 References: https://www.suse.com/security/cve/CVE-2016-4473.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-6128.html https://www.suse.com/security/cve/CVE-2016-6161.html https://www.suse.com/security/cve/CVE-2016-6207.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6292.html https://www.suse.com/security/cve/CVE-2016-6295.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://www.suse.com/security/cve/CVE-2016-7124.html https://www.suse.com/security/cve/CVE-2016-7125.html https://www.suse.com/security/cve/CVE-2016-7126.html https://www.suse.com/security/cve/CVE-2016-7127.html https://www.suse.com/security/cve/CVE-2016-7128.html https://www.suse.com/security/cve/CVE-2016-7129.html https://www.suse.com/security/cve/CVE-2016-7130.html https://www.suse.com/security/cve/CVE-2016-7131.html https://www.suse.com/security/cve/CVE-2016-7132.html https://www.suse.com/security/cve/CVE-2016-7133.html https://www.suse.com/security/cve/CVE-2016-7134.html https://www.suse.com/security/cve/CVE-2016-7412.html https://www.suse.com/security/cve/CVE-2016-7413.html https://www.suse.com/security/cve/CVE-2016-7414.html https://www.suse.com/security/cve/CVE-2016-7416.html https://www.suse.com/security/cve/CVE-2016-7417.html https://www.suse.com/security/cve/CVE-2016-7418.html https://bugzilla.suse.com/1001950 https://bugzilla.suse.com/987580 https://bugzilla.suse.com/988032 https://bugzilla.suse.com/991422 https://bugzilla.suse.com/991424 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991434 https://bugzilla.suse.com/991437 https://bugzilla.suse.com/995512 https://bugzilla.suse.com/997206 https://bugzilla.suse.com/997207 https://bugzilla.suse.com/997208 https://bugzilla.suse.com/997210 https://bugzilla.suse.com/997211 https://bugzilla.suse.com/997220 https://bugzilla.suse.com/997225 https://bugzilla.suse.com/997230 https://bugzilla.suse.com/997247 https://bugzilla.suse.com/997248 https://bugzilla.suse.com/997257 https://bugzilla.suse.com/999313 https://bugzilla.suse.com/999679 https://bugzilla.suse.com/999680 https://bugzilla.suse.com/999684 https://bugzilla.suse.com/999685 https://bugzilla.suse.com/999819 https://bugzilla.suse.com/999820 From sle-updates at lists.suse.com Tue Nov 1 09:26:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:26:52 +0100 (CET) Subject: SUSE-RU-2016:2626-2: moderate: Recommended update for salt Message-ID: <20161101152652.21A59FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2626-2 Rating: moderate References: #1002529 #986019 #990029 #990439 #990440 #991048 #993039 #993549 #996455 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Add base channel to salt-minion. (bsc#986019) - Setting up OS grains for SLES-ES. (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt. (bsc#1002529) - Generate Salt Thin with configured extra modules. (bsc#990439) - Prevent pkg.install failure for expired keys. (bsc#996455) - Required D-Bus and generating machine ID. - Fix python-jinja2 requirements in rhel. - Fix pkg.installed refresh repository failure. (bsc#993549) - Fix salt.states.pkgrepo.management no change failure. (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system. (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed. (bsc#991048) - Fix beacon list to include all beacons being process. - Run salt-api as user salt like the master. (bsc#990029) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1542=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): salt-2015.8.7-21.2 salt-master-2015.8.7-21.2 salt-minion-2015.8.7-21.2 References: https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 From sle-updates at lists.suse.com Tue Nov 1 09:28:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:28:36 +0100 (CET) Subject: SUSE-RU-2016:2092-2: Recommended update for sleshammer Message-ID: <20161101152836.D584BFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2092-2 Rating: low References: #965040 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - Improve assignments of network interfaces. (bsc#965040) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): sleshammer-debugsource-0.6.1-0.17.1 sleshammer-x86_64-0.6.1-0.17.1 References: https://bugzilla.suse.com/965040 From sle-updates at lists.suse.com Tue Nov 1 09:29:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:29:01 +0100 (CET) Subject: SUSE-RU-2016:2183-2: Recommended update for ses-upgrade-helper Message-ID: <20161101152901.09679FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-upgrade-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2183-2 Rating: low References: #981722 #982553 #982965 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides version 0.5 of ses-upgrade-helper and fixes the following issues: - Fixed coloring-issue where output was not readable (bsc#982965) - Fixed helper to not tell the user to re-run (auto-)skipped operations (bsc#981722) - Change user ceph to cephadm in /etc/sudoers (bsc#982553) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ses-upgrade-helper-0.5+git.1466668155.30ebc76-4.1 References: https://bugzilla.suse.com/981722 https://bugzilla.suse.com/982553 https://bugzilla.suse.com/982965 From sle-updates at lists.suse.com Tue Nov 1 09:29:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:29:44 +0100 (CET) Subject: SUSE-RU-2016:2004-2: Recommended update for supportutils-plugin-suse-openstack-cloud Message-ID: <20161101152944.1F7D6FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2004-2 Rating: low References: #988729 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-suse-openstack-cloud fixes the following issues: - Improve capturing of horizon configurations Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1189=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1468235662.8196f29-3.1 References: https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Tue Nov 1 09:30:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:30:09 +0100 (CET) Subject: SUSE-RU-2016:2070-2: moderate: Recommended update for salt Message-ID: <20161101153009.60BA0FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2070-2 Rating: moderate References: #970669 #972311 #978150 #979448 #983017 #983512 #985661 #988506 #989193 #989798 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix broken inspector. (bsc#989798) - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506) - pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty. (bsc#989193) - Fixed behavior for SUSE OS grains. (bsc#970669) - Salt os_family does not detect SLES for SAP. (bsc#983017) - Move log message from INFO to DEBUG. (bsc#985661) - Fix salt --summary to count not responding minions correctly. (bsc#972311) - Fix memory leak on custom execution module scheduled jobs. (bsc#983512) - Fix groupadd module for sles11 systems. (bsc#978150) - Fix pkgrepo.managed gpgkey argument doesn't work. (bsc#979448) - Package checksum validation for zypper pkg.download. - Check if a job has executed and returned successfully. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1214=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): salt-2015.8.7-17.1 salt-master-2015.8.7-17.1 salt-minion-2015.8.7-17.1 References: https://bugzilla.suse.com/970669 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 From sle-updates at lists.suse.com Tue Nov 1 09:32:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:32:19 +0100 (CET) Subject: SUSE-SU-2016:2683-2: important: Security update for php7 Message-ID: <20161101153219.35BF5FFBA@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2683-2 Rating: important References: #1001900 #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following security issue: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1576=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64): apache2-mod_php7-7.0.7-20.1 apache2-mod_php7-debuginfo-7.0.7-20.1 php7-7.0.7-20.1 php7-bcmath-7.0.7-20.1 php7-bcmath-debuginfo-7.0.7-20.1 php7-bz2-7.0.7-20.1 php7-bz2-debuginfo-7.0.7-20.1 php7-calendar-7.0.7-20.1 php7-calendar-debuginfo-7.0.7-20.1 php7-ctype-7.0.7-20.1 php7-ctype-debuginfo-7.0.7-20.1 php7-curl-7.0.7-20.1 php7-curl-debuginfo-7.0.7-20.1 php7-dba-7.0.7-20.1 php7-dba-debuginfo-7.0.7-20.1 php7-debuginfo-7.0.7-20.1 php7-debugsource-7.0.7-20.1 php7-dom-7.0.7-20.1 php7-dom-debuginfo-7.0.7-20.1 php7-enchant-7.0.7-20.1 php7-enchant-debuginfo-7.0.7-20.1 php7-exif-7.0.7-20.1 php7-exif-debuginfo-7.0.7-20.1 php7-fastcgi-7.0.7-20.1 php7-fastcgi-debuginfo-7.0.7-20.1 php7-fileinfo-7.0.7-20.1 php7-fileinfo-debuginfo-7.0.7-20.1 php7-fpm-7.0.7-20.1 php7-fpm-debuginfo-7.0.7-20.1 php7-ftp-7.0.7-20.1 php7-ftp-debuginfo-7.0.7-20.1 php7-gd-7.0.7-20.1 php7-gd-debuginfo-7.0.7-20.1 php7-gettext-7.0.7-20.1 php7-gettext-debuginfo-7.0.7-20.1 php7-gmp-7.0.7-20.1 php7-gmp-debuginfo-7.0.7-20.1 php7-iconv-7.0.7-20.1 php7-iconv-debuginfo-7.0.7-20.1 php7-imap-7.0.7-20.1 php7-imap-debuginfo-7.0.7-20.1 php7-intl-7.0.7-20.1 php7-intl-debuginfo-7.0.7-20.1 php7-json-7.0.7-20.1 php7-json-debuginfo-7.0.7-20.1 php7-ldap-7.0.7-20.1 php7-ldap-debuginfo-7.0.7-20.1 php7-mbstring-7.0.7-20.1 php7-mbstring-debuginfo-7.0.7-20.1 php7-mcrypt-7.0.7-20.1 php7-mcrypt-debuginfo-7.0.7-20.1 php7-mysql-7.0.7-20.1 php7-mysql-debuginfo-7.0.7-20.1 php7-odbc-7.0.7-20.1 php7-odbc-debuginfo-7.0.7-20.1 php7-opcache-7.0.7-20.1 php7-opcache-debuginfo-7.0.7-20.1 php7-openssl-7.0.7-20.1 php7-openssl-debuginfo-7.0.7-20.1 php7-pcntl-7.0.7-20.1 php7-pcntl-debuginfo-7.0.7-20.1 php7-pdo-7.0.7-20.1 php7-pdo-debuginfo-7.0.7-20.1 php7-pgsql-7.0.7-20.1 php7-pgsql-debuginfo-7.0.7-20.1 php7-phar-7.0.7-20.1 php7-phar-debuginfo-7.0.7-20.1 php7-posix-7.0.7-20.1 php7-posix-debuginfo-7.0.7-20.1 php7-pspell-7.0.7-20.1 php7-pspell-debuginfo-7.0.7-20.1 php7-shmop-7.0.7-20.1 php7-shmop-debuginfo-7.0.7-20.1 php7-snmp-7.0.7-20.1 php7-snmp-debuginfo-7.0.7-20.1 php7-soap-7.0.7-20.1 php7-soap-debuginfo-7.0.7-20.1 php7-sockets-7.0.7-20.1 php7-sockets-debuginfo-7.0.7-20.1 php7-sqlite-7.0.7-20.1 php7-sqlite-debuginfo-7.0.7-20.1 php7-sysvmsg-7.0.7-20.1 php7-sysvmsg-debuginfo-7.0.7-20.1 php7-sysvsem-7.0.7-20.1 php7-sysvsem-debuginfo-7.0.7-20.1 php7-sysvshm-7.0.7-20.1 php7-sysvshm-debuginfo-7.0.7-20.1 php7-tokenizer-7.0.7-20.1 php7-tokenizer-debuginfo-7.0.7-20.1 php7-wddx-7.0.7-20.1 php7-wddx-debuginfo-7.0.7-20.1 php7-xmlreader-7.0.7-20.1 php7-xmlreader-debuginfo-7.0.7-20.1 php7-xmlrpc-7.0.7-20.1 php7-xmlrpc-debuginfo-7.0.7-20.1 php7-xmlwriter-7.0.7-20.1 php7-xmlwriter-debuginfo-7.0.7-20.1 php7-xsl-7.0.7-20.1 php7-xsl-debuginfo-7.0.7-20.1 php7-zip-7.0.7-20.1 php7-zip-debuginfo-7.0.7-20.1 php7-zlib-7.0.7-20.1 php7-zlib-debuginfo-7.0.7-20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-20.1 php7-pear-Archive_Tar-7.0.7-20.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-7568.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1001900 https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 From sle-updates at lists.suse.com Tue Nov 1 09:33:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:33:05 +0100 (CET) Subject: SUSE-RU-2016:1943-2: moderate: Recommended update for ceph Message-ID: <20161101153305.56615FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1943-2 Rating: moderate References: #965619 #972370 #982324 #982755 #988585 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for ceph provides version 10.2.2 and fixes several issues: - ceph.in: Fix exception when pool name has non-ascii characters (bsc#972370) - Regenerate tarball from same SHA1 after deleting downstream tags (bsc#982755) - Fix systemd complains about "unknown lvalue" (bsc#982324) - ceph.spec, ceph.spec.in: Move ceph-rbdnamer binary from ceph to ceph-common (bsc#965619) - For a detailed description of all fixes, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): ceph-10.2.2+git.1466068668.308eb8b-3.1 ceph-base-10.2.2+git.1466068668.308eb8b-3.1 ceph-base-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-common-10.2.2+git.1466068668.308eb8b-3.1 ceph-common-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-debugsource-10.2.2+git.1466068668.308eb8b-3.1 ceph-fuse-10.2.2+git.1466068668.308eb8b-3.1 ceph-fuse-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-mds-10.2.2+git.1466068668.308eb8b-3.1 ceph-mds-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-mon-10.2.2+git.1466068668.308eb8b-3.1 ceph-mon-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-osd-10.2.2+git.1466068668.308eb8b-3.1 ceph-osd-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-radosgw-10.2.2+git.1466068668.308eb8b-3.1 ceph-radosgw-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 ceph-test-10.2.2+git.1466068668.308eb8b-3.1 ceph-test-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 libcephfs1-10.2.2+git.1466068668.308eb8b-3.1 libcephfs1-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 librados2-10.2.2+git.1466068668.308eb8b-3.1 librados2-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 libradosstriper1-10.2.2+git.1466068668.308eb8b-3.1 libradosstriper1-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 librbd1-10.2.2+git.1466068668.308eb8b-3.1 librbd1-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 librgw2-10.2.2+git.1466068668.308eb8b-3.1 librgw2-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 python-cephfs-10.2.2+git.1466068668.308eb8b-3.1 python-cephfs-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 python-rados-10.2.2+git.1466068668.308eb8b-3.1 python-rados-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 python-rbd-10.2.2+git.1466068668.308eb8b-3.1 python-rbd-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 rbd-fuse-10.2.2+git.1466068668.308eb8b-3.1 rbd-fuse-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 rbd-mirror-10.2.2+git.1466068668.308eb8b-3.1 rbd-mirror-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 rbd-nbd-10.2.2+git.1466068668.308eb8b-3.1 rbd-nbd-debuginfo-10.2.2+git.1466068668.308eb8b-3.1 References: https://bugzilla.suse.com/965619 https://bugzilla.suse.com/972370 https://bugzilla.suse.com/982324 https://bugzilla.suse.com/982755 https://bugzilla.suse.com/988585 From sle-updates at lists.suse.com Tue Nov 1 09:34:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:34:13 +0100 (CET) Subject: SUSE-OU-2016:2564-2: Optional update for Legacy Module Message-ID: <20161101153413.2D140FFBC@maintenance.suse.de> SUSE Optional Update: Optional update for Legacy Module ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2564-2 Rating: low References: #1002576 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The following packages of the Legacy Module 12 have been rebuilt to enable support for the ARM64 architecture (aarch64): a2ps, cups154, libsasl2-2. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1497=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64): a2ps-4.14-4.1 a2ps-debuginfo-4.14-4.1 a2ps-debugsource-4.14-4.1 cups154-1.5.4-11.1 cups154-client-1.5.4-11.1 cups154-client-debuginfo-1.5.4-11.1 cups154-debuginfo-1.5.4-11.1 cups154-debugsource-1.5.4-11.1 cups154-filters-1.5.4-11.1 cups154-filters-debuginfo-1.5.4-11.1 cups154-libs-1.5.4-11.1 cups154-libs-debuginfo-1.5.4-11.1 libsasl2-2-2.1.22-182.4.1 libsasl2-2-debuginfo-2.1.22-182.4.1 libsasl2-2-debugsource-2.1.22-182.4.1 References: https://bugzilla.suse.com/1002576 From sle-updates at lists.suse.com Tue Nov 1 09:34:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:34:38 +0100 (CET) Subject: SUSE-RU-2016:2289-2: Recommended update for rabbitmq-server Message-ID: <20161101153438.12318FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2289-2 Rating: low References: #973999 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - rabbitmq-server.service: Increase NOFILE limit per documentation (bsc#973999) - rabbitqm-server.ocf: Add OCF_RESKEY_limit_nofile parameter default as 65535 (bsc#973999) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1338=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): rabbitmq-server-3.4.4-4.1 References: https://bugzilla.suse.com/973999 From sle-updates at lists.suse.com Tue Nov 1 09:35:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:35:04 +0100 (CET) Subject: SUSE-RU-2016:2132-2: Recommended update for rubygem-crowbar-client Message-ID: <20161101153504.EF0C3FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2132-2 Rating: low References: #976537 #988729 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-crowbar-client fixes the following issues: - Improve error handling for unknown responses. - Fix --anonymous and --help options. - Fix timeout in case the API needs longer to respond. - Added subcommand to check the crowbar sanity. - Added option to create a default proposal. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1256=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): ruby2.1-rubygem-crowbar-client-2.4.3-3.1 ruby2.1-rubygem-httmultiparty-0.3.16-2.1 ruby2.1-rubygem-mimemagic-0.3.1-2.1 ruby2.1-rubygem-multipart-post-2.0.0-2.1 References: https://bugzilla.suse.com/976537 https://bugzilla.suse.com/988729 From sle-updates at lists.suse.com Tue Nov 1 09:35:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:35:38 +0100 (CET) Subject: SUSE-RU-2016:2575-2: Recommended update for boost Message-ID: <20161101153538.76960FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2575-2 Rating: low References: #925309 #970706 #996917 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for boost adapts paths for our GCC versions: - Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x onward while our version of GCC only has /usr/include/c++/x.y for 4.x GCC and /usr/include/c++/x/ for 5.x onward. (bsc#996917) - Fix regression in asio library. (bsc#925309) - Add libboost_context to the -devel dependencies when it is built. (bsc#970706) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1510=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64): libboost_random1_54_0-1.54.0-20.1 References: https://bugzilla.suse.com/925309 https://bugzilla.suse.com/970706 https://bugzilla.suse.com/996917 From sle-updates at lists.suse.com Tue Nov 1 09:36:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2016 16:36:22 +0100 (CET) Subject: SUSE-RU-2016:2669-2: Recommended update for ses-manual_en Message-ID: <20161101153622.6D2E1FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2669-2 Rating: low References: #1005300 #967390 #968067 #968290 #969836 #970104 #974472 #974624 #977187 #977556 #978075 #979380 #980594 #981027 #981611 #981617 #981642 #981756 #981758 #981951 #982284 #982475 #982496 #982497 #982512 #982563 #982607 #982707 #982713 #982995 #983018 #985047 #986037 #987992 #988038 #992019 #993820 #995332 #995561 #995768 #996978 #997051 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 42 recommended fixes can now be installed. Description: The Administration and Deployment Guide for SUSE Enterprise Storage 3 has been updated to document: - Improved the procedure to set up hot-storage and cold-storage. - Added a command to install Ceph on the MDS server. - Added a tip referring to more information about using existing partitions for OSDs. - Mixing installation methods is not supported. - Format 1 is no longer the default (in favor of the format 2) when creating RBD volumes. - Added note about increasing the ruleset number to "Rule Sets" section. - Stressed the need for SUSE Enterprise Storage 3 repository before installing 'ses-upgrade-helper'. - Included info on the deprecated 'rgw_region_root_pool' option. - Specified which clients are able to migrate to optimal tunables. - Added new "iSCSI Gateways Upgrade" section. - Added new "Mixed SSDs and HDDs on the Same Node" section. - Improved "Upgrade from SUSE Enterprise Storage 2.1 to 3" chapter. - Updated "Minimal Recommendations per Storage Node". - Fixed support information on snapshot cloning in "Layering" section. - Improved 'bucket' explanation in "Buckets" section. - Clarified non-mixing workload phrase in "Minimal Recommendations per Monitor Node". - Updated RAM requirement for OSDs in "Minimal Recommendations per Storage Node". - Fixed 'hit_set_count' default value in "Operating Pools" section. - Fixed and improved 'ceph-deploy' command line. - Updated several places to match the current Ceph release. - In "Operating Pools" added (explanation) of the following poll parameters: hashpspool, expected_num_objects, cache_target_dirty_high_ratio, hit_set_grade_decay_rate, hit_set_grade_search_last_n, fast_read, scrub_min_interval, scrub_max_interval, deep_scrub_interval, nodelete, nopgchange, nosizechange, noscrub, nodeep-scrub. - Added "How to Use Existing Partitions for OSDs Including OSD Journals" to "Disk Management Best Practices". - Added software pattern selection screens to "Preparing Each Ceph Node" section. - Removed RAID recommendations for OSD disks placement. - Updated the default set of CRUSH map's buckets in "Buckets" section. - Removed 'data' and 'metadata' pools, no longer the default. - Fixed trademarked 3rd party products names and replaced with entities. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1569=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ses-admin_en-pdf-3-14.1 ses-manual_en-3-14.1 References: https://bugzilla.suse.com/1005300 https://bugzilla.suse.com/967390 https://bugzilla.suse.com/968067 https://bugzilla.suse.com/968290 https://bugzilla.suse.com/969836 https://bugzilla.suse.com/970104 https://bugzilla.suse.com/974472 https://bugzilla.suse.com/974624 https://bugzilla.suse.com/977187 https://bugzilla.suse.com/977556 https://bugzilla.suse.com/978075 https://bugzilla.suse.com/979380 https://bugzilla.suse.com/980594 https://bugzilla.suse.com/981027 https://bugzilla.suse.com/981611 https://bugzilla.suse.com/981617 https://bugzilla.suse.com/981642 https://bugzilla.suse.com/981756 https://bugzilla.suse.com/981758 https://bugzilla.suse.com/981951 https://bugzilla.suse.com/982284 https://bugzilla.suse.com/982475 https://bugzilla.suse.com/982496 https://bugzilla.suse.com/982497 https://bugzilla.suse.com/982512 https://bugzilla.suse.com/982563 https://bugzilla.suse.com/982607 https://bugzilla.suse.com/982707 https://bugzilla.suse.com/982713 https://bugzilla.suse.com/982995 https://bugzilla.suse.com/983018 https://bugzilla.suse.com/985047 https://bugzilla.suse.com/986037 https://bugzilla.suse.com/987992 https://bugzilla.suse.com/988038 https://bugzilla.suse.com/992019 https://bugzilla.suse.com/993820 https://bugzilla.suse.com/995332 https://bugzilla.suse.com/995561 https://bugzilla.suse.com/995768 https://bugzilla.suse.com/996978 https://bugzilla.suse.com/997051 From sle-updates at lists.suse.com Tue Nov 1 21:07:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 04:07:01 +0100 (CET) Subject: SUSE-RU-2016:2695-1: Recommended update for python-boto3, python-botocore, python-ec2uploadimg, python-s3transfer Message-ID: <20161102030701.94C21FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-boto3, python-botocore, python-ec2uploadimg, python-s3transfer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2695-1 Rating: low References: #1007084 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-boto3, python-botocore, python-ec2uploadimg and python-s3transfer provides several fixes and enhancements. python-ec2uploadimg (update to version 2.0.0): - Add --ena-support command line argument to enable ENA device support. - Incompatible change: argument order for uploader class. python-s3transfer (update to version 0.1.9): - Support downloading to FIFOs. - Fix memory leak when using same client to create multiple TransferManagers. - Fix issue where S3 Object was not downloaded to disk when empty. - Fix issue of hangs when Cntrl-C happens for many queued transfers. - Expose messages for cancels. - Automatically adjust the chunksize if it doesn't meet S3s requirements. - Add support for downloading to special UNIX file by name. - Add a .delete() method to the transfer manager. - Fix issue where seeked position of seekable file for a non-multipart upload was not being taken into account. - Patch memory leak related to unnecessarily holding onto futures for downloads. - Fix deadlock issue with using concurrent.futures.wait. - Add support for managed copies. - Add support for downloading to a filename, seekable file-like object, and non-seekable file-like object. - Add support for uploading a filename, seekable file-like object, and non-seekable file-like object. - Add TransferManager class. - Add subscriber interface. python-boto3 (update to version 1.4.1): - Fix the version requirement for botocore to ensure proper functioning of the API. - Add missing dependency on python-s3transfer. - Expose available_profiles property for Session. - Fix issue when transfers would not exit quickly from signals. - Fix issue in DeadLetterSourceQueues collection. - Add request auto de-duplication based on specified primary keys for batch_writer. - Add managed file-like object uploads to S3 client, Bucket, and Object. - Add managed copies to S3 client, Bucket, and Object. - Add managed downloads to file-like objects in the S3 client, Bucket, and Object. - Port s3.transfer module to use s3transfer package. - Add io_chunksize parameter to TransferConfig. - Add custom load to ObjectSummary. - Add method to get session credentials. - Ensure batch writer never sends more than flush_amount. - Add get_available_subresources to Resources. python-botocore (update to version 1.4.67): - Add back missing fail states to cloudformation waiters. - Add support for us-east-2. - Add partition to client meta object. - Add ability to specify expected params when using add_client_error. - Add NetworkAclExists waiter. - Add paginators for Application Auto Scaling service. - Add max_pool_connections to client config. - Add MaxAttemptsReached and RetryAttempts keys to the returned ResonseMetadata dictionary. - Add last_response attribute to WaiterError. - Add support for s3 dualstack configuration. - Account for boolean in query string serialization. - S3 region redirector will now honor the original url scheme. - Raise error when partial hard coded creds are provided when creating a client. - Add a waiter to wait on successful deployments. - Add support for ECS metadata credential provider. - Fixed a bug where the S3 region redirector was potentially causing a memory leak on Python 2.6. - RequestSigner.generate_presigned_url now requires the operation name to be passed in. - Allow botocore.UNSIGNED to be used with generate_presigned_url and generate_presigned_post. - Fix regression where assume role responses error out when attempting to cache a response. - Add http response headers to the response metadata. - Automatically redirect S3 sigv4 requests sent to the wrong region. - Use MD5 to sign S3 bodies by default. - Replace chars in the EC2 console output we can't decode with replacement chars. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1586=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-boto3-1.4.1-8.1 python-botocore-1.4.67-22.1 python-ec2uploadimg-2.0.0-24.1 python-s3transfer-0.1.9-5.1 References: https://bugzilla.suse.com/1007084 From sle-updates at lists.suse.com Wed Nov 2 06:06:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 13:06:52 +0100 (CET) Subject: SUSE-SU-2016:2696-1: important: Security update for bind Message-ID: <20161102120652.42FFBFFC4@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2696-1 Rating: important References: #1007829 Cross-References: CVE-2016-8864 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following security issue: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1587=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1587=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.23.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.23.1 bind-chrootenv-9.9.9P1-28.23.1 bind-debuginfo-9.9.9P1-28.23.1 bind-debugsource-9.9.9P1-28.23.1 bind-libs-32bit-9.9.9P1-28.23.1 bind-libs-9.9.9P1-28.23.1 bind-libs-debuginfo-32bit-9.9.9P1-28.23.1 bind-libs-debuginfo-9.9.9P1-28.23.1 bind-utils-9.9.9P1-28.23.1 bind-utils-debuginfo-9.9.9P1-28.23.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.23.1 bind-chrootenv-9.9.9P1-28.23.1 bind-debuginfo-9.9.9P1-28.23.1 bind-debugsource-9.9.9P1-28.23.1 bind-libs-9.9.9P1-28.23.1 bind-libs-debuginfo-9.9.9P1-28.23.1 bind-utils-9.9.9P1-28.23.1 bind-utils-debuginfo-9.9.9P1-28.23.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.23.1 bind-libs-debuginfo-32bit-9.9.9P1-28.23.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.23.1 References: https://www.suse.com/security/cve/CVE-2016-8864.html https://bugzilla.suse.com/1007829 From sle-updates at lists.suse.com Wed Nov 2 06:07:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 13:07:19 +0100 (CET) Subject: SUSE-SU-2016:2697-1: important: Security update for bind Message-ID: <20161102120719.7A29DFFC3@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2697-1 Rating: important References: #1007829 #965748 Cross-References: CVE-2016-8864 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1588=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1588=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1588=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1588=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1588=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1588=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-devel-9.9.9P1-49.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-devel-9.9.9P1-49.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-49.1 bind-chrootenv-9.9.9P1-49.1 bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-libs-9.9.9P1-49.1 bind-libs-debuginfo-9.9.9P1-49.1 bind-utils-9.9.9P1-49.1 bind-utils-debuginfo-9.9.9P1-49.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-49.1 bind-libs-debuginfo-32bit-9.9.9P1-49.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-49.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-49.1 bind-chrootenv-9.9.9P1-49.1 bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-libs-9.9.9P1-49.1 bind-libs-debuginfo-9.9.9P1-49.1 bind-utils-9.9.9P1-49.1 bind-utils-debuginfo-9.9.9P1-49.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-49.1 bind-libs-debuginfo-32bit-9.9.9P1-49.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-49.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-libs-32bit-9.9.9P1-49.1 bind-libs-9.9.9P1-49.1 bind-libs-debuginfo-32bit-9.9.9P1-49.1 bind-libs-debuginfo-9.9.9P1-49.1 bind-utils-9.9.9P1-49.1 bind-utils-debuginfo-9.9.9P1-49.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-libs-32bit-9.9.9P1-49.1 bind-libs-9.9.9P1-49.1 bind-libs-debuginfo-32bit-9.9.9P1-49.1 bind-libs-debuginfo-9.9.9P1-49.1 bind-utils-9.9.9P1-49.1 bind-utils-debuginfo-9.9.9P1-49.1 References: https://www.suse.com/security/cve/CVE-2016-8864.html https://bugzilla.suse.com/1007829 https://bugzilla.suse.com/965748 From sle-updates at lists.suse.com Wed Nov 2 07:06:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 14:06:48 +0100 (CET) Subject: SUSE-RU-2016:2698-1: Recommended update for patterns-public-cloud Message-ID: <20161102130648.C15E5FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2698-1 Rating: low References: #986002 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-public-cloud fixes the following issues: Generic changes: - Splitted patterns into Tools, Instance Initialization and Instance Tools for each Cloud Service Provider. The main-patterns are kept, but it's not recommended to install them. - Added cloud-regionsrv-client, docker-img-store-setup, growpart and supportutils-plugin-suse-public-cloud to all Instance Tools patterns. Amazon Web Services specific changes: - Added python-s3transfer, regionServiceClientConfigEC2 and s3fs. Microsoft Azure specific changes: - Replaced WALinuxAgent by python-azureagent. (bsc#986002) - Added regionServiceClientConfigAzure. Google Cloud Platform specific changes: - Removed gcimagebundle (obsolete). - Added cloud-regionsrv-client-plugin-gce and regionServiceClientConfigGCE. OpenStack specific changes: - Added cloud-init Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1589=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-Amazon-Web-Services-12-10.1 patterns-public-cloud-Amazon-Web-Services-Instance-Init-12-10.1 patterns-public-cloud-Amazon-Web-Services-Instance-Tools-12-10.1 patterns-public-cloud-Amazon-Web-Services-Tools-12-10.1 patterns-public-cloud-Google-Cloud-Platform-12-10.1 patterns-public-cloud-Google-Cloud-Platform-Instance-Init-12-10.1 patterns-public-cloud-Google-Cloud-Platform-Instance-Tools-12-10.1 patterns-public-cloud-Google-Cloud-Platform-Tools-12-10.1 patterns-public-cloud-Microsoft-Azure-12-10.1 patterns-public-cloud-Microsoft-Azure-Instance-Init-12-10.1 patterns-public-cloud-Microsoft-Azure-Instance-Tools-12-10.1 patterns-public-cloud-Microsoft-Azure-Tools-12-10.1 patterns-public-cloud-OpenStack-12-10.1 patterns-public-cloud-OpenStack-Instance-Init-12-10.1 patterns-public-cloud-OpenStack-Instance-Tools-12-10.1 patterns-public-cloud-OpenStack-Tools-12-10.1 References: https://bugzilla.suse.com/986002 From sle-updates at lists.suse.com Wed Nov 2 09:07:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 16:07:52 +0100 (CET) Subject: SUSE-SU-2016:2699-1: important: Security update for curl Message-ID: <20161102150752.ECC7CFFC5@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2699-1 Rating: important References: #1005633 #1005634 #1005635 #1005637 #1005638 #1005640 #1005642 #1005643 #1005645 #1005646 #998760 Cross-References: CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8622: URL unescape heap overflow via integer truncation (bsc#1005643) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8620: glob parser write/read out of bounds (bsc#1005640) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1591=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1591=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1591=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-31.1 curl-debugsource-7.37.0-31.1 libcurl-devel-7.37.0-31.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-31.1 curl-debuginfo-7.37.0-31.1 curl-debugsource-7.37.0-31.1 libcurl4-7.37.0-31.1 libcurl4-debuginfo-7.37.0-31.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-31.1 libcurl4-debuginfo-32bit-7.37.0-31.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-31.1 curl-debuginfo-7.37.0-31.1 curl-debugsource-7.37.0-31.1 libcurl4-32bit-7.37.0-31.1 libcurl4-7.37.0-31.1 libcurl4-debuginfo-32bit-7.37.0-31.1 libcurl4-debuginfo-7.37.0-31.1 References: https://www.suse.com/security/cve/CVE-2016-7167.html https://www.suse.com/security/cve/CVE-2016-8615.html https://www.suse.com/security/cve/CVE-2016-8616.html https://www.suse.com/security/cve/CVE-2016-8617.html https://www.suse.com/security/cve/CVE-2016-8618.html https://www.suse.com/security/cve/CVE-2016-8619.html https://www.suse.com/security/cve/CVE-2016-8620.html https://www.suse.com/security/cve/CVE-2016-8621.html https://www.suse.com/security/cve/CVE-2016-8622.html https://www.suse.com/security/cve/CVE-2016-8623.html https://www.suse.com/security/cve/CVE-2016-8624.html https://bugzilla.suse.com/1005633 https://bugzilla.suse.com/1005634 https://bugzilla.suse.com/1005635 https://bugzilla.suse.com/1005637 https://bugzilla.suse.com/1005638 https://bugzilla.suse.com/1005640 https://bugzilla.suse.com/1005642 https://bugzilla.suse.com/1005643 https://bugzilla.suse.com/1005645 https://bugzilla.suse.com/1005646 https://bugzilla.suse.com/998760 From sle-updates at lists.suse.com Wed Nov 2 09:09:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 16:09:53 +0100 (CET) Subject: SUSE-SU-2016:2700-1: important: Security update for curl Message-ID: <20161102150953.AC5F8FFC1@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2700-1 Rating: important References: #1005633 #1005634 #1005635 #1005637 #1005638 #1005642 #1005645 #1005646 #997420 #998760 Cross-References: CVE-2016-5420 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) - CVE-2016-7141: Fixed incorrect reuse of client certificates with NSS not fixed in CVE-2016-5420 (bsc#997420) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-12827=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.47.2 References: https://www.suse.com/security/cve/CVE-2016-5420.html https://www.suse.com/security/cve/CVE-2016-7141.html https://www.suse.com/security/cve/CVE-2016-7167.html https://www.suse.com/security/cve/CVE-2016-8615.html https://www.suse.com/security/cve/CVE-2016-8616.html https://www.suse.com/security/cve/CVE-2016-8617.html https://www.suse.com/security/cve/CVE-2016-8618.html https://www.suse.com/security/cve/CVE-2016-8619.html https://www.suse.com/security/cve/CVE-2016-8620.html https://www.suse.com/security/cve/CVE-2016-8621.html https://www.suse.com/security/cve/CVE-2016-8622.html https://www.suse.com/security/cve/CVE-2016-8623.html https://www.suse.com/security/cve/CVE-2016-8624.html https://bugzilla.suse.com/1005633 https://bugzilla.suse.com/1005634 https://bugzilla.suse.com/1005635 https://bugzilla.suse.com/1005637 https://bugzilla.suse.com/1005638 https://bugzilla.suse.com/1005642 https://bugzilla.suse.com/1005645 https://bugzilla.suse.com/1005646 https://bugzilla.suse.com/997420 https://bugzilla.suse.com/998760 From sle-updates at lists.suse.com Wed Nov 2 10:06:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 17:06:44 +0100 (CET) Subject: SUSE-RU-2016:2701-1: moderate: Recommended update for ceph Message-ID: <20161102160644.E59D7FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2701-1 Rating: moderate References: #968766 #987144 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides Ceph 0.94.9, which brings several fixes and enhancements: - ceph_disk.main: Use free space in volume instead of total device size. (bsc#968766) - common: Configuration set with negative value results in "Invalid argument" error. - doc: Fix by-parttypeuuid in ceph-disk(8) man page. - fs: Double decreased the count to trim caps which will cause failure to respond to cache pressure. - log: Do not repeat errors to stderr. - mds: Failing file operations on kernel based cephfs mount point leaves unaccessible file behind. - mds: Don't treat symlink inode as normal file/dir when symlink inode is stale on kcephfs. - mon: Fix calculation of %USED. - mon: Validate prefix on handle_command(). (bsc#987144) - rgw: Fix multi-delete query param parsing. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1592=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1592=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1592=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1592=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): ceph-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debugsource-0.94.9+git.1474374266.239fe15-17.1 ceph-devel-compat-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-devel-0.94.9+git.1474374266.239fe15-17.1 librados2-devel-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-devel-0.94.9+git.1474374266.239fe15-17.1 librbd1-devel-0.94.9+git.1474374266.239fe15-17.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): ceph-common-0.94.9+git.1474374266.239fe15-17.1 ceph-common-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debugsource-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 librados2-0.94.9+git.1474374266.239fe15-17.1 librados2-debuginfo-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 librbd1-0.94.9+git.1474374266.239fe15-17.1 librbd1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 python-ceph-compat-0.94.9+git.1474374266.239fe15-17.1 python-cephfs-0.94.9+git.1474374266.239fe15-17.1 python-rados-0.94.9+git.1474374266.239fe15-17.1 python-rbd-0.94.9+git.1474374266.239fe15-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ceph-common-0.94.9+git.1474374266.239fe15-17.1 ceph-common-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debugsource-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 librados2-0.94.9+git.1474374266.239fe15-17.1 librados2-debuginfo-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 librbd1-0.94.9+git.1474374266.239fe15-17.1 librbd1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 python-ceph-compat-0.94.9+git.1474374266.239fe15-17.1 python-cephfs-0.94.9+git.1474374266.239fe15-17.1 python-rados-0.94.9+git.1474374266.239fe15-17.1 python-rbd-0.94.9+git.1474374266.239fe15-17.1 - SUSE Enterprise Storage 2.1 (x86_64): ceph-0.94.9+git.1474374266.239fe15-17.1 ceph-common-0.94.9+git.1474374266.239fe15-17.1 ceph-common-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-debugsource-0.94.9+git.1474374266.239fe15-17.1 ceph-fuse-0.94.9+git.1474374266.239fe15-17.1 ceph-fuse-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-radosgw-0.94.9+git.1474374266.239fe15-17.1 ceph-radosgw-debuginfo-0.94.9+git.1474374266.239fe15-17.1 ceph-test-0.94.9+git.1474374266.239fe15-17.1 ceph-test-debuginfo-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-0.94.9+git.1474374266.239fe15-17.1 libcephfs1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 librados2-0.94.9+git.1474374266.239fe15-17.1 librados2-debuginfo-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-0.94.9+git.1474374266.239fe15-17.1 libradosstriper1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 librbd1-0.94.9+git.1474374266.239fe15-17.1 librbd1-debuginfo-0.94.9+git.1474374266.239fe15-17.1 python-cephfs-0.94.9+git.1474374266.239fe15-17.1 python-rados-0.94.9+git.1474374266.239fe15-17.1 python-rbd-0.94.9+git.1474374266.239fe15-17.1 rbd-fuse-0.94.9+git.1474374266.239fe15-17.1 rbd-fuse-debuginfo-0.94.9+git.1474374266.239fe15-17.1 rest-bench-0.94.9+git.1474374266.239fe15-17.1 rest-bench-debuginfo-0.94.9+git.1474374266.239fe15-17.1 References: https://bugzilla.suse.com/968766 https://bugzilla.suse.com/987144 From sle-updates at lists.suse.com Wed Nov 2 10:07:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 17:07:25 +0100 (CET) Subject: SUSE-RU-2016:2702-1: Recommended update for release-notes-sles Message-ID: <20161102160725.10A52FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2702-1 Rating: low References: #992576 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sles removes outdated links from the "Update MySQL to 5.5.x" section. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-release-notes-sles-12828=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): release-notes-sles-11.3.46-0.25.1 References: https://bugzilla.suse.com/992576 From sle-updates at lists.suse.com Wed Nov 2 10:07:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 17:07:48 +0100 (CET) Subject: SUSE-RU-2016:2703-1: Recommended update for several openstack components Message-ID: <20161102160748.95F4EFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2703-1 Rating: low References: #976618 #986142 #991985 #994358 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openstack-designate, openstack-ironic, openstack-sahara and openstack-trove fixes the following issues: - Improve OpenStack service start handling (bsc#991985) - Fix group in systemd-tmpfiles (bsc#976618) - Add missing files to /etc/sahara (bsc#986142) - Call correct command to sync the database (bnc#994358) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1593=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-designate-1.0.3~a0~dev11-9.1 openstack-designate-agent-1.0.3~a0~dev11-9.1 openstack-designate-api-1.0.3~a0~dev11-9.1 openstack-designate-central-1.0.3~a0~dev11-9.1 openstack-designate-doc-1.0.3~a0~dev11-9.2 openstack-designate-sink-1.0.3~a0~dev11-9.1 openstack-ironic-4.2.5-9.1 openstack-ironic-api-4.2.5-9.1 openstack-ironic-conductor-4.2.5-9.1 openstack-ironic-doc-4.2.5-9.2 openstack-sahara-3.0.3~a0~dev1-9.1 openstack-sahara-api-3.0.3~a0~dev1-9.1 openstack-sahara-doc-3.0.3~a0~dev1-9.1 openstack-sahara-engine-3.0.3~a0~dev1-9.1 openstack-trove-4.0.1~a0~dev21-11.1 openstack-trove-api-4.0.1~a0~dev21-11.1 openstack-trove-conductor-4.0.1~a0~dev21-11.1 openstack-trove-doc-4.0.1~a0~dev21-11.1 openstack-trove-guestagent-4.0.1~a0~dev21-11.1 openstack-trove-taskmanager-4.0.1~a0~dev21-11.1 python-designate-1.0.3~a0~dev11-9.1 python-ironic-4.2.5-9.1 python-sahara-3.0.3~a0~dev1-9.1 python-trove-4.0.1~a0~dev21-11.1 References: https://bugzilla.suse.com/976618 https://bugzilla.suse.com/986142 https://bugzilla.suse.com/991985 https://bugzilla.suse.com/994358 From sle-updates at lists.suse.com Wed Nov 2 13:07:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 20:07:05 +0100 (CET) Subject: SUSE-SU-2016:2704-1: moderate: Security update for python-suds-jurko Message-ID: <20161102190705.ED80AFFC5@maintenance.suse.de> SUSE Security Update: Security update for python-suds-jurko ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2704-1 Rating: moderate References: #827568 Cross-References: CVE-2013-2217 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-suds-jurko fixes the following issues: - CVE-2013-2217: A temporary directory was used in an insecure fashion when initializing file-based URL cache. (bsc#827568) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1595=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-suds-jurko-0.6-4.1 References: https://www.suse.com/security/cve/CVE-2013-2217.html https://bugzilla.suse.com/827568 From sle-updates at lists.suse.com Wed Nov 2 13:07:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 20:07:34 +0100 (CET) Subject: SUSE-RU-2016:2705-1: moderate: Recommended update for crowbar-ceph Message-ID: <20161102190734.A07D8FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2705-1 Rating: moderate References: #948522 #962672 #972001 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-ceph fixes the following issues: - Added Ceph config option for insecure SSL (bsc#962672) - Optimize number of Placement Groups per Ceph Node (bsc#948522) - Fix issue while calculating the number of OSD's (bsc#972001) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1596=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1596=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-ceph-3.0+git.1472816369.70b8330-8.1 - SUSE Enterprise Storage 2.1 (noarch): crowbar-ceph-3.0+git.1472816369.70b8330-8.1 References: https://bugzilla.suse.com/948522 https://bugzilla.suse.com/962672 https://bugzilla.suse.com/972001 From sle-updates at lists.suse.com Wed Nov 2 14:06:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2016 21:06:58 +0100 (CET) Subject: SUSE-SU-2016:2706-1: important: Security update for bind Message-ID: <20161102200658.0B644FFC1@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2706-1 Rating: important References: #1007829 #965748 Cross-References: CVE-2016-8864 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-12829=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-12829=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-12829=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12829=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12829=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-12829=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12829=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-12829=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12829=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12829=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-bind-12829=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-32bit-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-32bit-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-32bit-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.33.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-devel-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.33.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.33.1 bind-chrootenv-9.9.6P1-0.33.1 bind-doc-9.9.6P1-0.33.1 bind-libs-9.9.6P1-0.33.1 bind-utils-9.9.6P1-0.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.33.1 bind-debugsource-9.9.6P1-0.33.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.33.1 bind-debugsource-9.9.6P1-0.33.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.33.1 bind-debugsource-9.9.6P1-0.33.1 References: https://www.suse.com/security/cve/CVE-2016-8864.html https://bugzilla.suse.com/1007829 https://bugzilla.suse.com/965748 From sle-updates at lists.suse.com Thu Nov 3 04:13:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2016 11:13:25 +0100 (CET) Subject: SUSE-SU-2016:2697-2: important: Security update for bind Message-ID: <20161103101325.7EC97FFC0@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2697-2 Rating: important References: #1007829 #965748 Cross-References: CVE-2016-8864 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1588=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-49.1 bind-chrootenv-9.9.9P1-49.1 bind-debuginfo-9.9.9P1-49.1 bind-debugsource-9.9.9P1-49.1 bind-libs-9.9.9P1-49.1 bind-libs-debuginfo-9.9.9P1-49.1 bind-utils-9.9.9P1-49.1 bind-utils-debuginfo-9.9.9P1-49.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-49.1 References: https://www.suse.com/security/cve/CVE-2016-8864.html https://bugzilla.suse.com/1007829 https://bugzilla.suse.com/965748 From sle-updates at lists.suse.com Thu Nov 3 08:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2016 15:08:41 +0100 (CET) Subject: SUSE-SU-2016:2714-1: important: Security update for curl Message-ID: <20161103140841.4EA07FFC3@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2714-1 Rating: important References: #1005633 #1005634 #1005635 #1005637 #1005638 #1005642 #1005645 #1005646 #998760 Cross-References: CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-12831=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-12831=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-12831=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-12831=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.64.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.64.1 libcurl4-7.19.7-1.64.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.64.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.64.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.19.7-1.64.1 libcurl4-openssl1-7.19.7-1.64.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-1.64.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.19.7-1.64.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.64.1 curl-debugsource-7.19.7-1.64.1 References: https://www.suse.com/security/cve/CVE-2016-7167.html https://www.suse.com/security/cve/CVE-2016-8615.html https://www.suse.com/security/cve/CVE-2016-8616.html https://www.suse.com/security/cve/CVE-2016-8617.html https://www.suse.com/security/cve/CVE-2016-8618.html https://www.suse.com/security/cve/CVE-2016-8619.html https://www.suse.com/security/cve/CVE-2016-8620.html https://www.suse.com/security/cve/CVE-2016-8621.html https://www.suse.com/security/cve/CVE-2016-8622.html https://www.suse.com/security/cve/CVE-2016-8623.html https://www.suse.com/security/cve/CVE-2016-8624.html https://bugzilla.suse.com/1005633 https://bugzilla.suse.com/1005634 https://bugzilla.suse.com/1005635 https://bugzilla.suse.com/1005637 https://bugzilla.suse.com/1005638 https://bugzilla.suse.com/1005642 https://bugzilla.suse.com/1005645 https://bugzilla.suse.com/1005646 https://bugzilla.suse.com/998760 From sle-updates at lists.suse.com Thu Nov 3 10:07:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2016 17:07:26 +0100 (CET) Subject: SUSE-RU-2016:2718-1: moderate: Recommended update for shim Message-ID: <20161103160726.CF889FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2718-1 Rating: moderate References: #919675 #920515 #945178 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The shim bootloader for UEFI secure boot support was updated to the unified version 0.9 between SUSE Linux Enterprise versions (same as SUSE Linux Enterprise 12 SP1). (FATE#318904) This also fixes two bugs: * RSOD comes when you enter and exit from grub command line (bsc#919675) * StrCpy() could crash fallback.efi due to the under-allocated buffer (bsc#920515) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-shim-09-12832=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (x86_64): shim-0.9-11.7 References: https://bugzilla.suse.com/919675 https://bugzilla.suse.com/920515 https://bugzilla.suse.com/945178 From sle-updates at lists.suse.com Thu Nov 3 12:06:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2016 19:06:44 +0100 (CET) Subject: SUSE-RU-2016:2719-1: Recommended update for yast2-migration Message-ID: <20161103180644.EAC02FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2719-1 Rating: low References: #955156 #967828 #982150 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides fixes for the Service Pack migration process. yast2-registration: - Recommend yast2-migration package to install it by default. (bsc#982150) - Added a workaround for missing last characters in the addon selection dialog in text mode. (bsc#955156) - Force refresh when adding a service, otherwise some services will not be refreshed due to TTL entries. (bsc#967828) yast2-migration: - Added Supplements for yast2-registration to ensure automatic installation. (bsc#982150) yast2-pkg-bindings: - Added new call: ServiceForceRefresh. (bsc#967828) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1602=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1602=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-pkg-bindings-3.1.31.1-2.3.1 yast2-pkg-bindings-debuginfo-3.1.31.1-2.3.1 yast2-pkg-bindings-debugsource-3.1.31.1-2.3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-migration-3.1.13.1-3.1 yast2-registration-3.1.166.3-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): yast2-migration-3.1.13.1-3.1 yast2-registration-3.1.166.3-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-pkg-bindings-3.1.31.1-2.3.1 yast2-pkg-bindings-debuginfo-3.1.31.1-2.3.1 yast2-pkg-bindings-debugsource-3.1.31.1-2.3.1 References: https://bugzilla.suse.com/955156 https://bugzilla.suse.com/967828 https://bugzilla.suse.com/982150 From sle-updates at lists.suse.com Thu Nov 3 14:06:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2016 21:06:44 +0100 (CET) Subject: SUSE-RU-2016:2720-1: moderate: Recommended update for python-azurectl Message-ID: <20161103200644.270E7FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azurectl ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2720-1 Rating: moderate References: #1007751 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azurectl fixes the following issues: - Append VHD footer to the end of the disk. - Fixup data disk creation. (bsc#1007751) - Update data-disk manual page. - Add missing data-disk attach subcommand help. - Update bash completion. - Add --show-in-gui and --recommended-vm-size to compute image update + tests. - Document: Storage disk upload skips zero'd blocks. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1603=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azurectl-2.2.3-13.1 References: https://bugzilla.suse.com/1007751 From sle-updates at lists.suse.com Thu Nov 3 17:07:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 00:07:08 +0100 (CET) Subject: SUSE-RU-2016:2721-1: moderate: Recommended update for parted Message-ID: <20161103230708.265ECFFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2721-1 Rating: moderate References: #1001967 #964012 #968302 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for parted provides the following fixes: - Don't warn if the HDIO_GET_IDENTITY ioctl isn't supported. (bsc#964012, bsc#1001967) - Avoid the HDIO_GETGEO ioctl when possible. (bsc#968302) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-parted-12833=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-parted-12833=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-parted-12833=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): parted-devel-2.3-10.51.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): parted-2.3-10.51.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): parted-32bit-2.3-10.51.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): parted-x86-2.3-10.51.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): parted-debuginfo-2.3-10.51.1 parted-debugsource-2.3-10.51.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): parted-debuginfo-32bit-2.3-10.51.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): parted-debuginfo-x86-2.3-10.51.1 References: https://bugzilla.suse.com/1001967 https://bugzilla.suse.com/964012 https://bugzilla.suse.com/968302 From sle-updates at lists.suse.com Fri Nov 4 08:07:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 15:07:01 +0100 (CET) Subject: SUSE-SU-2016:2723-1: moderate: Security update for ghostscript-library Message-ID: <20161104140701.EB233FFC3@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2723-1 Rating: moderate References: #1004237 Cross-References: CVE-2016-8602 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-12834=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-12834=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-12834=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.41.1 ghostscript-ijs-devel-8.62-32.41.1 libgimpprint-devel-4.2.7-32.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.41.1 ghostscript-fonts-rus-8.62-32.41.1 ghostscript-fonts-std-8.62-32.41.1 ghostscript-library-8.62-32.41.1 ghostscript-omni-8.62-32.41.1 ghostscript-x11-8.62-32.41.1 libgimpprint-4.2.7-32.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.41.1 ghostscript-library-debugsource-8.62-32.41.1 References: https://www.suse.com/security/cve/CVE-2016-8602.html https://bugzilla.suse.com/1004237 From sle-updates at lists.suse.com Fri Nov 4 08:07:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 15:07:30 +0100 (CET) Subject: SUSE-SU-2016:2724-1: moderate: Security update for GraphicsMagick Message-ID: <20161104140730.C3D79FFC3@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2724-1 Rating: moderate References: #1000399 #1000434 #1000436 #1000689 #1000690 #1000691 #1000692 #1000693 #1000695 #1000698 #1000700 #1000704 #1000707 #1000711 #1001066 #1001221 #1002206 #1002209 #1002422 #1003629 #1005123 #1005125 #1005127 #999673 Cross-References: CVE-2015-8957 CVE-2015-8958 CVE-2016-6823 CVE-2016-7101 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7519 CVE-2016-7522 CVE-2016-7524 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: Out-of-bound access in wpg file coder: (bsc#1000436) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449: various issues fixed in 1.3.25 (bsc#999673) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - Divide by zero in WriteTIFFImage (bsc#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12835=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12835=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12835=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.46.1 libGraphicsMagick2-1.2.5-4.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.46.1 libGraphicsMagick2-1.2.5-4.46.1 perl-GraphicsMagick-1.2.5-4.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.46.1 GraphicsMagick-debugsource-1.2.5-4.46.1 References: https://www.suse.com/security/cve/CVE-2015-8957.html https://www.suse.com/security/cve/CVE-2015-8958.html https://www.suse.com/security/cve/CVE-2016-6823.html https://www.suse.com/security/cve/CVE-2016-7101.html https://www.suse.com/security/cve/CVE-2016-7446.html https://www.suse.com/security/cve/CVE-2016-7447.html https://www.suse.com/security/cve/CVE-2016-7448.html https://www.suse.com/security/cve/CVE-2016-7449.html https://www.suse.com/security/cve/CVE-2016-7515.html https://www.suse.com/security/cve/CVE-2016-7516.html https://www.suse.com/security/cve/CVE-2016-7517.html https://www.suse.com/security/cve/CVE-2016-7519.html https://www.suse.com/security/cve/CVE-2016-7522.html https://www.suse.com/security/cve/CVE-2016-7524.html https://www.suse.com/security/cve/CVE-2016-7527.html https://www.suse.com/security/cve/CVE-2016-7528.html https://www.suse.com/security/cve/CVE-2016-7529.html https://www.suse.com/security/cve/CVE-2016-7531.html https://www.suse.com/security/cve/CVE-2016-7533.html https://www.suse.com/security/cve/CVE-2016-7537.html https://www.suse.com/security/cve/CVE-2016-7800.html https://www.suse.com/security/cve/CVE-2016-7996.html https://www.suse.com/security/cve/CVE-2016-7997.html https://www.suse.com/security/cve/CVE-2016-8682.html https://www.suse.com/security/cve/CVE-2016-8683.html https://www.suse.com/security/cve/CVE-2016-8684.html https://bugzilla.suse.com/1000399 https://bugzilla.suse.com/1000434 https://bugzilla.suse.com/1000436 https://bugzilla.suse.com/1000689 https://bugzilla.suse.com/1000690 https://bugzilla.suse.com/1000691 https://bugzilla.suse.com/1000692 https://bugzilla.suse.com/1000693 https://bugzilla.suse.com/1000695 https://bugzilla.suse.com/1000698 https://bugzilla.suse.com/1000700 https://bugzilla.suse.com/1000704 https://bugzilla.suse.com/1000707 https://bugzilla.suse.com/1000711 https://bugzilla.suse.com/1001066 https://bugzilla.suse.com/1001221 https://bugzilla.suse.com/1002206 https://bugzilla.suse.com/1002209 https://bugzilla.suse.com/1002422 https://bugzilla.suse.com/1003629 https://bugzilla.suse.com/1005123 https://bugzilla.suse.com/1005125 https://bugzilla.suse.com/1005127 https://bugzilla.suse.com/999673 From sle-updates at lists.suse.com Fri Nov 4 08:11:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 15:11:19 +0100 (CET) Subject: SUSE-SU-2016:2725-1: important: Security update for xen Message-ID: <20161104141119.940FDFFC4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2725-1 Rating: important References: #954872 #961600 #963161 #973188 #973631 #974038 #975130 #975138 #976470 #978164 #978295 #978413 #980716 #980724 #981264 #982224 #982225 #982960 #983984 #985503 #988675 #990843 #990923 #995785 #995792 Cross-References: CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 CVE-2016-7092 CVE-2016-7094 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has four fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-5403: Unbounded memory allocation allowed a guest administrator to cause a denial of service of the host (bsc#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) These non-security issues were fixed: - bsc#985503: vif-route broken - bsc#978413: PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) - bsc#961600: Poor performance when Xen HVM domU configured with max memory > current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#976470: Xend fails to start - bsc#973631: AWS EC2 kdump issue Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-12836=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-12836=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-12836=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-12836=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-12836=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-27.1 xen-doc-html-4.2.5_21-27.1 xen-doc-pdf-4.2.5_21-27.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.86-27.1 xen-libs-32bit-4.2.5_21-27.1 xen-libs-4.2.5_21-27.1 xen-tools-4.2.5_21-27.1 xen-tools-domU-4.2.5_21-27.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-27.1 xen-doc-html-4.2.5_21-27.1 xen-doc-pdf-4.2.5_21-27.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.86-27.1 xen-libs-32bit-4.2.5_21-27.1 xen-libs-4.2.5_21-27.1 xen-tools-4.2.5_21-27.1 xen-tools-domU-4.2.5_21-27.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-27.1 xen-doc-html-4.2.5_21-27.1 xen-doc-pdf-4.2.5_21-27.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.86-27.1 xen-libs-32bit-4.2.5_21-27.1 xen-libs-4.2.5_21-27.1 xen-tools-4.2.5_21-27.1 xen-tools-domU-4.2.5_21-27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.86-27.1 xen-libs-4.2.5_21-27.1 xen-tools-domU-4.2.5_21-27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-27.1 xen-doc-html-4.2.5_21-27.1 xen-doc-pdf-4.2.5_21-27.1 xen-libs-32bit-4.2.5_21-27.1 xen-tools-4.2.5_21-27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.86-27.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.86-27.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.86-27.1 xen-libs-4.2.5_21-27.1 xen-tools-domU-4.2.5_21-27.1 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4480.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6351.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7094.html https://bugzilla.suse.com/954872 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/973631 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/976470 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995792 From sle-updates at lists.suse.com Fri Nov 4 08:16:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 15:16:32 +0100 (CET) Subject: SUSE-SU-2016:2726-1: important: Security update for java-1_8_0-ibm Message-ID: <20161104141632.49D79FFC4@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2726-1 Rating: important References: #992537 Cross-References: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues: - CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking - CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via vectors related to Deployment - CVE-2016-3598: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1606=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1606=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr3.10-15.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1 java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3598.html https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Fri Nov 4 09:07:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 16:07:20 +0100 (CET) Subject: SUSE-RU-2016:2727-1: Recommended update for virt-utils Message-ID: <20161104150720.66ECCFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2727-1 Rating: low References: #962079 #995727 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for virt-utils provides the following fixes: - Call g_thread_init() to enable multi-threading for all of qemu tools. This fixes a segmentation fault when using qemu-nbd(8) to create file systems. (bsc#995727) - Fix potential segmentation fault when repeatedly attaching and detaching qcow2 volumes with qemu-nbd. (bsc#962079) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-virt-utils-12837=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-virt-utils-12837=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): virt-utils-1.2.1-14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): virt-utils-debuginfo-1.2.1-14.1 virt-utils-debugsource-1.2.1-14.1 References: https://bugzilla.suse.com/962079 https://bugzilla.suse.com/995727 From sle-updates at lists.suse.com Fri Nov 4 09:07:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 16:07:58 +0100 (CET) Subject: SUSE-RU-2016:2728-1: moderate: Recommended update for yast2-sap-scp Message-ID: <20161104150758.62F80FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sap-scp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2728-1 Rating: moderate References: #999291 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This version update from 1.0.2 to 1.0.3 for yast2-sap-scp fixes an issue with not working HTTP redirections for the product metadata files (bsc#999291). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2016-1609=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1609=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): yast2-sap-scp-1.0.3-9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): yast2-sap-scp-1.0.3-9.1 References: https://bugzilla.suse.com/999291 From sle-updates at lists.suse.com Fri Nov 4 10:06:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2016 17:06:43 +0100 (CET) Subject: SUSE-RU-2016:2731-1: Recommended update for ovmf Message-ID: <20161104160644.08879FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2731-1 Rating: low References: #1004929 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ovmf provides the following fixes: - Prevent "Unhandled access" errors when booting ovmf on aarch64 Cavium ThunderX hosts. (bsc#1004929) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1611=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1611=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ovmf-2015+git1462940744.321151f-9.1 ovmf-tools-2015+git1462940744.321151f-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-uefi-aarch64-2015+git1462940744.321151f-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): ovmf-2015+git1462940744.321151f-9.1 ovmf-tools-2015+git1462940744.321151f-9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-9.1 qemu-uefi-aarch64-2015+git1462940744.321151f-9.1 References: https://bugzilla.suse.com/1004929 From sle-updates at lists.suse.com Mon Nov 7 15:07:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2016 23:07:05 +0100 (CET) Subject: SUSE-RU-2016:2740-1: Recommended update for shadow Message-ID: <20161107220705.DFA9CFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for shadow ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2740-1 Rating: low References: #1002975 #994486 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for shadow provides the following fixes: - Set file modes according to the permissions package and don't attempt to manipulate them in %files section. (bsc#1002975) - Include shadow(5) man page. (bsc#994486) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1613=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1613=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): shadow-4.1.5.1-19.5.1 shadow-debuginfo-4.1.5.1-19.5.1 shadow-debugsource-4.1.5.1-19.5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): shadow-4.1.5.1-19.5.1 shadow-debuginfo-4.1.5.1-19.5.1 shadow-debugsource-4.1.5.1-19.5.1 References: https://bugzilla.suse.com/1002975 https://bugzilla.suse.com/994486 From sle-updates at lists.suse.com Mon Nov 7 15:07:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2016 23:07:46 +0100 (CET) Subject: SUSE-RU-2016:2741-1: Recommended update for python-keyring Message-ID: <20161107220746.77955FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keyring ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2741-1 Rating: low References: #991970 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-keyring provides the following fixes: - Specify required version of GnomeKeyring to avoid warnings. (bsc#991970) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1615=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1615=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1615=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): python-keyring-5.3-4.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): python-keyring-5.3-4.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-keyring-5.3-4.1 References: https://bugzilla.suse.com/991970 From sle-updates at lists.suse.com Mon Nov 7 15:08:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2016 23:08:13 +0100 (CET) Subject: SUSE-RU-2016:2742-1: Recommended update for shadow Message-ID: <20161107220813.18A9FFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for shadow ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2742-1 Rating: low References: #1002975 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shadow fixes the following issues: - Set file modes according to the permissions package and don't attempt to manipulate them in %files section. (bsc#1002975) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1614=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1614=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1614=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): shadow-4.2.1-23.1 shadow-debuginfo-4.2.1-23.1 shadow-debugsource-4.2.1-23.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): shadow-4.2.1-23.1 shadow-debuginfo-4.2.1-23.1 shadow-debugsource-4.2.1-23.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): shadow-4.2.1-23.1 shadow-debuginfo-4.2.1-23.1 shadow-debugsource-4.2.1-23.1 References: https://bugzilla.suse.com/1002975 From sle-updates at lists.suse.com Mon Nov 7 18:06:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2016 02:06:41 +0100 (CET) Subject: SUSE-RU-2016:2743-1: Optional update for the first kernel live patch for SUSE Linux Enterprise 12 SP2 Message-ID: <20161108010641.0F366FFC3@maintenance.suse.de> SUSE Recommended Update: Optional update for the first kernel live patch for SUSE Linux Enterprise 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2743-1 Rating: low References: #973397 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is initial kGraft patch for the first SUSE Linux Enterprise 12 SP2 kernel, matching the kernel released with the GMC media. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1616=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-1-2.1 References: https://bugzilla.suse.com/973397 From sle-updates at lists.suse.com Tue Nov 8 05:06:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2016 13:06:59 +0100 (CET) Subject: SUSE-RU-2016:2744-1: Recommended update for libesmtp Message-ID: <20161108120659.C4885FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libesmtp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2744-1 Rating: low References: #1005909 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libesmtp provides the following fixes: - All TLS clients must support and use the highest TLS version available if possible, not only TLS 1.0. (bsc#1005909) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1617=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1617=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1617=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1617=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1617=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1617=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1617=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 libesmtp-devel-1.0.6-16.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 libesmtp-devel-1.0.6-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libesmtp-1.0.6-16.1 libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libesmtp-1.0.6-16.1 libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libesmtp-1.0.6-16.1 libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libesmtp-1.0.6-16.1 libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libesmtp-1.0.6-16.1 libesmtp-debuginfo-1.0.6-16.1 libesmtp-debugsource-1.0.6-16.1 References: https://bugzilla.suse.com/1005909 From sle-updates at lists.suse.com Tue Nov 8 09:07:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2016 17:07:19 +0100 (CET) Subject: SUSE-RU-2016:2745-1: Recommended update for kiwi Message-ID: <20161108160719.CAFEAFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2745-1 Rating: low References: #1004654 #963276 #993792 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides KIWI v5.05.93, which brings fixes and enhancements: - Don't strip curl alternative binaries from initrd: The last update of curl in SLE11 introduced /usr/bin/curl as a symbolic link. The real binary is /usr/bin/curl.openssl0 or /usr/bin/curl.openssl1. This needs to be taken into account when striping down the initrd by kiwi. (bsc#1004654) - Add missing failsafe entry to elilo.conf: For SLE11 EFI support the elilo wrapper is used, in order to allow elilo to create a grub.cfg with a failsafe entry the elilo template config must provide an image section for it. (bsc#993792) - bootImage: Don't copy initial ram disk content to /run/initramfs: We should avoid copying the initial ram disk content to a tmpfs filesystem, especially on low memory systems. (bsc#963276) - Prefer switch_root over pivot_root. (bsc#963276) - Fixed partition table label for ec2 images: If firmware="ec2" is requested kiwi implicitly set the partition table label to GPT. This leads to a failing boot in EC2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kiwi-12838=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kiwi-12838=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kiwi-12838=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): kiwi-5.05.93-7.1 kiwi-instsource-5.05.93-7.1 kiwi-tools-5.05.93-7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 s390x x86_64): kiwi-desc-oemboot-5.05.93-7.1 kiwi-desc-vmxboot-5.05.93-7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): kiwi-desc-isoboot-5.05.93-7.1 kiwi-desc-netboot-5.05.93-7.1 kiwi-doc-5.05.93-7.1 kiwi-pxeboot-5.05.93-7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kiwi-tools-5.05.93-7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kiwi-debuginfo-5.05.93-7.1 kiwi-debugsource-5.05.93-7.1 References: https://bugzilla.suse.com/1004654 https://bugzilla.suse.com/963276 https://bugzilla.suse.com/993792 From sle-updates at lists.suse.com Tue Nov 8 11:07:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2016 19:07:04 +0100 (CET) Subject: SUSE-RU-2016:2747-1: Recommended update for release-notes-susemanager and release-notes-susemanager-proxy Message-ID: <20161108180704.C16AEFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager and release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2747-1 Rating: low References: #969889 #988303 #994305 Affected Products: SUSE Manager Proxy 2.1 SUSE Manager 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: SUSE Manager 2.1 Release Notes and SUSE Manager Proxy 2.1 Release Notes have been updated to document: - New channels available: + OES 2015 and OES 2015 SP1 + SLES 12 LTSS + SUSE Enterprise Storage 3 + SLE Module Certifications - Bugs fixed by latest updates: bsc#969790, bsc#969889, bsc#973198, bsc#981635, bsc#986978 bsc#988303, bsc#990264, bsc#992987, bsc#994305, bsc#1000448 bsc#1000666, bsc#1001738, bsc#1001784, bsc#1001923, bsc#1002231 bsc#1002678 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-release-notes-susemanager-12840=1 - SUSE Manager 2.1: zypper in -t patch sleman21-release-notes-susemanager-12840=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): release-notes-susemanager-proxy-2.1.0-0.27.1 - SUSE Manager 2.1 (s390x x86_64): release-notes-susemanager-2.1.0-0.53.1 References: https://bugzilla.suse.com/969889 https://bugzilla.suse.com/988303 https://bugzilla.suse.com/994305 From sle-updates at lists.suse.com Tue Nov 8 12:07:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2016 20:07:02 +0100 (CET) Subject: SUSE-RU-2016:2748-1: Recommended update for timezone Message-ID: <20161108190702.341A2FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2748-1 Rating: low References: #1007725 #1007726 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest timezone information (2016i) for your system, including the following changes: - Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on 2017-01-15 at 03:00. (bsc#1007725) - Northern Cyprus is now +03 year round, causing a split in Cyprus time zones starting 2016-10-30 at 04:00. This creates a zone Asia/Famagusta. (bsc#1007726) - Antarctica/Casey switched from +08 to +11 on 2016-10-22. - Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not 2016-10-21 at 00:00. - Asia/Colombo now uses numeric time zone abbreviations. This release also includes changes affecting past time stamps and documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1621=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1621=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1621=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1621=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1621=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1621=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016i-0.63.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016i-63.1 timezone-debuginfo-2016i-63.1 timezone-debugsource-2016i-63.1 References: https://bugzilla.suse.com/1007725 https://bugzilla.suse.com/1007726 From sle-updates at lists.suse.com Tue Nov 8 19:06:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 03:06:49 +0100 (CET) Subject: SUSE-RU-2016:2751-1: important: Recommended update for the Linux Kernel Message-ID: <20161109020649.6CC1EFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2751-1 Rating: important References: #1006804 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to fix a btrfs problem. - btrfs: An fix endless loop in balancing block groups was fixed (bsc#1006804). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1622=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1622=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1622=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1622=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1622=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1622=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.21-81.3 kernel-default-debugsource-4.4.21-81.3 kernel-default-extra-4.4.21-81.3 kernel-default-extra-debuginfo-4.4.21-81.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.21-81.1 kernel-obs-build-debugsource-4.4.21-81.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.21-81.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.21-81.3 kernel-default-base-4.4.21-81.3 kernel-default-base-debuginfo-4.4.21-81.3 kernel-default-debuginfo-4.4.21-81.3 kernel-default-debugsource-4.4.21-81.3 kernel-default-devel-4.4.21-81.3 kernel-syms-4.4.21-81.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.21-81.3 kernel-macros-4.4.21-81.3 kernel-source-4.4.21-81.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.21-81.3 kernel-default-base-4.4.21-81.3 kernel-default-base-debuginfo-4.4.21-81.3 kernel-default-debuginfo-4.4.21-81.3 kernel-default-debugsource-4.4.21-81.3 kernel-default-devel-4.4.21-81.3 kernel-syms-4.4.21-81.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.21-81.3 kernel-macros-4.4.21-81.3 kernel-source-4.4.21-81.3 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-1-2.3 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.21-81.3 cluster-md-kmp-default-debuginfo-4.4.21-81.3 cluster-network-kmp-default-4.4.21-81.3 cluster-network-kmp-default-debuginfo-4.4.21-81.3 dlm-kmp-default-4.4.21-81.3 dlm-kmp-default-debuginfo-4.4.21-81.3 gfs2-kmp-default-4.4.21-81.3 gfs2-kmp-default-debuginfo-4.4.21-81.3 kernel-default-debuginfo-4.4.21-81.3 kernel-default-debugsource-4.4.21-81.3 ocfs2-kmp-default-4.4.21-81.3 ocfs2-kmp-default-debuginfo-4.4.21-81.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.21-81.3 kernel-macros-4.4.21-81.3 kernel-source-4.4.21-81.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.21-81.3 kernel-default-debuginfo-4.4.21-81.3 kernel-default-debugsource-4.4.21-81.3 kernel-default-devel-4.4.21-81.3 kernel-default-extra-4.4.21-81.3 kernel-default-extra-debuginfo-4.4.21-81.3 kernel-syms-4.4.21-81.3 References: https://bugzilla.suse.com/1006804 From sle-updates at lists.suse.com Wed Nov 9 07:07:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 15:07:11 +0100 (CET) Subject: SUSE-RU-2016:2753-1: Recommended update for python-M2Crypto Message-ID: <20161109140711.D3778FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2753-1 Rating: low References: #1001377 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-M2Crypto fixes the following issues: - Do not strip leading zeros from certificate fingerprints. (bsc#1001377) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1623=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1623=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-M2Crypto-0.22.5-21.1 python-M2Crypto-debuginfo-0.22.5-21.1 python-M2Crypto-debugsource-0.22.5-21.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): python-M2Crypto-0.22.5-21.1 python-M2Crypto-debuginfo-0.22.5-21.1 python-M2Crypto-debugsource-0.22.5-21.1 References: https://bugzilla.suse.com/1001377 From sle-updates at lists.suse.com Wed Nov 9 07:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 15:07:42 +0100 (CET) Subject: SUSE-RU-2016:2754-1: moderate: Recommended update for libqt5-qtwebengine Message-ID: <20161109140742.D9956FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtwebengine ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2754-1 Rating: moderate References: #1005323 #997171 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libqt5-qtwebengine disables the use of the GPU when the Nouveau OpenGL driver is detected. This is necessary because Nouveau doesn't support rendering from different threads. Also, two new environment variables can be used to control this behavior: - QT_WEBENGINE_DISABLE_GPU can be used to force the disabling of the GPU; and - QT_WEBENGINE_DISABLE_NOUVEAU_WORKAROUND can be used to disable the detection of Nouveau, making it easier for users to try with newer Nouveau releases. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1624=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1624=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1624=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): libqt5-qtwebengine-debuginfo-5.6.1-9.1 libqt5-qtwebengine-debugsource-5.6.1-9.1 libqt5-qtwebengine-devel-5.6.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libqt5-qtwebengine-private-headers-devel-5.6.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libqt5-qtwebengine-5.6.1-9.1 libqt5-qtwebengine-debuginfo-5.6.1-9.1 libqt5-qtwebengine-debugsource-5.6.1-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libqt5-qtwebengine-5.6.1-9.1 libqt5-qtwebengine-debuginfo-5.6.1-9.1 libqt5-qtwebengine-debugsource-5.6.1-9.1 References: https://bugzilla.suse.com/1005323 https://bugzilla.suse.com/997171 From sle-updates at lists.suse.com Wed Nov 9 09:07:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 17:07:01 +0100 (CET) Subject: SUSE-OU-2016:2756-1: Initial release of google-compute-engine-init Message-ID: <20161109160701.E7AC7FFC1@maintenance.suse.de> SUSE Optional Update: Initial release of google-compute-engine-init ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2756-1 Rating: low References: #994943 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds package google-compute-engine-init to the SLE Public Cloud 12 Module. The google-compute-engine-init package provides the initialization code for instances in Google Compute Engine. It obsoletes packages gcimagebundle, google-daemon and google-startup-scripts. The code previously provided by gcimagebundle is not replaced. New image creation from running instances is accomplished using functionality from google-cloud-sdk or through the GCE web console. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-google-compute-engine-init-12841=1 - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-compute-engine-init-12841=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-setuptools-0.6c11-8.1 - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): gcimagebundle-1.3.1-14.2 google-compute-engine-init-20160803-2.2 python-setuptools-0.6c11-8.1 - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): google-daemon-1.3.2-17.2 google-startup-scripts-1.3.2-19.2 References: https://bugzilla.suse.com/994943 From sle-updates at lists.suse.com Wed Nov 9 09:07:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 17:07:29 +0100 (CET) Subject: SUSE-OU-2016:2757-1: Initial release of google-compute-engine-init Message-ID: <20161109160729.6483CFFC3@maintenance.suse.de> SUSE Optional Update: Initial release of google-compute-engine-init ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2757-1 Rating: low References: #994943 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds package google-compute-engine-init to the SLE Public Cloud 12 Module. The google-compute-engine-init package provides the initialization code for instances in Google Compute Engine. It obsoletes packages gcimagebundle, google-daemon and google-startup-scripts. The code previously provided by gcimagebundle is not replaced. New image creation from running instances is accomplished using functionality from google-cloud-sdk or through the GCE web console. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1625=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): gcimagebundle-1.3.1-17.1 google-compute-engine-init-20160803-3.1 google-daemon-1.3.2-20.1 google-startup-scripts-1.3.2-23.1 References: https://bugzilla.suse.com/994943 From sle-updates at lists.suse.com Wed Nov 9 10:07:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 18:07:28 +0100 (CET) Subject: SUSE-RU-2016:2758-1: Recommended update for release-notes-sles Message-ID: <20161109170728.4A79FFFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2758-1 Rating: low References: #1006804 #1007153 #1007209 #1007705 #985603 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP2 have been updated to document: - GICv2 and GICv3 Interrupt Controller Support in QEMU. (fate319898) - GCC SIMD Performance Tuning. (fate#319945) - Improved Auto LUN Scan. (fate#319948) - GNOME Desktop: Clicking "Open in Terminal" on Desktop. (fate#321179) - iSCSI with CHAP Is Not Supported in FIPS Mode. (fate#321984, bsc#985603) - Btrfs File System Going Read-only on Balance. (fate#322002, bsc#1006804) - Virtualization: QCOW format not supported anymore.(fate#317891) - Device Driver ibmvnic Has Been Added as a Tech Preview. (fate#318726) - Support for UEFI in QEMU Virtual Machines. (fate#319531) - Status of Guest 3D Acceleration With virtio-gpu. (fate#319660) - Updating the Installer at the Beginning of Installation. (fate#319716) - NVDIMM Support Status. (fate#319792) - The libcxl Userspace Library for CAPI Has Been Added. (fate#320440) - Media-based Sources Are Disabled After Installation. (fate#320494) - Fixed wrong Service Pack number in Support section. (bsc#1007705) - Updated amount of supported RAM for z Systems. (bsc#1007153) - Updated Xen limits. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1627=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1627=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): release-notes-sles-12.2.20161104-3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): release-notes-sles-12.2.20161104-3.1 References: https://bugzilla.suse.com/1006804 https://bugzilla.suse.com/1007153 https://bugzilla.suse.com/1007209 https://bugzilla.suse.com/1007705 https://bugzilla.suse.com/985603 From sle-updates at lists.suse.com Wed Nov 9 13:06:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 21:06:57 +0100 (CET) Subject: SUSE-RU-2016:2761-1: Recommended update for amazon-ecs-init Message-ID: <20161109200657.3EC2CFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2761-1 Rating: low References: #1008298 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amazon-ecs-init provides version 1.13.0 and brings several fixes and improvements: - Service needs to run after we know the network is fully configured thus use network-online.target instead of network.target - Enable Task IAM Role for containers launched with 'host' network mode - Support Task IAM Roles feature of Agent - Start Agent with host network mode - Add support for Docker 1.11.2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1628=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): amazon-ecs-init-1.13.0-15.1 References: https://bugzilla.suse.com/1008298 From sle-updates at lists.suse.com Wed Nov 9 14:07:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 22:07:03 +0100 (CET) Subject: SUSE-RU-2016:2762-1: moderate: Recommended update for squid Message-ID: <20161109210703.600DFFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for squid ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2762-1 Rating: moderate References: #1003270 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for squid fixes CONNECT requests (i.e. https) on cascaded proxies. (bsc#1003270) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1631=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): squid-3.3.14-22.3.1 squid-debuginfo-3.3.14-22.3.1 squid-debugsource-3.3.14-22.3.1 References: https://bugzilla.suse.com/1003270 From sle-updates at lists.suse.com Wed Nov 9 14:07:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 22:07:27 +0100 (CET) Subject: SUSE-RU-2016:2763-1: Recommended update for sle-ha-install-quick_en Message-ID: <20161109210727.B7F32FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-install-quick_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2763-1 Rating: low References: #1006824 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the HTML version of the SUSE Linux Enterprise High Availability Extension 12 SP2 Installation Quick Start guide. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1633=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (noarch): sle-ha-install-quick_en-12.2-7.1 References: https://bugzilla.suse.com/1006824 From sle-updates at lists.suse.com Wed Nov 9 14:07:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 22:07:51 +0100 (CET) Subject: SUSE-SU-2016:2764-1: moderate: Security update for util-linux Message-ID: <20161109210751.2A22BFFC3@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2764-1 Rating: moderate References: #947494 #966891 #978993 #982331 #983164 #987176 #988361 #994399 Cross-References: CVE-2016-5011 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for util-linux fixes a number of bugs and one minor security issue. The following minor vulnerability was fixed: - CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition (bsc#988361) The following bugs were fixed: - bsc#987176: When mounting a subfolder of a CIFS share, mount -a would show the mount as busy - bsc#947494: mount -a would fail to recognize btrfs already mounted, address loop re-use in libmount - bsc#966891: Conflict in meaning of losetup -L. This switch in SLE12 SP1 and SP2 continues to carry the meaning of --logical-blocksize instead of upstream --nooverlap - bsc#994399: Package would trigger conflicts with sysvinit-tools - bsc#983164: mount uid= and gid= would reject valid non UID/GID values - bsc#978993: cfdisk would mangle some text output - bsc#982331: libmount: ignore redundant slashes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1630=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1630=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1630=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1630=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libuuid-devel-2.25-37.1 util-linux-debuginfo-2.25-37.1 util-linux-debugsource-2.25-37.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libblkid-devel-2.25-37.1 libmount-devel-2.25-37.1 libsmartcols-devel-2.25-37.1 libuuid-devel-2.25-37.1 util-linux-debuginfo-2.25-37.1 util-linux-debugsource-2.25-37.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libblkid1-2.25-37.1 libblkid1-debuginfo-2.25-37.1 libmount1-2.25-37.1 libmount1-debuginfo-2.25-37.1 libsmartcols1-2.25-37.1 libsmartcols1-debuginfo-2.25-37.1 libuuid1-2.25-37.1 libuuid1-debuginfo-2.25-37.1 python-libmount-2.25-37.1 python-libmount-debuginfo-2.25-37.1 python-libmount-debugsource-2.25-37.1 util-linux-2.25-37.1 util-linux-debuginfo-2.25-37.1 util-linux-debugsource-2.25-37.1 util-linux-systemd-2.25-37.1 util-linux-systemd-debuginfo-2.25-37.1 util-linux-systemd-debugsource-2.25-37.1 uuidd-2.25-37.1 uuidd-debuginfo-2.25-37.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libblkid1-32bit-2.25-37.1 libblkid1-debuginfo-32bit-2.25-37.1 libmount1-32bit-2.25-37.1 libmount1-debuginfo-32bit-2.25-37.1 libuuid1-32bit-2.25-37.1 libuuid1-debuginfo-32bit-2.25-37.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): util-linux-lang-2.25-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): util-linux-lang-2.25-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libblkid1-2.25-37.1 libblkid1-32bit-2.25-37.1 libblkid1-debuginfo-2.25-37.1 libblkid1-debuginfo-32bit-2.25-37.1 libmount1-2.25-37.1 libmount1-32bit-2.25-37.1 libmount1-debuginfo-2.25-37.1 libmount1-debuginfo-32bit-2.25-37.1 libsmartcols1-2.25-37.1 libsmartcols1-debuginfo-2.25-37.1 libuuid-devel-2.25-37.1 libuuid1-2.25-37.1 libuuid1-32bit-2.25-37.1 libuuid1-debuginfo-2.25-37.1 libuuid1-debuginfo-32bit-2.25-37.1 python-libmount-2.25-37.1 python-libmount-debuginfo-2.25-37.1 python-libmount-debugsource-2.25-37.1 util-linux-2.25-37.1 util-linux-debuginfo-2.25-37.1 util-linux-debugsource-2.25-37.1 util-linux-systemd-2.25-37.1 util-linux-systemd-debuginfo-2.25-37.1 util-linux-systemd-debugsource-2.25-37.1 uuidd-2.25-37.1 uuidd-debuginfo-2.25-37.1 References: https://www.suse.com/security/cve/CVE-2016-5011.html https://bugzilla.suse.com/947494 https://bugzilla.suse.com/966891 https://bugzilla.suse.com/978993 https://bugzilla.suse.com/982331 https://bugzilla.suse.com/983164 https://bugzilla.suse.com/987176 https://bugzilla.suse.com/988361 https://bugzilla.suse.com/994399 From sle-updates at lists.suse.com Wed Nov 9 14:09:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 22:09:35 +0100 (CET) Subject: SUSE-RU-2016:2765-1: Recommended update for netpbm Message-ID: <20161109210935.DB69EFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2765-1 Rating: low References: #1006639 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for netpbm fixes the following issues: - The xwdtopnm converter could generate corrupted images on 64 bit systems. (bsc#1006639) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-netpbm-12842=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-netpbm-12842=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netpbm-12842=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetpbm-devel-10.26.44-101.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libnetpbm-devel-32bit-10.26.44-101.11.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetpbm10-10.26.44-101.11.1 netpbm-10.26.44-101.11.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libnetpbm10-32bit-10.26.44-101.11.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libnetpbm10-x86-10.26.44-101.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): netpbm-debuginfo-10.26.44-101.11.1 netpbm-debugsource-10.26.44-101.11.1 References: https://bugzilla.suse.com/1006639 From sle-updates at lists.suse.com Wed Nov 9 14:10:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2016 22:10:02 +0100 (CET) Subject: SUSE-SU-2016:2766-1: important: Security update for php5 Message-ID: <20161109211002.A339CFFC3@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2766-1 Rating: important References: #1001900 #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php5 fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1629=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1629=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-83.1 php5-debugsource-5.5.14-83.1 php5-devel-5.5.14-83.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-83.1 apache2-mod_php5-debuginfo-5.5.14-83.1 php5-5.5.14-83.1 php5-bcmath-5.5.14-83.1 php5-bcmath-debuginfo-5.5.14-83.1 php5-bz2-5.5.14-83.1 php5-bz2-debuginfo-5.5.14-83.1 php5-calendar-5.5.14-83.1 php5-calendar-debuginfo-5.5.14-83.1 php5-ctype-5.5.14-83.1 php5-ctype-debuginfo-5.5.14-83.1 php5-curl-5.5.14-83.1 php5-curl-debuginfo-5.5.14-83.1 php5-dba-5.5.14-83.1 php5-dba-debuginfo-5.5.14-83.1 php5-debuginfo-5.5.14-83.1 php5-debugsource-5.5.14-83.1 php5-dom-5.5.14-83.1 php5-dom-debuginfo-5.5.14-83.1 php5-enchant-5.5.14-83.1 php5-enchant-debuginfo-5.5.14-83.1 php5-exif-5.5.14-83.1 php5-exif-debuginfo-5.5.14-83.1 php5-fastcgi-5.5.14-83.1 php5-fastcgi-debuginfo-5.5.14-83.1 php5-fileinfo-5.5.14-83.1 php5-fileinfo-debuginfo-5.5.14-83.1 php5-fpm-5.5.14-83.1 php5-fpm-debuginfo-5.5.14-83.1 php5-ftp-5.5.14-83.1 php5-ftp-debuginfo-5.5.14-83.1 php5-gd-5.5.14-83.1 php5-gd-debuginfo-5.5.14-83.1 php5-gettext-5.5.14-83.1 php5-gettext-debuginfo-5.5.14-83.1 php5-gmp-5.5.14-83.1 php5-gmp-debuginfo-5.5.14-83.1 php5-iconv-5.5.14-83.1 php5-iconv-debuginfo-5.5.14-83.1 php5-imap-5.5.14-83.1 php5-imap-debuginfo-5.5.14-83.1 php5-intl-5.5.14-83.1 php5-intl-debuginfo-5.5.14-83.1 php5-json-5.5.14-83.1 php5-json-debuginfo-5.5.14-83.1 php5-ldap-5.5.14-83.1 php5-ldap-debuginfo-5.5.14-83.1 php5-mbstring-5.5.14-83.1 php5-mbstring-debuginfo-5.5.14-83.1 php5-mcrypt-5.5.14-83.1 php5-mcrypt-debuginfo-5.5.14-83.1 php5-mysql-5.5.14-83.1 php5-mysql-debuginfo-5.5.14-83.1 php5-odbc-5.5.14-83.1 php5-odbc-debuginfo-5.5.14-83.1 php5-opcache-5.5.14-83.1 php5-opcache-debuginfo-5.5.14-83.1 php5-openssl-5.5.14-83.1 php5-openssl-debuginfo-5.5.14-83.1 php5-pcntl-5.5.14-83.1 php5-pcntl-debuginfo-5.5.14-83.1 php5-pdo-5.5.14-83.1 php5-pdo-debuginfo-5.5.14-83.1 php5-pgsql-5.5.14-83.1 php5-pgsql-debuginfo-5.5.14-83.1 php5-phar-5.5.14-83.1 php5-phar-debuginfo-5.5.14-83.1 php5-posix-5.5.14-83.1 php5-posix-debuginfo-5.5.14-83.1 php5-pspell-5.5.14-83.1 php5-pspell-debuginfo-5.5.14-83.1 php5-shmop-5.5.14-83.1 php5-shmop-debuginfo-5.5.14-83.1 php5-snmp-5.5.14-83.1 php5-snmp-debuginfo-5.5.14-83.1 php5-soap-5.5.14-83.1 php5-soap-debuginfo-5.5.14-83.1 php5-sockets-5.5.14-83.1 php5-sockets-debuginfo-5.5.14-83.1 php5-sqlite-5.5.14-83.1 php5-sqlite-debuginfo-5.5.14-83.1 php5-suhosin-5.5.14-83.1 php5-suhosin-debuginfo-5.5.14-83.1 php5-sysvmsg-5.5.14-83.1 php5-sysvmsg-debuginfo-5.5.14-83.1 php5-sysvsem-5.5.14-83.1 php5-sysvsem-debuginfo-5.5.14-83.1 php5-sysvshm-5.5.14-83.1 php5-sysvshm-debuginfo-5.5.14-83.1 php5-tokenizer-5.5.14-83.1 php5-tokenizer-debuginfo-5.5.14-83.1 php5-wddx-5.5.14-83.1 php5-wddx-debuginfo-5.5.14-83.1 php5-xmlreader-5.5.14-83.1 php5-xmlreader-debuginfo-5.5.14-83.1 php5-xmlrpc-5.5.14-83.1 php5-xmlrpc-debuginfo-5.5.14-83.1 php5-xmlwriter-5.5.14-83.1 php5-xmlwriter-debuginfo-5.5.14-83.1 php5-xsl-5.5.14-83.1 php5-xsl-debuginfo-5.5.14-83.1 php5-zip-5.5.14-83.1 php5-zip-debuginfo-5.5.14-83.1 php5-zlib-5.5.14-83.1 php5-zlib-debuginfo-5.5.14-83.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-83.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-7568.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1001900 https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 From sle-updates at lists.suse.com Thu Nov 10 07:07:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2016 15:07:04 +0100 (CET) Subject: SUSE-RU-2016:2767-1: Recommended update for pciutils Message-ID: <20161110140704.72AACFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2767-1 Rating: low References: #1001888 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes the following issues: - lspci(8) incorrectly tested bit 4, not bit 0, for "CRS Software Visibility" in the Root Capabilities register, so it showed "RootCap: CRSVisible-" even for devices that do support Software Visibility. This update fixes it to use the correct definition for PCI_EXP_RTCAP_CRSVIS. (bsc#1001888) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1634=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1634=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1634=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1634=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1634=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1634=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1634=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 pciutils-devel-3.2.1-7.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 pciutils-devel-3.2.1-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpci3-3.2.1-7.1 libpci3-debuginfo-3.2.1-7.1 pciutils-3.2.1-7.1 pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpci3-3.2.1-7.1 libpci3-debuginfo-3.2.1-7.1 pciutils-3.2.1-7.1 pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpci3-32bit-3.2.1-7.1 libpci3-debuginfo-32bit-3.2.1-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpci3-3.2.1-7.1 libpci3-debuginfo-3.2.1-7.1 pciutils-3.2.1-7.1 pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpci3-32bit-3.2.1-7.1 libpci3-debuginfo-32bit-3.2.1-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpci3-3.2.1-7.1 libpci3-32bit-3.2.1-7.1 libpci3-debuginfo-3.2.1-7.1 libpci3-debuginfo-32bit-3.2.1-7.1 pciutils-3.2.1-7.1 pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpci3-3.2.1-7.1 libpci3-32bit-3.2.1-7.1 libpci3-debuginfo-3.2.1-7.1 libpci3-debuginfo-32bit-3.2.1-7.1 pciutils-3.2.1-7.1 pciutils-debuginfo-3.2.1-7.1 pciutils-debugsource-3.2.1-7.1 References: https://bugzilla.suse.com/1001888 From sle-updates at lists.suse.com Thu Nov 10 09:19:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2016 17:19:57 +0100 (CET) Subject: SUSE-RU-2016:2771-1: Recommended update for salt-ceph and python-ceph-cfg Message-ID: <20161110161957.B8442FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt-ceph and python-ceph-cfg ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2771-1 Rating: low References: #983971 #988418 #993468 #993524 #994056 #994602 #994637 #997617 #998133 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update provides salt-ceph 0.2.0 and python-ceph-cfg 0.2.0 which brings many fixes and enhancements: salt-ceph: - Changed documentation to reflect new API. (bsc#998133) - Added osc_reweight method to allow easy draining of nodes. - Updated examples to include new mon_name parameter. (bsc#997617) - Added cephfs methods + cephfs_ls + cephfs_add (bsc#983971) + cephfs_del (bsc#994602) - Workaround salt import bug (bsc#993524) python-ceph-cfg: - Add new mon methods to allow life cycling mon roles. (bsc#994637) + mon_destroy + mon_list - API change for mon methods require mon_name argument. (bsc#994637) + mon_is + mon_status + mon_quorum + mon_active + mon_create - OSD reweight method. + Useful for remote rebalancing of the cluster. + Useful for gracefully decommissioning an OSD when set to 0 weight. - Added cephfs methods + cephfs_ls + cephfs_add (bsc#983971) + cephfs_del (bsc#994602) - Provide useful diagnostic message when called by salt fix exception in utils_which. (bsc#994056) - Avoid side effect of not being mon node. - Fix error message "section error" which was misleading. (bsc#993468) - Added missing reference for bsc#988418 to changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1636=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): python-ceph-cfg-0.2.1+git.1473421401.a6a2208-7.1 salt-ceph-0.2.0+git.1473426724.76ea89f-10.1 References: https://bugzilla.suse.com/983971 https://bugzilla.suse.com/988418 https://bugzilla.suse.com/993468 https://bugzilla.suse.com/993524 https://bugzilla.suse.com/994056 https://bugzilla.suse.com/994602 https://bugzilla.suse.com/994637 https://bugzilla.suse.com/997617 https://bugzilla.suse.com/998133 From sle-updates at lists.suse.com Thu Nov 10 13:06:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2016 21:06:54 +0100 (CET) Subject: SUSE-RU-2016:2773-1: Recommended update for timezone Message-ID: <20161110200654.0D159FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2773-1 Rating: low References: #1007725 #1007726 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest timezone information (2016i) for your system, including the following changes: - Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on 2017-01-15 at 03:00. (bsc#1007725) - Northern Cyprus is now +03 year round, causing a split in Cyprus time zones starting 2016-10-30 at 04:00. This creates a zone Asia/Famagusta. (bsc#1007726) - Antarctica/Casey switched from +08 to +11 on 2016-10-22. - Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not 2016-10-21 at 00:00. - Asia/Colombo now uses numeric time zone abbreviations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-timezone-12844=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-timezone-12844=1 - SUSE Manager 2.1: zypper in -t patch sleman21-timezone-12844=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-12844=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-12844=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-12844=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-timezone-12844=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-12844=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-12844=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-12844=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-timezone-12844=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): timezone-java-2016i-0.42.1 - SUSE OpenStack Cloud 5 (x86_64): timezone-2016i-0.42.1 - SUSE Manager Proxy 2.1 (noarch): timezone-java-2016i-0.42.1 - SUSE Manager Proxy 2.1 (x86_64): timezone-2016i-0.42.1 - SUSE Manager 2.1 (s390x x86_64): timezone-2016i-0.42.1 - SUSE Manager 2.1 (noarch): timezone-java-2016i-0.42.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2016i-0.42.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2016i-0.42.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2016i-0.42.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2016i-0.42.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2016i-0.42.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): timezone-2016i-0.42.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): timezone-java-2016i-0.42.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2016i-0.42.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2016i-0.42.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2016i-0.42.1 timezone-debugsource-2016i-0.42.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2016i-0.42.1 timezone-debugsource-2016i-0.42.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): timezone-debuginfo-2016i-0.42.1 timezone-debugsource-2016i-0.42.1 References: https://bugzilla.suse.com/1007725 https://bugzilla.suse.com/1007726 From sle-updates at lists.suse.com Thu Nov 10 13:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2016 21:07:45 +0100 (CET) Subject: SUSE-SU-2016:2775-1: moderate: Security update for jasper Message-ID: <20161110200745.5FFD2FFC1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2775-1 Rating: moderate References: #1005084 #1005090 #1005242 #1006591 #1006593 #1006597 #1006598 #1006599 #1006836 #1006839 #1007009 #392410 #941919 #942553 #961886 #963983 #968373 Cross-References: CVE-2008-3522 CVE-2014-8158 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839) For additional change description please have a look at the changelog. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1639=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1639=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1639=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1639=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1639=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1639=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1639=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper-devel-1.900.14-181.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper-devel-1.900.14-181.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper1-1.900.14-181.1 libjasper1-debuginfo-1.900.14-181.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper1-1.900.14-181.1 libjasper1-debuginfo-1.900.14-181.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libjasper1-32bit-1.900.14-181.1 libjasper1-debuginfo-32bit-1.900.14-181.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper1-1.900.14-181.1 libjasper1-debuginfo-1.900.14-181.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libjasper1-32bit-1.900.14-181.1 libjasper1-debuginfo-32bit-1.900.14-181.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper1-1.900.14-181.1 libjasper1-32bit-1.900.14-181.1 libjasper1-debuginfo-1.900.14-181.1 libjasper1-debuginfo-32bit-1.900.14-181.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): jasper-debuginfo-1.900.14-181.1 jasper-debugsource-1.900.14-181.1 libjasper1-1.900.14-181.1 libjasper1-32bit-1.900.14-181.1 libjasper1-debuginfo-1.900.14-181.1 libjasper1-debuginfo-32bit-1.900.14-181.1 References: https://www.suse.com/security/cve/CVE-2008-3522.html https://www.suse.com/security/cve/CVE-2014-8158.html https://www.suse.com/security/cve/CVE-2015-5203.html https://www.suse.com/security/cve/CVE-2015-5221.html https://www.suse.com/security/cve/CVE-2016-1577.html https://www.suse.com/security/cve/CVE-2016-1867.html https://www.suse.com/security/cve/CVE-2016-2089.html https://www.suse.com/security/cve/CVE-2016-2116.html https://www.suse.com/security/cve/CVE-2016-8690.html https://www.suse.com/security/cve/CVE-2016-8691.html https://www.suse.com/security/cve/CVE-2016-8692.html https://www.suse.com/security/cve/CVE-2016-8693.html https://www.suse.com/security/cve/CVE-2016-8880.html https://www.suse.com/security/cve/CVE-2016-8881.html https://www.suse.com/security/cve/CVE-2016-8882.html https://www.suse.com/security/cve/CVE-2016-8883.html https://www.suse.com/security/cve/CVE-2016-8884.html https://www.suse.com/security/cve/CVE-2016-8885.html https://www.suse.com/security/cve/CVE-2016-8886.html https://www.suse.com/security/cve/CVE-2016-8887.html https://bugzilla.suse.com/1005084 https://bugzilla.suse.com/1005090 https://bugzilla.suse.com/1005242 https://bugzilla.suse.com/1006591 https://bugzilla.suse.com/1006593 https://bugzilla.suse.com/1006597 https://bugzilla.suse.com/1006598 https://bugzilla.suse.com/1006599 https://bugzilla.suse.com/1006836 https://bugzilla.suse.com/1006839 https://bugzilla.suse.com/1007009 https://bugzilla.suse.com/392410 https://bugzilla.suse.com/941919 https://bugzilla.suse.com/942553 https://bugzilla.suse.com/961886 https://bugzilla.suse.com/963983 https://bugzilla.suse.com/968373 From sle-updates at lists.suse.com Thu Nov 10 13:10:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2016 21:10:29 +0100 (CET) Subject: SUSE-SU-2016:2776-1: moderate: Security update for jasper Message-ID: <20161110201029.E0419FFC1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2776-1 Rating: moderate References: #1005084 #1005090 #1005242 #1006591 #1006593 #1006597 #1006598 #1006599 #1006836 #1006839 #1007009 #392410 #941919 #942553 #961886 #963983 #968373 Cross-References: CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security fixes: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2016-1577, CVE-2016-2116: double free vulnerability in the jas_iccattrval_destroy function (bsc#968373) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: multiple integer overflows (bsc#392410) - bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-jasper-12846=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jasper-12846=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jasper-12846=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjasper-devel-1.900.14-134.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjasper-1.900.14-134.25.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libjasper-32bit-1.900.14-134.25.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libjasper-x86-1.900.14-134.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): jasper-debuginfo-1.900.14-134.25.1 jasper-debugsource-1.900.14-134.25.1 References: https://www.suse.com/security/cve/CVE-2008-3522.html https://www.suse.com/security/cve/CVE-2015-5203.html https://www.suse.com/security/cve/CVE-2015-5221.html https://www.suse.com/security/cve/CVE-2016-1577.html https://www.suse.com/security/cve/CVE-2016-1867.html https://www.suse.com/security/cve/CVE-2016-2089.html https://www.suse.com/security/cve/CVE-2016-2116.html https://www.suse.com/security/cve/CVE-2016-8690.html https://www.suse.com/security/cve/CVE-2016-8691.html https://www.suse.com/security/cve/CVE-2016-8692.html https://www.suse.com/security/cve/CVE-2016-8693.html https://www.suse.com/security/cve/CVE-2016-8880.html https://www.suse.com/security/cve/CVE-2016-8881.html https://www.suse.com/security/cve/CVE-2016-8882.html https://www.suse.com/security/cve/CVE-2016-8883.html https://www.suse.com/security/cve/CVE-2016-8884.html https://www.suse.com/security/cve/CVE-2016-8885.html https://www.suse.com/security/cve/CVE-2016-8886.html https://www.suse.com/security/cve/CVE-2016-8887.html https://bugzilla.suse.com/1005084 https://bugzilla.suse.com/1005090 https://bugzilla.suse.com/1005242 https://bugzilla.suse.com/1006591 https://bugzilla.suse.com/1006593 https://bugzilla.suse.com/1006597 https://bugzilla.suse.com/1006598 https://bugzilla.suse.com/1006599 https://bugzilla.suse.com/1006836 https://bugzilla.suse.com/1006839 https://bugzilla.suse.com/1007009 https://bugzilla.suse.com/392410 https://bugzilla.suse.com/941919 https://bugzilla.suse.com/942553 https://bugzilla.suse.com/961886 https://bugzilla.suse.com/963983 https://bugzilla.suse.com/968373 From sle-updates at lists.suse.com Thu Nov 10 15:06:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2016 23:06:59 +0100 (CET) Subject: SUSE-RU-2016:2777-1: moderate: Recommended update for sg3_utils Message-ID: <20161110220659.970FEFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2777-1 Rating: moderate References: #1006469 #958369 #979436 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sg3_utils provides the following fixes: - Adjust 55-scsi-sg3_id.rules to correctly handle VPD page 0x80. This issue could prevent some IBM Power systems from booting after installation. (bsc#1006469) - Fix 55-scsi_sg3_id.rules to skip sg_inq on recent kernels. (bsc#979436) - In some circumstances, the rescan-scsi-bus.sh script failed to identify new LUNs that have been added to the server. (bsc#958369) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1641=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1641=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1641=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1641=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.43-12.1 sg3_utils-debuginfo-1.43-12.1 sg3_utils-debugsource-1.43-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsgutils2-2-1.43-12.1 libsgutils2-2-debuginfo-1.43-12.1 sg3_utils-1.43-12.1 sg3_utils-debuginfo-1.43-12.1 sg3_utils-debugsource-1.43-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsgutils2-2-1.43-12.1 libsgutils2-2-debuginfo-1.43-12.1 sg3_utils-1.43-12.1 sg3_utils-debuginfo-1.43-12.1 sg3_utils-debugsource-1.43-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsgutils2-2-1.43-12.1 libsgutils2-2-debuginfo-1.43-12.1 sg3_utils-1.43-12.1 sg3_utils-debuginfo-1.43-12.1 sg3_utils-debugsource-1.43-12.1 References: https://bugzilla.suse.com/1006469 https://bugzilla.suse.com/958369 https://bugzilla.suse.com/979436 From sle-updates at lists.suse.com Fri Nov 11 09:06:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2016 17:06:42 +0100 (CET) Subject: SUSE-SU-2016:2778-1: important: Security update for flash-player Message-ID: <20161111160642.1DCC2FFBF@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2778-1 Rating: important References: #1009217 Cross-References: CVE-2016-7857 CVE-2016-7858 CVE-2016-7859 CVE-2016-7860 CVE-2016-7861 CVE-2016-7862 CVE-2016-7863 CVE-2016-7864 CVE-2016-7865 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update to Adobe Flash Player 11.2.202.644 fixes the following security issues: - type confusion vulnerabilities that could lead to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865) - use-after-free vulnerabilities that could lead to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1643=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1643=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.644-149.1 flash-player-gnome-11.2.202.644-149.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.644-149.1 flash-player-gnome-11.2.202.644-149.1 References: https://www.suse.com/security/cve/CVE-2016-7857.html https://www.suse.com/security/cve/CVE-2016-7858.html https://www.suse.com/security/cve/CVE-2016-7859.html https://www.suse.com/security/cve/CVE-2016-7860.html https://www.suse.com/security/cve/CVE-2016-7861.html https://www.suse.com/security/cve/CVE-2016-7862.html https://www.suse.com/security/cve/CVE-2016-7863.html https://www.suse.com/security/cve/CVE-2016-7864.html https://www.suse.com/security/cve/CVE-2016-7865.html https://bugzilla.suse.com/1009217 From sle-updates at lists.suse.com Fri Nov 11 12:06:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2016 20:06:33 +0100 (CET) Subject: SUSE-RU-2016:2779-1: Recommended update for vsftpd Message-ID: <20161111190633.2EF3EFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2779-1 Rating: low References: #996370 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vsftpd provides the following fixes: - Fix a bug where files uploaded by an anonymous user could not have its owner changed to the desired UID as specified in the daemon's configuration file (bsc#996370) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1644=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1644=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1644=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): vsftpd-3.0.2-34.1 vsftpd-debuginfo-3.0.2-34.1 vsftpd-debugsource-3.0.2-34.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): vsftpd-3.0.2-34.1 vsftpd-debuginfo-3.0.2-34.1 vsftpd-debugsource-3.0.2-34.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): vsftpd-3.0.2-34.1 vsftpd-debuginfo-3.0.2-34.1 vsftpd-debugsource-3.0.2-34.1 References: https://bugzilla.suse.com/996370 From sle-updates at lists.suse.com Sat Nov 12 00:06:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2016 08:06:43 +0100 (CET) Subject: SUSE-SU-2016:2780-1: important: Security update for mysql Message-ID: <20161112070643.3DBA4FFBF@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2780-1 Rating: important References: #1005558 #1005580 #1005581 Cross-References: CVE-2016-5584 CVE-2016-6662 CVE-2016-7440 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This mysql version update to 5.5.53 fixes the following issues: - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12847=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12847=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12847=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.53-0.30.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.53-0.30.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.53-0.30.1 libmysql55client_r18-5.5.53-0.30.1 mysql-5.5.53-0.30.1 mysql-client-5.5.53-0.30.1 mysql-tools-5.5.53-0.30.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.53-0.30.1 libmysql55client_r18-32bit-5.5.53-0.30.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.53-0.30.1 libmysql55client_r18-x86-5.5.53-0.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.53-0.30.1 mysql-debugsource-5.5.53-0.30.1 References: https://www.suse.com/security/cve/CVE-2016-5584.html https://www.suse.com/security/cve/CVE-2016-6662.html https://www.suse.com/security/cve/CVE-2016-7440.html https://bugzilla.suse.com/1005558 https://bugzilla.suse.com/1005580 https://bugzilla.suse.com/1005581 From sle-updates at lists.suse.com Sat Nov 12 00:07:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2016 08:07:29 +0100 (CET) Subject: SUSE-SU-2016:2781-1: moderate: Security update for qemu Message-ID: <20161112070729.768D5FFC1@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2781-1 Rating: moderate References: #893323 #944697 #967012 #967013 #982017 #982018 #982019 #982222 #982223 #982285 #982959 #983961 #983982 #991080 #991466 #994760 #994771 #994774 #996441 #997858 #997859 Cross-References: CVE-2014-5388 CVE-2015-6815 CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: qemu was updated to fix 21 security issues. These security issues were fixed: - CVE-2014-5388: Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allowed local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption (bsc#893323). - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. (bsc#944697). - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013). - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012). - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223). - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222). - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017). - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018). - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959). - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982). - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080). - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466). - CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (bsc#994774). - CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (bsc#994760). - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994771). - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441). - CVE-2016-7155: In the VMWARE PVSCSI paravirtual SCSI bus a OOB access and/or infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997858). - CVE-2016-7156: In the VMWARE PVSCSI paravirtual SCSI bus a infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997859). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1646=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1646=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): qemu-ipxe-1.0.0-48.22.1 qemu-seabios-1.7.4-48.22.1 qemu-sgabios-8-48.22.1 qemu-vgabios-1.7.4-48.22.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): qemu-2.0.2-48.22.1 qemu-block-curl-2.0.2-48.22.1 qemu-block-curl-debuginfo-2.0.2-48.22.1 qemu-block-rbd-2.0.2-48.22.1 qemu-block-rbd-debuginfo-2.0.2-48.22.1 qemu-debugsource-2.0.2-48.22.1 qemu-guest-agent-2.0.2-48.22.1 qemu-guest-agent-debuginfo-2.0.2-48.22.1 qemu-kvm-2.0.2-48.22.1 qemu-lang-2.0.2-48.22.1 qemu-tools-2.0.2-48.22.1 qemu-tools-debuginfo-2.0.2-48.22.1 qemu-x86-2.0.2-48.22.1 qemu-x86-debuginfo-2.0.2-48.22.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.22.1 qemu-block-curl-2.0.2-48.22.1 qemu-block-curl-debuginfo-2.0.2-48.22.1 qemu-debugsource-2.0.2-48.22.1 qemu-guest-agent-2.0.2-48.22.1 qemu-guest-agent-debuginfo-2.0.2-48.22.1 qemu-lang-2.0.2-48.22.1 qemu-tools-2.0.2-48.22.1 qemu-tools-debuginfo-2.0.2-48.22.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.22.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.22.1 qemu-ppc-debuginfo-2.0.2-48.22.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.22.1 qemu-seabios-1.7.4-48.22.1 qemu-sgabios-8-48.22.1 qemu-vgabios-1.7.4-48.22.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.22.1 qemu-block-rbd-debuginfo-2.0.2-48.22.1 qemu-x86-2.0.2-48.22.1 qemu-x86-debuginfo-2.0.2-48.22.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.22.1 qemu-s390-debuginfo-2.0.2-48.22.1 References: https://www.suse.com/security/cve/CVE-2014-5388.html https://www.suse.com/security/cve/CVE-2015-6815.html https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2392.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6490.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7116.html https://www.suse.com/security/cve/CVE-2016-7155.html https://www.suse.com/security/cve/CVE-2016-7156.html https://bugzilla.suse.com/893323 https://bugzilla.suse.com/944697 https://bugzilla.suse.com/967012 https://bugzilla.suse.com/967013 https://bugzilla.suse.com/982017 https://bugzilla.suse.com/982018 https://bugzilla.suse.com/982019 https://bugzilla.suse.com/982222 https://bugzilla.suse.com/982223 https://bugzilla.suse.com/982285 https://bugzilla.suse.com/982959 https://bugzilla.suse.com/983961 https://bugzilla.suse.com/983982 https://bugzilla.suse.com/991080 https://bugzilla.suse.com/991466 https://bugzilla.suse.com/994760 https://bugzilla.suse.com/994771 https://bugzilla.suse.com/994774 https://bugzilla.suse.com/996441 https://bugzilla.suse.com/997858 https://bugzilla.suse.com/997859 From sle-updates at lists.suse.com Mon Nov 14 07:06:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2016 15:06:52 +0100 (CET) Subject: SUSE-RU-2016:2790-1: Recommended update for openstack-nova Message-ID: <20161114140652.98151FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2790-1 Rating: low References: #958966 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-nova fixes the following issues: - Bump rpm package version to 2014.2.4.juno to avoid downgrade. - Fix failure when attaching volume to iso instance using libvirt. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-1649=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-nova-2014.2.4.juno-17.4 openstack-nova-compute-2014.2.4.juno-17.4 python-nova-2014.2.4.juno-17.4 References: https://bugzilla.suse.com/958966 From sle-updates at lists.suse.com Tue Nov 15 09:07:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2016 17:07:36 +0100 (CET) Subject: SUSE-RU-2016:2794-1: Recommended update for syslog-ng Message-ID: <20161115160736.6A38BFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for syslog-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2794-1 Rating: low References: #1009514 #987207 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: Syslog-NG was updated to version 3.6.4, which brings several fixes and enhancements: - The new systemd-syslog() source replaces the former implicit support for the same functionality. Users who use systemd are advised to use either the system() source, or this new one when they want to receive logs from systemd via the /run/systemd/journal/syslog socket. - The new source driver systemd-journal() reads from the Journal directly, not via the syslog forwarding socket. The system() source defaults to using this source when systemd is detected. - Fix systemd support on platforms which have systemd older than version 209. - Fix AMQP segmentation fault right after starting on some platforms. - Fix inaccurate time stamps for messages read from /dev/kmsg. - Add DOS/Windows line ending support in configuration files. - Fix issue that prevented all plugins from being loaded by default. - Fix potential crash during stop phase when user wanted syslog-ng to stop immediately after start. - Fix memory leak around reload and internal queuing mechanism. - Add support for the monolithic libsystemd library from systemd 209. For a comprehensive list of changes please refer to the Release Notes document: https://github.com/balabit/syslog-ng/blob/syslog-ng-3.6.4/NEWS.md Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1650=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libevtlog-debugsource-0.2.12-14.1 libevtlog0-0.2.12-14.1 libevtlog0-debuginfo-0.2.12-14.1 syslog-ng-3.6.4-8.1 syslog-ng-debuginfo-3.6.4-8.1 syslog-ng-debugsource-3.6.4-8.1 References: https://bugzilla.suse.com/1009514 https://bugzilla.suse.com/987207 From sle-updates at lists.suse.com Tue Nov 15 10:10:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2016 18:10:14 +0100 (CET) Subject: SUSE-RU-2016:2797-1: Recommended update for hwinfo Message-ID: <20161115171014.6EA57FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2797-1 Rating: low References: #1005428 #1006818 #970111 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for hwinfo fixes the following issues: - Update PCI and USB IDs. (bsc#1006818) - Implement nvdimm support. (bsc#970111) - Fix detection of usb controllers on aarch64 systems. (bsc#1005428) - Update script to parse USB ID list correctly. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1651=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1651=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1651=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1651=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): hwinfo-debuginfo-21.34-13.1 hwinfo-debugsource-21.34-13.1 hwinfo-devel-21.34-13.1 hwinfo-devel-debuginfo-21.34-13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): hwinfo-21.34-13.1 hwinfo-debuginfo-21.34-13.1 hwinfo-debugsource-21.34-13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): hwinfo-21.34-13.1 hwinfo-debuginfo-21.34-13.1 hwinfo-debugsource-21.34-13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): hwinfo-21.34-13.1 hwinfo-debuginfo-21.34-13.1 hwinfo-debugsource-21.34-13.1 References: https://bugzilla.suse.com/1005428 https://bugzilla.suse.com/1006818 https://bugzilla.suse.com/970111 From sle-updates at lists.suse.com Tue Nov 15 11:07:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2016 19:07:32 +0100 (CET) Subject: SUSE-RU-2016:2808-1: Recommended update for hawk2 Message-ID: <20161115180732.AAF84FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2808-1 Rating: low References: #991602 #997041 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hawk2 fixes the following issues: - UI: Fix incorrect overflows on panels (bsc#991602) - Remove use of external fonts in Hawk UI (bsc#997041) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1652=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): hawk2-1.0.1+git.1456406635.49e230d-15.4 hawk2-debuginfo-1.0.1+git.1456406635.49e230d-15.4 hawk2-debugsource-1.0.1+git.1456406635.49e230d-15.4 References: https://bugzilla.suse.com/991602 https://bugzilla.suse.com/997041 From sle-updates at lists.suse.com Tue Nov 15 14:06:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2016 22:06:58 +0100 (CET) Subject: SUSE-SU-2016:2809-1: moderate: Recommended update for ceph Message-ID: <20161115210658.A9300FFBE@maintenance.suse.de> SUSE Security Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2809-1 Rating: moderate References: #1005954 #982141 #985232 #987144 #987594 #989512 #990438 #999688 Cross-References: CVE-2016-5009 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update provides Ceph 10.2.3, which includes important bug fixes in RBD mirroring, RGW multi-site, CephFS, and RADOS. Build/OPS: - AArch64: Detect crc32 extension support from assembler. (bsc#999688) - Drop legacy ceph RA which doesn't work with systemd unit files. - The mount.ceph binary, which is used to mount CephFS pools, was moved to the ceph-common package so it can be run from any client. - Accept bcache devices as data disks and fix partprobe intermittent issues during ceph-disk prepare. CephFS: - Several bug fixes for improved stability. RBD: - A number of fixes for RBD mirroring. - Several bug fixes for improved stability. RADOS: - CVE-2016-5009: moncommand with empty prefix crashes monitor. (bsc#987144) - Backports of many asyncmsgr fixes to jewel. - Several bug fixes for improved OSD stability. - Fix for a C++ symbol visibility issue in librados. RGW: - Fixes for number of issues related to syncing between remote sites. - A number of other bug fixes, including fixes for: + IPv6 + HTTPS/port 443 (bsc#990438) + radosgw-admin + Swift API + AWS4 API For a full list of issues fixed in this release, see: http://docs.ceph.com/docs/master/release-notes/#v10-2-3-jewel Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1653=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64 x86_64): ceph-10.2.3+git.1475228057.755cf99-7.3 ceph-base-10.2.3+git.1475228057.755cf99-7.3 ceph-base-debuginfo-10.2.3+git.1475228057.755cf99-7.3 ceph-common-10.2.3+git.1475228057.755cf99-7.3 ceph-common-debuginfo-10.2.3+git.1475228057.755cf99-7.3 ceph-debugsource-10.2.3+git.1475228057.755cf99-7.3 ceph-fuse-10.2.3+git.1475228057.755cf99-7.3 ceph-fuse-debuginfo-10.2.3+git.1475228057.755cf99-7.3 ceph-mds-10.2.3+git.1475228057.755cf99-7.3 ceph-mds-debuginfo-10.2.3+git.1475228057.755cf99-7.3 ceph-mon-10.2.3+git.1475228057.755cf99-7.3 ceph-mon-debuginfo-10.2.3+git.1475228057.755cf99-7.3 ceph-osd-10.2.3+git.1475228057.755cf99-7.3 ceph-osd-debuginfo-10.2.3+git.1475228057.755cf99-7.3 ceph-radosgw-10.2.3+git.1475228057.755cf99-7.3 ceph-radosgw-debuginfo-10.2.3+git.1475228057.755cf99-7.3 libcephfs1-10.2.3+git.1475228057.755cf99-7.3 libcephfs1-debuginfo-10.2.3+git.1475228057.755cf99-7.3 librados2-10.2.3+git.1475228057.755cf99-7.3 librados2-debuginfo-10.2.3+git.1475228057.755cf99-7.3 libradosstriper1-10.2.3+git.1475228057.755cf99-7.3 libradosstriper1-debuginfo-10.2.3+git.1475228057.755cf99-7.3 librbd1-10.2.3+git.1475228057.755cf99-7.3 librbd1-debuginfo-10.2.3+git.1475228057.755cf99-7.3 librgw2-10.2.3+git.1475228057.755cf99-7.3 librgw2-debuginfo-10.2.3+git.1475228057.755cf99-7.3 python-ceph-compat-10.2.3+git.1475228057.755cf99-7.3 python-cephfs-10.2.3+git.1475228057.755cf99-7.3 python-cephfs-debuginfo-10.2.3+git.1475228057.755cf99-7.3 python-rados-10.2.3+git.1475228057.755cf99-7.3 python-rados-debuginfo-10.2.3+git.1475228057.755cf99-7.3 python-rbd-10.2.3+git.1475228057.755cf99-7.3 python-rbd-debuginfo-10.2.3+git.1475228057.755cf99-7.3 rbd-fuse-10.2.3+git.1475228057.755cf99-7.3 rbd-fuse-debuginfo-10.2.3+git.1475228057.755cf99-7.3 rbd-mirror-10.2.3+git.1475228057.755cf99-7.3 rbd-mirror-debuginfo-10.2.3+git.1475228057.755cf99-7.3 rbd-nbd-10.2.3+git.1475228057.755cf99-7.3 rbd-nbd-debuginfo-10.2.3+git.1475228057.755cf99-7.3 References: https://www.suse.com/security/cve/CVE-2016-5009.html https://bugzilla.suse.com/1005954 https://bugzilla.suse.com/982141 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/987144 https://bugzilla.suse.com/987594 https://bugzilla.suse.com/989512 https://bugzilla.suse.com/990438 https://bugzilla.suse.com/999688 From sle-updates at lists.suse.com Tue Nov 15 14:08:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2016 22:08:39 +0100 (CET) Subject: SUSE-RU-2016:2810-1: moderate: Recommended update for pcsc-ccid Message-ID: <20161115210839.BE295FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcsc-ccid ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2810-1 Rating: moderate References: #941721 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides pcsc-ccid 1.4.25, which brings several fixes and enhancements: - Add support for new devices: - Access IS NFC Smart Module - ACS ACR1251 and ACR1252 Dual Reader - ACS ACR3901U ICC Reader - AK910 CKey - Aktiv Rutoken PINPad 2 - Aladdin R.D. JaCarta (Flash, LT, U2F) - Aladdin R.D. JCR-770 and JC-WebPass - Alcor Micro AU9560 - appidkey GmbH ID100-USB SC Reader - appidkey GmbH ID50-USB - Athena ASEDrive IIIe Combo Bio PIV - Athena ASEDrive IIIe KB Bio PIV - BIFIT iToken - BLUTRONICS BLUDRIVE II CCID - Broadcom Corp 5880 - CASTLES EZCCID Smart Card Reader - Cherry Cherry TC 1100 - Cherry KC 1000 SC, SC/DI, SC/DI Z, SC Z - Cherry Smartcard Keyboard G87-1xx44 - Cherry Smart Card Reader USB - Cherry SmartTerminal XX44 - Cherry TC 1300 - Chicony HP USB Smartcard CCID Keyboard JP, KR - Chicony USB Smart Card Keyboard - Crypto Stick Crypto Stick v1.4 - DUALi DRAGON NFC READER - eID_R6 001 X8 - Elatec TWN4 SmartCard NFC - ESMART Token GOST X2 ET1020-A - Feitian 502-CL, bR301, bR301 BLE, bR500, eJAVA Token, iR301, R502 - Feitian VR504 VHBR Contactless & Contact Card Reader - Free Software Initiative of Japan Gnuk Token - FT ePass2003Auto - FujitsuTechnologySolutions GmbH Keyboard KB100 SCR, KB100 SCR eSIG, KB SCR2 - Gemalto CR30 reader in serial communication - Gemalto CT1100, Ezio Shield Pro SC, K1100, K50 - Generic MultiCard Device - Generic USB Smart Card Reader - German Privacy Foundation Crypto Stick v2.0 - Giesecke & Devrient GmbH StarSign CUT S - Hewlett-Packard HP lt4112 Gobi 4G Module - Hewlett Packard USB Smartcard CCID Keyboard - HID AVIATOR Generic - HID Global OMNIKEY Smart Card Reader - HID Global veriCLASS Reader - HID OMNIKEY 5025-CL - Hitachi, Ltd. Hitachi Biometric Reader, Portable Biometric Reader - Identiv CLOUD 2980 F Smart Card Reader - Identive Identive CLOUD 4000 F DTC - Identive SCT3522CC token - Identive Technologies Multi-ISO HF Reader - USB - Identiv Identiv uTrust 4701 F Dual Interface Reader - Identiv @MAXX ID-1 Smart Card Reader - Identiv @MAXX Light2 token - Identiv SCR3500 A and B Contact Reader - Identiv SCR35xx USB Smart Card Reader - Identiv uTrust 2900 R and 2910 R Smart Card Reader - Identiv uTrust 2910 R Taglio SC Reader - Identiv uTrust 3512 SAM slot Token - Identiv uTrust 3522 embd SE RFID Token - Identiv uTrust 3700 and 3701 F CL Reader - IID AT90S064 CCID READER - IIT E.Key Almaz-1C - INSIDE Secure VaultIC 405, 441 Smart Object - IonIDe Smartcard Reader reader - KACST HSID Reader, Single and Dual Storage - Lenovo Lenovo USB Smartcard Keyboard - Liteon HP SC Keyboard - Apollo JP, KR (Liteon) - Microchip SEC1110, SEC1210 - Nitrokey Nitrokey HSM, Pro, Start, Storage - NXP Pegoda 2 N - OMNIKEY 5421, AG 3121 USB, AG 6121 USB mobile - PIVKey T800 - REINER SCT tanJack Bluetooth - Rocketek RT-SCR1 - SafeNet eToken 5100, 7300 - Thursby Software Systems, Inc. TSS-PK7, TSS-PK8, TSS-PK1 - udea MILKO V1. - VASCO DIGIPASS 875 - WatchCNPC USB CCID Key - Watchdata USB Key, W5181 - Yubico Yubikey 4 CCID, OTP+CCID, OTP+U2F+CCID, U2F+CCID - Yubico Yubikey NEO OTP+U2F+CCID, U2F+CCID - Remove suport for: - Broadcom Corp 5880 (idProducts: 0x5800, 0x5805) - KEBTechnology KONA USB SmartCard - VMware Virtual USB CCID - Crypto Stick Crypto Stick v1.4 - Free Software Initiative of Japan Gnuk Token - Better support for Elatec TWN4 SmartCard NFC - Better support for SCM SCL011 - Fix crash with GemCore Pos Pro and GemCore Sim Pro. - Fix SCARD_ATTR_VENDOR_IFD_SERIAL_NO attribute size - Fix a race condition on card events with multiple readers - Fix a busy loop consuming 100% of CPU for some composite USB devices - Log libusb error name instead of decimal value - Patch for Cherry KC 1000 SC (problem was with a T=1 card and case 2 APDU) - Fix support of FEATURE_MCT_READER_DIRECT for the Kobil mIDentity visual reader - Set timeout to 90 sec for PPDU (Pseudo APDU) commands. - Fix a crash when reader reader initialization failed - Display a human readable version of the error code returned by libusb - The O2 Micro Oz776 reader only supports 9600 bps - Fix a memory leak in an error path - Fix support of Omnikey CardMan 3121 - Fix support for O2 Micro Oz776. The reader is limited to 9600 bps - Add support for DRIVER_OPTION_DISABLE_PIN_RETRIES - Add support of WTX received before SW during Secure Pin Entry Verify. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1654=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1654=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1654=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1654=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1654=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): pcsc-ccid-1.4.25-4.1 pcsc-ccid-debuginfo-1.4.25-4.1 pcsc-ccid-debugsource-1.4.25-4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): pcsc-ccid-1.4.25-4.1 pcsc-ccid-debuginfo-1.4.25-4.1 pcsc-ccid-debugsource-1.4.25-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): pcsc-ccid-1.4.25-4.1 pcsc-ccid-debuginfo-1.4.25-4.1 pcsc-ccid-debugsource-1.4.25-4.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): pcsc-ccid-1.4.25-4.1 pcsc-ccid-debuginfo-1.4.25-4.1 pcsc-ccid-debugsource-1.4.25-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): pcsc-ccid-1.4.25-4.1 pcsc-ccid-debuginfo-1.4.25-4.1 pcsc-ccid-debugsource-1.4.25-4.1 References: https://bugzilla.suse.com/941721 From sle-updates at lists.suse.com Wed Nov 16 08:06:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2016 16:06:46 +0100 (CET) Subject: SUSE-RU-2016:2814-1: Recommended update for parted Message-ID: <20161116150646.19EB9FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2814-1 Rating: low References: #1001967 #964012 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for parted provides the following fixes: - Don't warn if the HDIO_GET_IDENTITY ioctl isn't supported. (bsc#964012, bsc#1001967) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1655=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1655=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1655=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1655=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libparted0-32bit-3.1-19.3.1 libparted0-debuginfo-32bit-3.1-19.3.1 parted-debugsource-3.1-19.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): parted-debuginfo-3.1-19.3.1 parted-debugsource-3.1-19.3.1 parted-devel-3.1-19.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libparted0-3.1-19.3.1 libparted0-debuginfo-3.1-19.3.1 parted-3.1-19.3.1 parted-debuginfo-3.1-19.3.1 parted-debugsource-3.1-19.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libparted0-3.1-19.3.1 libparted0-32bit-3.1-19.3.1 libparted0-debuginfo-3.1-19.3.1 libparted0-debuginfo-32bit-3.1-19.3.1 parted-3.1-19.3.1 parted-debuginfo-3.1-19.3.1 parted-debugsource-3.1-19.3.1 References: https://bugzilla.suse.com/1001967 https://bugzilla.suse.com/964012 From sle-updates at lists.suse.com Wed Nov 16 09:06:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2016 17:06:53 +0100 (CET) Subject: SUSE-RU-2016:2815-1: Recommended update for parted Message-ID: <20161116160653.A7C1FFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2815-1 Rating: low References: #1001967 #964012 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for parted provides the following fixes: - Don't warn if the HDIO_GET_IDENTITY ioctl isn't supported. (bsc#964012, bsc#1001967) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1656=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1656=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1656=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1656=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1656=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): parted-lang-3.1-28.2 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libparted0-32bit-3.1-28.2 libparted0-debuginfo-32bit-3.1-28.2 parted-debugsource-3.1-28.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): parted-debuginfo-3.1-28.2 parted-debugsource-3.1-28.2 parted-devel-3.1-28.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libparted0-3.1-28.2 libparted0-debuginfo-3.1-28.2 parted-3.1-28.2 parted-debuginfo-3.1-28.2 parted-debugsource-3.1-28.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libparted0-3.1-28.2 libparted0-debuginfo-3.1-28.2 parted-3.1-28.2 parted-debuginfo-3.1-28.2 parted-debugsource-3.1-28.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libparted0-3.1-28.2 libparted0-32bit-3.1-28.2 libparted0-debuginfo-3.1-28.2 libparted0-debuginfo-32bit-3.1-28.2 parted-3.1-28.2 parted-debuginfo-3.1-28.2 parted-debugsource-3.1-28.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): parted-lang-3.1-28.2 References: https://bugzilla.suse.com/1001967 https://bugzilla.suse.com/964012 From sle-updates at lists.suse.com Wed Nov 16 12:06:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2016 20:06:47 +0100 (CET) Subject: SUSE-RU-2016:2816-1: moderate: Recommended update for libreoffice Message-ID: <20161116190648.03945FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2816-1 Rating: moderate References: #1003896 #1006201 #1008743 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: LibreOffice was updated to version 5.2.3.3, bringing new features, enhancements and bug fixes. Writer: - New drawing tools were added, including Filled Curve/Polygon/Freeform Line. - New button added to standard toolbar for showing/hiding track changes toolbar. - The Curve button became a split button with a toolbox including 5 new drawing tools. - A new "Single Toolbar Mode" has been added. - The Bookmark dialog window has been redesigned. Calc: - New spreadsheet functions: RAWSUBTRACT, FORECAST.ETS, CONCAT, TEXTJOIN, IFS, SWITCH, MINIFS, MAXIFS. - Support wildcards to be compatible with XLS/XLSX and with ODF 1.2. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.2 Several libraries used by LibreOffice have been updated for compatibility reasons or to fix minor issues: - libcdr (updated from version 0.1.1 to 0.1.3) - libixion (updated from version 0.11.0 to 0.11.1) - liblangtag (updated from version 0.5.7 to 0.6.1) - libmwaw (updated from version 0.3.6 to 0.3.8) - liborcus (updated from version 0.11.0 to 0.11.2) - libpagemaker (updated from version 0.0.2 to 0.0.3) - libwps (updated from version 0.4.2 to 0.4.4) - mdds (updated from version 1.1.0 to 1.2.2) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1658=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1658=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1658=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1658=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1658=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1658=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-32.2 libreoffice-icon-theme-tango-5.2.3.3-32.2 libreoffice-l10n-af-5.2.3.3-32.2 libreoffice-l10n-ar-5.2.3.3-32.2 libreoffice-l10n-bg-5.2.3.3-32.2 libreoffice-l10n-ca-5.2.3.3-32.2 libreoffice-l10n-cs-5.2.3.3-32.2 libreoffice-l10n-da-5.2.3.3-32.2 libreoffice-l10n-de-5.2.3.3-32.2 libreoffice-l10n-en-5.2.3.3-32.2 libreoffice-l10n-es-5.2.3.3-32.2 libreoffice-l10n-fi-5.2.3.3-32.2 libreoffice-l10n-fr-5.2.3.3-32.2 libreoffice-l10n-gu-5.2.3.3-32.2 libreoffice-l10n-hi-5.2.3.3-32.2 libreoffice-l10n-hr-5.2.3.3-32.2 libreoffice-l10n-hu-5.2.3.3-32.2 libreoffice-l10n-it-5.2.3.3-32.2 libreoffice-l10n-ja-5.2.3.3-32.2 libreoffice-l10n-ko-5.2.3.3-32.2 libreoffice-l10n-lt-5.2.3.3-32.2 libreoffice-l10n-nb-5.2.3.3-32.2 libreoffice-l10n-nl-5.2.3.3-32.2 libreoffice-l10n-nn-5.2.3.3-32.2 libreoffice-l10n-pl-5.2.3.3-32.2 libreoffice-l10n-pt_BR-5.2.3.3-32.2 libreoffice-l10n-pt_PT-5.2.3.3-32.2 libreoffice-l10n-ro-5.2.3.3-32.2 libreoffice-l10n-ru-5.2.3.3-32.2 libreoffice-l10n-sk-5.2.3.3-32.2 libreoffice-l10n-sv-5.2.3.3-32.2 libreoffice-l10n-uk-5.2.3.3-32.2 libreoffice-l10n-xh-5.2.3.3-32.2 libreoffice-l10n-zh_CN-5.2.3.3-32.2 libreoffice-l10n-zh_TW-5.2.3.3-32.2 libreoffice-l10n-zu-5.2.3.3-32.2 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libcdr-0_1-1-0.1.3-8.2 libcdr-0_1-1-debuginfo-0.1.3-8.2 libcdr-debugsource-0.1.3-8.2 libe-book-0_1-1-0.1.2-7.2 libe-book-0_1-1-debuginfo-0.1.2-7.2 libe-book-debugsource-0.1.2-7.2 libixion-0_11-0-0.11.1-9.2 libixion-0_11-0-debuginfo-0.11.1-9.2 libixion-debugsource-0.11.1-9.2 liblangtag-debugsource-0.6.1-6.2 liblangtag1-0.6.1-6.2 liblangtag1-debuginfo-0.6.1-6.2 libmspub-0_1-1-0.1.2-8.2 libmspub-0_1-1-debuginfo-0.1.2-8.2 libmspub-debugsource-0.1.2-8.2 libmwaw-0_3-3-0.3.8-6.1 libmwaw-0_3-3-debuginfo-0.3.8-6.1 libmwaw-debugsource-0.3.8-6.1 liborcus-0_11-0-0.11.2-9.1 liborcus-0_11-0-debuginfo-0.11.2-9.1 liborcus-debugsource-0.11.2-9.1 libpagemaker-0_0-0-0.0.3-5.2 libpagemaker-0_0-0-debuginfo-0.0.3-5.2 libpagemaker-debugsource-0.0.3-5.2 libreoffice-5.2.3.3-32.2 libreoffice-base-5.2.3.3-32.2 libreoffice-base-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-mysql-5.2.3.3-32.2 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-32.2 libreoffice-calc-5.2.3.3-32.2 libreoffice-calc-debuginfo-5.2.3.3-32.2 libreoffice-calc-extensions-5.2.3.3-32.2 libreoffice-debuginfo-5.2.3.3-32.2 libreoffice-debugsource-5.2.3.3-32.2 libreoffice-draw-5.2.3.3-32.2 libreoffice-draw-debuginfo-5.2.3.3-32.2 libreoffice-filters-optional-5.2.3.3-32.2 libreoffice-gnome-5.2.3.3-32.2 libreoffice-gnome-debuginfo-5.2.3.3-32.2 libreoffice-impress-5.2.3.3-32.2 libreoffice-impress-debuginfo-5.2.3.3-32.2 libreoffice-mailmerge-5.2.3.3-32.2 libreoffice-math-5.2.3.3-32.2 libreoffice-math-debuginfo-5.2.3.3-32.2 libreoffice-officebean-5.2.3.3-32.2 libreoffice-officebean-debuginfo-5.2.3.3-32.2 libreoffice-pyuno-5.2.3.3-32.2 libreoffice-pyuno-debuginfo-5.2.3.3-32.2 libreoffice-writer-5.2.3.3-32.2 libreoffice-writer-debuginfo-5.2.3.3-32.2 libreoffice-writer-extensions-5.2.3.3-32.2 libreofficekit-5.2.3.3-32.2 libwps-0_4-4-0.4.4-9.2 libwps-0_4-4-debuginfo-0.4.4-9.2 libwps-debugsource-0.4.4-9.2 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-32.2 libreoffice-icon-theme-tango-5.2.3.3-32.2 libreoffice-l10n-af-5.2.3.3-32.2 libreoffice-l10n-ar-5.2.3.3-32.2 libreoffice-l10n-ca-5.2.3.3-32.2 libreoffice-l10n-cs-5.2.3.3-32.2 libreoffice-l10n-da-5.2.3.3-32.2 libreoffice-l10n-de-5.2.3.3-32.2 libreoffice-l10n-en-5.2.3.3-32.2 libreoffice-l10n-es-5.2.3.3-32.2 libreoffice-l10n-fi-5.2.3.3-32.2 libreoffice-l10n-fr-5.2.3.3-32.2 libreoffice-l10n-gu-5.2.3.3-32.2 libreoffice-l10n-hi-5.2.3.3-32.2 libreoffice-l10n-hu-5.2.3.3-32.2 libreoffice-l10n-it-5.2.3.3-32.2 libreoffice-l10n-ja-5.2.3.3-32.2 libreoffice-l10n-ko-5.2.3.3-32.2 libreoffice-l10n-nb-5.2.3.3-32.2 libreoffice-l10n-nl-5.2.3.3-32.2 libreoffice-l10n-nn-5.2.3.3-32.2 libreoffice-l10n-pl-5.2.3.3-32.2 libreoffice-l10n-pt_BR-5.2.3.3-32.2 libreoffice-l10n-pt_PT-5.2.3.3-32.2 libreoffice-l10n-ru-5.2.3.3-32.2 libreoffice-l10n-sk-5.2.3.3-32.2 libreoffice-l10n-sv-5.2.3.3-32.2 libreoffice-l10n-xh-5.2.3.3-32.2 libreoffice-l10n-zh_CN-5.2.3.3-32.2 libreoffice-l10n-zh_TW-5.2.3.3-32.2 libreoffice-l10n-zu-5.2.3.3-32.2 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libcdr-0_1-1-0.1.3-8.2 libcdr-0_1-1-debuginfo-0.1.3-8.2 libcdr-debugsource-0.1.3-8.2 libe-book-0_1-1-0.1.2-7.2 libe-book-0_1-1-debuginfo-0.1.2-7.2 libe-book-debugsource-0.1.2-7.2 libixion-0_11-0-0.11.1-9.2 libixion-0_11-0-debuginfo-0.11.1-9.2 libixion-debugsource-0.11.1-9.2 liblangtag-debugsource-0.6.1-6.2 liblangtag1-0.6.1-6.2 liblangtag1-debuginfo-0.6.1-6.2 libmspub-0_1-1-0.1.2-8.2 libmspub-0_1-1-debuginfo-0.1.2-8.2 libmspub-debugsource-0.1.2-8.2 libmwaw-0_3-3-0.3.8-6.1 libmwaw-0_3-3-debuginfo-0.3.8-6.1 libmwaw-debugsource-0.3.8-6.1 liborcus-0_11-0-0.11.2-9.1 liborcus-0_11-0-debuginfo-0.11.2-9.1 liborcus-debugsource-0.11.2-9.1 libpagemaker-0_0-0-0.0.3-5.2 libpagemaker-0_0-0-debuginfo-0.0.3-5.2 libpagemaker-debugsource-0.0.3-5.2 libreoffice-5.2.3.3-32.2 libreoffice-base-5.2.3.3-32.2 libreoffice-base-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-mysql-5.2.3.3-32.2 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-32.2 libreoffice-calc-5.2.3.3-32.2 libreoffice-calc-debuginfo-5.2.3.3-32.2 libreoffice-calc-extensions-5.2.3.3-32.2 libreoffice-debuginfo-5.2.3.3-32.2 libreoffice-debugsource-5.2.3.3-32.2 libreoffice-draw-5.2.3.3-32.2 libreoffice-draw-debuginfo-5.2.3.3-32.2 libreoffice-filters-optional-5.2.3.3-32.2 libreoffice-gnome-5.2.3.3-32.2 libreoffice-gnome-debuginfo-5.2.3.3-32.2 libreoffice-impress-5.2.3.3-32.2 libreoffice-impress-debuginfo-5.2.3.3-32.2 libreoffice-mailmerge-5.2.3.3-32.2 libreoffice-math-5.2.3.3-32.2 libreoffice-math-debuginfo-5.2.3.3-32.2 libreoffice-officebean-5.2.3.3-32.2 libreoffice-officebean-debuginfo-5.2.3.3-32.2 libreoffice-pyuno-5.2.3.3-32.2 libreoffice-pyuno-debuginfo-5.2.3.3-32.2 libreoffice-writer-5.2.3.3-32.2 libreoffice-writer-debuginfo-5.2.3.3-32.2 libreoffice-writer-extensions-5.2.3.3-32.2 libwps-0_4-4-0.4.4-9.2 libwps-0_4-4-debuginfo-0.4.4-9.2 libwps-debugsource-0.4.4-9.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libcdr-debugsource-0.1.3-8.2 libcdr-devel-0.1.3-8.2 libe-book-debugsource-0.1.2-7.2 libe-book-devel-0.1.2-7.2 libixion-debugsource-0.11.1-9.2 libixion-devel-0.11.1-9.2 liblangtag-debugsource-0.6.1-6.2 liblangtag-devel-0.6.1-6.2 liblangtag1-0.6.1-6.2 liblangtag1-debuginfo-0.6.1-6.2 libmspub-debugsource-0.1.2-8.2 libmspub-devel-0.1.2-8.2 libmwaw-debugsource-0.3.8-6.1 libmwaw-devel-0.3.8-6.1 liborcus-debugsource-0.11.2-9.1 liborcus-devel-0.11.2-9.1 libwps-debugsource-0.4.4-9.2 libwps-devel-0.4.4-9.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): libreoffice-debuginfo-5.2.3.3-32.2 libreoffice-debugsource-5.2.3.3-32.2 libreoffice-sdk-5.2.3.3-32.2 libreoffice-sdk-debuginfo-5.2.3.3-32.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libcdr-devel-doc-0.1.3-8.2 libe-book-devel-doc-0.1.2-7.2 libmspub-devel-doc-0.1.2-8.2 libmwaw-devel-doc-0.3.8-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libcdr-debugsource-0.1.3-8.2 libcdr-devel-0.1.3-8.2 libe-book-debugsource-0.1.2-7.2 libe-book-devel-0.1.2-7.2 libixion-0_11-0-0.11.1-9.2 libixion-0_11-0-debuginfo-0.11.1-9.2 libixion-debugsource-0.11.1-9.2 libixion-devel-0.11.1-9.2 liblangtag-debugsource-0.6.1-6.2 liblangtag-devel-0.6.1-6.2 liblangtag1-0.6.1-6.2 liblangtag1-debuginfo-0.6.1-6.2 libmspub-debugsource-0.1.2-8.2 libmspub-devel-0.1.2-8.2 libmwaw-debugsource-0.3.8-6.1 libmwaw-devel-0.3.8-6.1 liborcus-debugsource-0.11.2-9.1 liborcus-devel-0.11.2-9.1 libwps-debugsource-0.4.4-9.2 libwps-devel-0.4.4-9.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): libcdr-devel-doc-0.1.3-8.2 libe-book-devel-doc-0.1.2-7.2 libmspub-devel-doc-0.1.2-8.2 libmwaw-devel-doc-0.3.8-6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-32.2 libreoffice-icon-theme-tango-5.2.3.3-32.2 libreoffice-l10n-af-5.2.3.3-32.2 libreoffice-l10n-ar-5.2.3.3-32.2 libreoffice-l10n-ca-5.2.3.3-32.2 libreoffice-l10n-cs-5.2.3.3-32.2 libreoffice-l10n-da-5.2.3.3-32.2 libreoffice-l10n-de-5.2.3.3-32.2 libreoffice-l10n-en-5.2.3.3-32.2 libreoffice-l10n-es-5.2.3.3-32.2 libreoffice-l10n-fi-5.2.3.3-32.2 libreoffice-l10n-fr-5.2.3.3-32.2 libreoffice-l10n-gu-5.2.3.3-32.2 libreoffice-l10n-hi-5.2.3.3-32.2 libreoffice-l10n-hu-5.2.3.3-32.2 libreoffice-l10n-it-5.2.3.3-32.2 libreoffice-l10n-ja-5.2.3.3-32.2 libreoffice-l10n-ko-5.2.3.3-32.2 libreoffice-l10n-nb-5.2.3.3-32.2 libreoffice-l10n-nl-5.2.3.3-32.2 libreoffice-l10n-nn-5.2.3.3-32.2 libreoffice-l10n-pl-5.2.3.3-32.2 libreoffice-l10n-pt_BR-5.2.3.3-32.2 libreoffice-l10n-pt_PT-5.2.3.3-32.2 libreoffice-l10n-ro-5.2.3.3-32.2 libreoffice-l10n-ru-5.2.3.3-32.2 libreoffice-l10n-sk-5.2.3.3-32.2 libreoffice-l10n-sv-5.2.3.3-32.2 libreoffice-l10n-xh-5.2.3.3-32.2 libreoffice-l10n-zh_CN-5.2.3.3-32.2 libreoffice-l10n-zh_TW-5.2.3.3-32.2 libreoffice-l10n-zu-5.2.3.3-32.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libcdr-0_1-1-0.1.3-8.2 libcdr-0_1-1-debuginfo-0.1.3-8.2 libcdr-debugsource-0.1.3-8.2 libe-book-0_1-1-0.1.2-7.2 libe-book-0_1-1-debuginfo-0.1.2-7.2 libe-book-debugsource-0.1.2-7.2 libixion-0_11-0-0.11.1-9.2 libixion-0_11-0-debuginfo-0.11.1-9.2 libixion-debugsource-0.11.1-9.2 liblangtag-debugsource-0.6.1-6.2 liblangtag1-0.6.1-6.2 liblangtag1-debuginfo-0.6.1-6.2 libmspub-0_1-1-0.1.2-8.2 libmspub-0_1-1-debuginfo-0.1.2-8.2 libmspub-debugsource-0.1.2-8.2 libmwaw-0_3-3-0.3.8-6.1 libmwaw-0_3-3-debuginfo-0.3.8-6.1 libmwaw-debugsource-0.3.8-6.1 liborcus-0_11-0-0.11.2-9.1 liborcus-0_11-0-debuginfo-0.11.2-9.1 liborcus-debugsource-0.11.2-9.1 libpagemaker-0_0-0-0.0.3-5.2 libpagemaker-0_0-0-debuginfo-0.0.3-5.2 libpagemaker-debugsource-0.0.3-5.2 libreoffice-5.2.3.3-32.2 libreoffice-base-5.2.3.3-32.2 libreoffice-base-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-mysql-5.2.3.3-32.2 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-32.2 libreoffice-calc-5.2.3.3-32.2 libreoffice-calc-debuginfo-5.2.3.3-32.2 libreoffice-calc-extensions-5.2.3.3-32.2 libreoffice-debuginfo-5.2.3.3-32.2 libreoffice-debugsource-5.2.3.3-32.2 libreoffice-draw-5.2.3.3-32.2 libreoffice-draw-debuginfo-5.2.3.3-32.2 libreoffice-filters-optional-5.2.3.3-32.2 libreoffice-gnome-5.2.3.3-32.2 libreoffice-gnome-debuginfo-5.2.3.3-32.2 libreoffice-impress-5.2.3.3-32.2 libreoffice-impress-debuginfo-5.2.3.3-32.2 libreoffice-mailmerge-5.2.3.3-32.2 libreoffice-math-5.2.3.3-32.2 libreoffice-math-debuginfo-5.2.3.3-32.2 libreoffice-officebean-5.2.3.3-32.2 libreoffice-officebean-debuginfo-5.2.3.3-32.2 libreoffice-pyuno-5.2.3.3-32.2 libreoffice-pyuno-debuginfo-5.2.3.3-32.2 libreoffice-writer-5.2.3.3-32.2 libreoffice-writer-debuginfo-5.2.3.3-32.2 libreoffice-writer-extensions-5.2.3.3-32.2 libreofficekit-5.2.3.3-32.2 libwps-0_4-4-0.4.4-9.2 libwps-0_4-4-debuginfo-0.4.4-9.2 libwps-debugsource-0.4.4-9.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libcdr-0_1-1-0.1.3-8.2 libcdr-0_1-1-debuginfo-0.1.3-8.2 libcdr-debugsource-0.1.3-8.2 libe-book-0_1-1-0.1.2-7.2 libe-book-0_1-1-debuginfo-0.1.2-7.2 libe-book-debugsource-0.1.2-7.2 libixion-0_11-0-0.11.1-9.2 libixion-0_11-0-debuginfo-0.11.1-9.2 libixion-debugsource-0.11.1-9.2 liblangtag-debugsource-0.6.1-6.2 liblangtag1-0.6.1-6.2 liblangtag1-debuginfo-0.6.1-6.2 libmspub-0_1-1-0.1.2-8.2 libmspub-0_1-1-debuginfo-0.1.2-8.2 libmspub-debugsource-0.1.2-8.2 libmwaw-0_3-3-0.3.8-6.1 libmwaw-0_3-3-debuginfo-0.3.8-6.1 libmwaw-debugsource-0.3.8-6.1 liborcus-0_11-0-0.11.2-9.1 liborcus-0_11-0-debuginfo-0.11.2-9.1 liborcus-debugsource-0.11.2-9.1 libpagemaker-0_0-0-0.0.3-5.2 libpagemaker-0_0-0-debuginfo-0.0.3-5.2 libpagemaker-debugsource-0.0.3-5.2 libreoffice-5.2.3.3-32.2 libreoffice-base-5.2.3.3-32.2 libreoffice-base-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-mysql-5.2.3.3-32.2 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-5.2.3.3-32.2 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-32.2 libreoffice-calc-5.2.3.3-32.2 libreoffice-calc-debuginfo-5.2.3.3-32.2 libreoffice-calc-extensions-5.2.3.3-32.2 libreoffice-debuginfo-5.2.3.3-32.2 libreoffice-debugsource-5.2.3.3-32.2 libreoffice-draw-5.2.3.3-32.2 libreoffice-draw-debuginfo-5.2.3.3-32.2 libreoffice-filters-optional-5.2.3.3-32.2 libreoffice-gnome-5.2.3.3-32.2 libreoffice-gnome-debuginfo-5.2.3.3-32.2 libreoffice-impress-5.2.3.3-32.2 libreoffice-impress-debuginfo-5.2.3.3-32.2 libreoffice-mailmerge-5.2.3.3-32.2 libreoffice-math-5.2.3.3-32.2 libreoffice-math-debuginfo-5.2.3.3-32.2 libreoffice-officebean-5.2.3.3-32.2 libreoffice-officebean-debuginfo-5.2.3.3-32.2 libreoffice-pyuno-5.2.3.3-32.2 libreoffice-pyuno-debuginfo-5.2.3.3-32.2 libreoffice-writer-5.2.3.3-32.2 libreoffice-writer-debuginfo-5.2.3.3-32.2 libreoffice-writer-extensions-5.2.3.3-32.2 libwps-0_4-4-0.4.4-9.2 libwps-0_4-4-debuginfo-0.4.4-9.2 libwps-debugsource-0.4.4-9.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-32.2 libreoffice-icon-theme-tango-5.2.3.3-32.2 libreoffice-l10n-af-5.2.3.3-32.2 libreoffice-l10n-ar-5.2.3.3-32.2 libreoffice-l10n-ca-5.2.3.3-32.2 libreoffice-l10n-cs-5.2.3.3-32.2 libreoffice-l10n-da-5.2.3.3-32.2 libreoffice-l10n-de-5.2.3.3-32.2 libreoffice-l10n-en-5.2.3.3-32.2 libreoffice-l10n-es-5.2.3.3-32.2 libreoffice-l10n-fi-5.2.3.3-32.2 libreoffice-l10n-fr-5.2.3.3-32.2 libreoffice-l10n-gu-5.2.3.3-32.2 libreoffice-l10n-hi-5.2.3.3-32.2 libreoffice-l10n-hu-5.2.3.3-32.2 libreoffice-l10n-it-5.2.3.3-32.2 libreoffice-l10n-ja-5.2.3.3-32.2 libreoffice-l10n-ko-5.2.3.3-32.2 libreoffice-l10n-nb-5.2.3.3-32.2 libreoffice-l10n-nl-5.2.3.3-32.2 libreoffice-l10n-nn-5.2.3.3-32.2 libreoffice-l10n-pl-5.2.3.3-32.2 libreoffice-l10n-pt_BR-5.2.3.3-32.2 libreoffice-l10n-pt_PT-5.2.3.3-32.2 libreoffice-l10n-ru-5.2.3.3-32.2 libreoffice-l10n-sk-5.2.3.3-32.2 libreoffice-l10n-sv-5.2.3.3-32.2 libreoffice-l10n-xh-5.2.3.3-32.2 libreoffice-l10n-zh_CN-5.2.3.3-32.2 libreoffice-l10n-zh_TW-5.2.3.3-32.2 libreoffice-l10n-zu-5.2.3.3-32.2 References: https://bugzilla.suse.com/1003896 https://bugzilla.suse.com/1006201 https://bugzilla.suse.com/1008743 From sle-updates at lists.suse.com Wed Nov 16 12:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2016 20:07:42 +0100 (CET) Subject: SUSE-SU-2016:2817-1: moderate: Security update for ghostscript Message-ID: <20161116190742.881F3FFC1@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2817-1 Rating: moderate References: #1006592 Cross-References: CVE-2013-5653 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - bsc#1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn't be opened in okular/evince (kde#371887). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1657=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1657=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1657=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1657=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1657=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1657=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1657=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-devel-9.15-17.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-devel-9.15-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ghostscript-9.15-17.2 ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-x11-9.15-17.2 ghostscript-x11-debuginfo-9.15-17.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ghostscript-9.15-17.2 ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-x11-9.15-17.2 ghostscript-x11-debuginfo-9.15-17.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-17.2 ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-x11-9.15-17.2 ghostscript-x11-debuginfo-9.15-17.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ghostscript-9.15-17.2 ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-x11-9.15-17.2 ghostscript-x11-debuginfo-9.15-17.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-17.2 ghostscript-debuginfo-9.15-17.2 ghostscript-debugsource-9.15-17.2 ghostscript-x11-9.15-17.2 ghostscript-x11-debuginfo-9.15-17.2 References: https://www.suse.com/security/cve/CVE-2013-5653.html https://bugzilla.suse.com/1006592 From sle-updates at lists.suse.com Wed Nov 16 13:06:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2016 21:06:37 +0100 (CET) Subject: SUSE-RU-2016:2818-1: Recommended update for crmsh Message-ID: <20161116200637.8212DFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2818-1 Rating: low References: #981659 #989810 #990025 #994347 #999683 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh fixes the following issue: - cibconfig: Ensure temp CIB is readable by crm_diff. (bsc#999683) - hb_report: Skip lines without timestamps in log correctly. (bsc#989810) - constants: Add maintenance to set of known attributes. (bsc#981659) - parse: Fix problem in backport of match_arguments. (bsc#994347) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-crmsh-12849=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): crmsh-2.1.2+git132.gbc9fde0-18.2 References: https://bugzilla.suse.com/981659 https://bugzilla.suse.com/989810 https://bugzilla.suse.com/990025 https://bugzilla.suse.com/994347 https://bugzilla.suse.com/999683 From sle-updates at lists.suse.com Wed Nov 16 20:06:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 04:06:40 +0100 (CET) Subject: SUSE-RU-2016:2819-1: moderate: Recommended update for kiwi Message-ID: <20161117030640.880B3FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2819-1 Rating: moderate References: #1000742 #1003091 #1003595 #1007765 #1008269 #997085 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides KIWI v7.03.104, which brings several fixes and enhancements: - Fix ip setup in setupNic: The invocation of ip in setupNic was invalid. The way this was done causes the netmask to be set as broadcast address. Also, fix lease request in wicked call. (bsc#1003091) - Fix for using ext4 in read/write mode for SLE-11 images built on a SLE-12 build host. (bsc#1008269) - Fixed mountSystemClicFS for older distributions: On SLE-11 the ext4 filesystem support is available in read only mode by default. In order to allow read/write access the filesystem parameters need to be adapted. - Fixed typo in comments: clicfs container is an ext4, not ext3. - UpdateOtherDeviceFstab method was erroneously overwriting the variable $1 with the value of $2, which is always empty. (bsc#1007765) - Fixed waitForStorageDevice: Value for storage_size was not really used. (bsc#1000742) - Put setupNetworkWicked in line with former dhcpcd: The way setupNetworkWicked implements the dhcp discovery was incomplete. (bsc#1003091) - Fix assembling of mdraid array: When udev discovers an mdraid array it partially starts the array. That is interfering with the mdadm --assemble call by kiwi which leads to a busy state and an array in inactive state. Therefore the method should wait until the raid array really exists no matter if the assembling is started by udev or kiwi's mdadm call. In addition, if the array got assembled but is incomplete because devices are missing or the timeout is fired, an additional call to start any array that has been partially assembled is required. pxeRaidAssemble will throw an exception if after this call no md device with a size greater than 0 will show up after a timeout. (bsc#1000742) - Fix waitForStorageDevice: The function will return success if the size of the storage device can be obtained and is greater than zero. The pure success on reading from the block layer is not enough. In order to actually work with the device it must provide a size greater than 0. (bsc#1000742) - Fix creation of etc/crypttab: The method setupCryptTab creates etc/crypttab from the given storage device. However in a raid setup the correct /dev/mdX device needs to be used and not one of the storage devices in the raid array. (bsc#1003595) - Fix broken console when displaying dialogs: HideSplash method used to hide the splash only if there was an active console, however the dialogs appear broken if the splash isn't hidden and in some cases is hard to check if there is an active consoles (i.e. after umount /sys or mount --move /dev /mnt/dev). (bsc#997085) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2016-1660=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1660=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1660=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1660=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kiwi-pxeboot-7.03.104-51.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kiwi-7.03.104-51.1 kiwi-debugsource-7.03.104-51.1 kiwi-desc-oemboot-7.03.104-51.1 kiwi-desc-vmxboot-7.03.104-51.1 kiwi-templates-7.03.104-51.1 kiwi-tools-7.03.104-51.1 kiwi-tools-debuginfo-7.03.104-51.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kiwi-doc-7.03.104-51.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kiwi-7.03.104-51.1 kiwi-debugsource-7.03.104-51.1 kiwi-desc-oemboot-7.03.104-51.1 kiwi-desc-vmxboot-7.03.104-51.1 kiwi-templates-7.03.104-51.1 kiwi-tools-7.03.104-51.1 kiwi-tools-debuginfo-7.03.104-51.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): kiwi-desc-netboot-7.03.104-51.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): kiwi-desc-isoboot-7.03.104-51.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kiwi-doc-7.03.104-51.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kiwi-debugsource-7.03.104-51.1 kiwi-tools-7.03.104-51.1 kiwi-tools-debuginfo-7.03.104-51.1 References: https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1003595 https://bugzilla.suse.com/1007765 https://bugzilla.suse.com/1008269 https://bugzilla.suse.com/997085 From sle-updates at lists.suse.com Wed Nov 16 21:06:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 05:06:35 +0100 (CET) Subject: SUSE-RU-2016:2820-1: Recommended update for libqt5-qtbase Message-ID: <20161117040635.8DD62FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2820-1 Rating: low References: #1001071 #1001362 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libqt5-qtbase fixes the following issues: - Fix potential crash when unloading plugins in QFactoryLoader. (bsc#1001362) - Fix dropping of URLs from Firefox or Chrome. The contents were not decoded correctly. - Fix problem when dropping data if format is "text/uri-list". - Prevents getting "QWidget::showEvent()" when hiding minimized widget on some WMs like Marco or Xfwm4. - Fix keyboard modifier state. (bsc#1001071) - Use the state of the key event to process it. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1661=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1661=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1661=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1661=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.1-15.3 libQt5Concurrent-devel-5.6.1-15.3 libQt5Core-devel-5.6.1-15.3 libQt5DBus-devel-5.6.1-15.3 libQt5DBus-devel-debuginfo-5.6.1-15.3 libQt5Gui-devel-5.6.1-15.3 libQt5Network-devel-5.6.1-15.3 libQt5OpenGL-devel-5.6.1-15.3 libQt5OpenGLExtensions-devel-static-5.6.1-15.3 libQt5PlatformHeaders-devel-5.6.1-15.3 libQt5PlatformSupport-devel-static-5.6.1-15.3 libQt5PrintSupport-devel-5.6.1-15.3 libQt5Sql-devel-5.6.1-15.3 libQt5Test-devel-5.6.1-15.3 libQt5Widgets-devel-5.6.1-15.3 libQt5Xml-devel-5.6.1-15.3 libqt5-qtbase-common-devel-5.6.1-15.3 libqt5-qtbase-common-devel-debuginfo-5.6.1-15.3 libqt5-qtbase-debugsource-5.6.1-15.3 libqt5-qtbase-devel-5.6.1-15.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libQt5Core-private-headers-devel-5.6.1-15.3 libQt5DBus-private-headers-devel-5.6.1-15.3 libQt5Gui-private-headers-devel-5.6.1-15.3 libQt5Network-private-headers-devel-5.6.1-15.3 libQt5OpenGL-private-headers-devel-5.6.1-15.3 libQt5PlatformSupport-private-headers-devel-5.6.1-15.3 libQt5PrintSupport-private-headers-devel-5.6.1-15.3 libQt5Sql-private-headers-devel-5.6.1-15.3 libQt5Test-private-headers-devel-5.6.1-15.3 libQt5Widgets-private-headers-devel-5.6.1-15.3 libqt5-qtbase-private-headers-devel-5.6.1-15.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libQt5Concurrent5-5.6.1-15.3 libQt5Concurrent5-debuginfo-5.6.1-15.3 libQt5Core5-5.6.1-15.3 libQt5Core5-debuginfo-5.6.1-15.3 libQt5DBus5-5.6.1-15.3 libQt5DBus5-debuginfo-5.6.1-15.3 libQt5Gui5-5.6.1-15.3 libQt5Gui5-debuginfo-5.6.1-15.3 libQt5Network5-5.6.1-15.3 libQt5Network5-debuginfo-5.6.1-15.3 libQt5OpenGL5-5.6.1-15.3 libQt5OpenGL5-debuginfo-5.6.1-15.3 libQt5PrintSupport5-5.6.1-15.3 libQt5PrintSupport5-debuginfo-5.6.1-15.3 libQt5Sql5-5.6.1-15.3 libQt5Sql5-debuginfo-5.6.1-15.3 libQt5Sql5-mysql-5.6.1-15.3 libQt5Sql5-mysql-debuginfo-5.6.1-15.3 libQt5Sql5-postgresql-5.6.1-15.3 libQt5Sql5-postgresql-debuginfo-5.6.1-15.3 libQt5Sql5-sqlite-5.6.1-15.3 libQt5Sql5-sqlite-debuginfo-5.6.1-15.3 libQt5Sql5-unixODBC-5.6.1-15.3 libQt5Sql5-unixODBC-debuginfo-5.6.1-15.3 libQt5Test5-5.6.1-15.3 libQt5Test5-debuginfo-5.6.1-15.3 libQt5Widgets5-5.6.1-15.3 libQt5Widgets5-debuginfo-5.6.1-15.3 libQt5Xml5-5.6.1-15.3 libQt5Xml5-debuginfo-5.6.1-15.3 libqt5-qtbase-debugsource-5.6.1-15.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libQt5Concurrent5-5.6.1-15.3 libQt5Concurrent5-debuginfo-5.6.1-15.3 libQt5Core5-5.6.1-15.3 libQt5Core5-debuginfo-5.6.1-15.3 libQt5DBus5-5.6.1-15.3 libQt5DBus5-debuginfo-5.6.1-15.3 libQt5Gui5-5.6.1-15.3 libQt5Gui5-debuginfo-5.6.1-15.3 libQt5Network5-5.6.1-15.3 libQt5Network5-debuginfo-5.6.1-15.3 libQt5OpenGL5-5.6.1-15.3 libQt5OpenGL5-debuginfo-5.6.1-15.3 libQt5PrintSupport5-5.6.1-15.3 libQt5PrintSupport5-debuginfo-5.6.1-15.3 libQt5Sql5-5.6.1-15.3 libQt5Sql5-debuginfo-5.6.1-15.3 libQt5Sql5-mysql-5.6.1-15.3 libQt5Sql5-mysql-debuginfo-5.6.1-15.3 libQt5Sql5-postgresql-5.6.1-15.3 libQt5Sql5-postgresql-debuginfo-5.6.1-15.3 libQt5Sql5-sqlite-5.6.1-15.3 libQt5Sql5-sqlite-debuginfo-5.6.1-15.3 libQt5Sql5-unixODBC-5.6.1-15.3 libQt5Sql5-unixODBC-debuginfo-5.6.1-15.3 libQt5Test5-5.6.1-15.3 libQt5Test5-debuginfo-5.6.1-15.3 libQt5Widgets5-5.6.1-15.3 libQt5Widgets5-debuginfo-5.6.1-15.3 libQt5Xml5-5.6.1-15.3 libQt5Xml5-debuginfo-5.6.1-15.3 libqt5-qtbase-debugsource-5.6.1-15.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libQt5Concurrent5-5.6.1-15.3 libQt5Concurrent5-debuginfo-5.6.1-15.3 libQt5Core5-5.6.1-15.3 libQt5Core5-debuginfo-5.6.1-15.3 libQt5DBus5-5.6.1-15.3 libQt5DBus5-debuginfo-5.6.1-15.3 libQt5Gui5-5.6.1-15.3 libQt5Gui5-debuginfo-5.6.1-15.3 libQt5Network5-5.6.1-15.3 libQt5Network5-debuginfo-5.6.1-15.3 libQt5OpenGL5-5.6.1-15.3 libQt5OpenGL5-debuginfo-5.6.1-15.3 libQt5PrintSupport5-5.6.1-15.3 libQt5PrintSupport5-debuginfo-5.6.1-15.3 libQt5Sql5-5.6.1-15.3 libQt5Sql5-debuginfo-5.6.1-15.3 libQt5Sql5-mysql-5.6.1-15.3 libQt5Sql5-mysql-debuginfo-5.6.1-15.3 libQt5Sql5-postgresql-5.6.1-15.3 libQt5Sql5-postgresql-debuginfo-5.6.1-15.3 libQt5Sql5-sqlite-5.6.1-15.3 libQt5Sql5-sqlite-debuginfo-5.6.1-15.3 libQt5Sql5-unixODBC-5.6.1-15.3 libQt5Sql5-unixODBC-debuginfo-5.6.1-15.3 libQt5Test5-5.6.1-15.3 libQt5Test5-debuginfo-5.6.1-15.3 libQt5Widgets5-5.6.1-15.3 libQt5Widgets5-debuginfo-5.6.1-15.3 libQt5Xml5-5.6.1-15.3 libQt5Xml5-debuginfo-5.6.1-15.3 libqt5-qtbase-debugsource-5.6.1-15.3 References: https://bugzilla.suse.com/1001071 https://bugzilla.suse.com/1001362 From sle-updates at lists.suse.com Thu Nov 17 08:07:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 16:07:38 +0100 (CET) Subject: SUSE-RU-2016:2821-1: moderate: Recommended update for yast2-core Message-ID: <20161117150738.5BAB2FFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2821-1 Rating: moderate References: #429326 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core provides the following fixes: - Do not fail to parse when an Optional syntax meets EOF. In some circumstances (e.g. fstab without a trailing newline), YaST could write the file incorrectly, loosing lines. (bsc#429326) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1663=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1663=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1663=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-core-debuginfo-3.1.18.1-2.3.1 yast2-core-debugsource-3.1.18.1-2.3.1 yast2-core-devel-3.1.18.1-2.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-core-3.1.18.1-2.3.1 yast2-core-debuginfo-3.1.18.1-2.3.1 yast2-core-debugsource-3.1.18.1-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-core-3.1.18.1-2.3.1 yast2-core-debuginfo-3.1.18.1-2.3.1 yast2-core-debugsource-3.1.18.1-2.3.1 References: https://bugzilla.suse.com/429326 From sle-updates at lists.suse.com Thu Nov 17 08:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 16:08:16 +0100 (CET) Subject: SUSE-RU-2016:2822-1: Recommended update for nautilus Message-ID: <20161117150816.1DC37FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2822-1 Rating: low References: #979072 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nautilus fixes a race condition at start-up time that could lead to overlapping desktop icons. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1665=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1665=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1665=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1665=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1665=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libnautilus-extension1-32bit-3.20.3-22.1 libnautilus-extension1-debuginfo-32bit-3.20.3-22.1 nautilus-debugsource-3.20.3-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): nautilus-debuginfo-3.20.3-22.1 nautilus-debugsource-3.20.3-22.1 nautilus-devel-3.20.3-22.1 typelib-1_0-Nautilus-3_0-3.20.3-22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-shell-search-provider-nautilus-3.20.3-22.1 libnautilus-extension1-3.20.3-22.1 libnautilus-extension1-debuginfo-3.20.3-22.1 nautilus-3.20.3-22.1 nautilus-debuginfo-3.20.3-22.1 nautilus-debugsource-3.20.3-22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): nautilus-lang-3.20.3-22.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-shell-search-provider-nautilus-3.20.3-22.1 libnautilus-extension1-3.20.3-22.1 libnautilus-extension1-debuginfo-3.20.3-22.1 nautilus-3.20.3-22.1 nautilus-debuginfo-3.20.3-22.1 nautilus-debugsource-3.20.3-22.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): nautilus-lang-3.20.3-22.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): nautilus-lang-3.20.3-22.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-shell-search-provider-nautilus-3.20.3-22.1 libnautilus-extension1-3.20.3-22.1 libnautilus-extension1-32bit-3.20.3-22.1 libnautilus-extension1-debuginfo-3.20.3-22.1 libnautilus-extension1-debuginfo-32bit-3.20.3-22.1 nautilus-3.20.3-22.1 nautilus-debuginfo-3.20.3-22.1 nautilus-debugsource-3.20.3-22.1 References: https://bugzilla.suse.com/979072 From sle-updates at lists.suse.com Thu Nov 17 08:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 16:08:48 +0100 (CET) Subject: SUSE-RU-2016:2823-1: moderate: Recommended update for yast2-core Message-ID: <20161117150848.77530FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2823-1 Rating: moderate References: #429326 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core provides the following fixes: - Do not fail to parse when an Optional syntax meets EOF. In some circumstances (e.g. fstab without a trailing newline), YaST could write the file incorrectly, loosing lines. (bsc#429326) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1662=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1662=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1662=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1662=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-core-debuginfo-3.1.24-8.1 yast2-core-debugsource-3.1.24-8.1 yast2-core-devel-3.1.24-8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-core-3.1.24-8.1 yast2-core-debuginfo-3.1.24-8.1 yast2-core-debugsource-3.1.24-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-core-3.1.24-8.1 yast2-core-debuginfo-3.1.24-8.1 yast2-core-debugsource-3.1.24-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-core-3.1.24-8.1 yast2-core-debuginfo-3.1.24-8.1 yast2-core-debugsource-3.1.24-8.1 References: https://bugzilla.suse.com/429326 From sle-updates at lists.suse.com Thu Nov 17 08:09:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 16:09:16 +0100 (CET) Subject: SUSE-RU-2016:2824-1: important: Recommended update for NetworkManager-gnome, gnome-control-center Message-ID: <20161117150916.EC27EFFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager-gnome, gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2824-1 Rating: important References: #1003069 #870795 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for NetworkManager-gnome and gnome-control-center provides the following fixes: - Ensure secrets default to agent-owned and are consequently stored in the encrypted keyring. (bsc#1003069) - Fix created mobile networks not showing in the network list. (bsc#870795) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1666=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1666=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1666=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1666=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1666=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): NetworkManager-gnome-lang-1.0.10-15.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): NetworkManager-connection-editor-1.0.10-15.1 NetworkManager-connection-editor-debuginfo-1.0.10-15.1 NetworkManager-gnome-1.0.10-15.1 NetworkManager-gnome-debuginfo-1.0.10-15.1 NetworkManager-gnome-debugsource-1.0.10-15.1 gnome-control-center-color-3.20.1-40.2 gnome-control-center-debuginfo-3.20.1-40.2 gnome-control-center-debugsource-3.20.1-40.2 gnome-control-center-goa-3.20.1-40.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): NetworkManager-gnome-debuginfo-1.0.10-15.1 NetworkManager-gnome-debugsource-1.0.10-15.1 gnome-control-center-debuginfo-3.20.1-40.2 gnome-control-center-debugsource-3.20.1-40.2 gnome-control-center-devel-3.20.1-40.2 libnm-gtk-devel-1.0.10-15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): NetworkManager-gnome-debuginfo-1.0.10-15.1 NetworkManager-gnome-debugsource-1.0.10-15.1 gnome-control-center-3.20.1-40.2 gnome-control-center-debuginfo-3.20.1-40.2 gnome-control-center-debugsource-3.20.1-40.2 gnome-control-center-user-faces-3.20.1-40.2 libnm-gtk0-1.0.10-15.1 libnm-gtk0-debuginfo-1.0.10-15.1 typelib-1_0-NMGtk-1_0-1.0.10-15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-control-center-lang-3.20.1-40.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): NetworkManager-gnome-debuginfo-1.0.10-15.1 NetworkManager-gnome-debugsource-1.0.10-15.1 gnome-control-center-3.20.1-40.2 gnome-control-center-debuginfo-3.20.1-40.2 gnome-control-center-debugsource-3.20.1-40.2 gnome-control-center-user-faces-3.20.1-40.2 libnm-gtk0-1.0.10-15.1 libnm-gtk0-debuginfo-1.0.10-15.1 typelib-1_0-NMGtk-1_0-1.0.10-15.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-control-center-lang-3.20.1-40.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): NetworkManager-gnome-lang-1.0.10-15.1 gnome-control-center-lang-3.20.1-40.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): NetworkManager-connection-editor-1.0.10-15.1 NetworkManager-connection-editor-debuginfo-1.0.10-15.1 NetworkManager-gnome-1.0.10-15.1 NetworkManager-gnome-debuginfo-1.0.10-15.1 NetworkManager-gnome-debugsource-1.0.10-15.1 gnome-control-center-3.20.1-40.2 gnome-control-center-color-3.20.1-40.2 gnome-control-center-debuginfo-3.20.1-40.2 gnome-control-center-debugsource-3.20.1-40.2 gnome-control-center-goa-3.20.1-40.2 gnome-control-center-user-faces-3.20.1-40.2 libnm-gtk0-1.0.10-15.1 libnm-gtk0-debuginfo-1.0.10-15.1 typelib-1_0-NMGtk-1_0-1.0.10-15.1 References: https://bugzilla.suse.com/1003069 https://bugzilla.suse.com/870795 From sle-updates at lists.suse.com Thu Nov 17 08:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 16:10:10 +0100 (CET) Subject: SUSE-RU-2016:2825-1: moderate: Recommended update for yast2-core Message-ID: <20161117151010.8F548FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2825-1 Rating: moderate References: #429326 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core provides the following fixes: - Do not fail to parse when an Optional syntax meets EOF. In some circumstances (e.g. fstab without a trailing newline), YaST could write the file incorrectly, loosing lines. (bsc#429326) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-core-12850=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-core-12850=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-core-devel-2.17.47-7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-core-2.17.47-7.1 References: https://bugzilla.suse.com/429326 From sle-updates at lists.suse.com Thu Nov 17 09:07:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 17:07:33 +0100 (CET) Subject: SUSE-RU-2016:2826-1: Recommended update for python-M2Crypto Message-ID: <20161117160734.0183CFFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2826-1 Rating: low References: #1001377 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-M2Crypto fixes the following issues: - Do not strip leading zeros from certificate fingerprints. (bsc#1001377) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1667=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1667=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1667=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): python-M2Crypto-0.22.5-22.2 python-M2Crypto-debuginfo-0.22.5-22.2 python-M2Crypto-debugsource-0.22.5-22.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): python-M2Crypto-0.22.5-22.2 python-M2Crypto-debuginfo-0.22.5-22.2 python-M2Crypto-debugsource-0.22.5-22.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): python-M2Crypto-0.22.5-22.2 python-M2Crypto-debuginfo-0.22.5-22.2 python-M2Crypto-debugsource-0.22.5-22.2 References: https://bugzilla.suse.com/1001377 From sle-updates at lists.suse.com Thu Nov 17 10:07:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 18:07:19 +0100 (CET) Subject: SUSE-SU-2016:2827-1: moderate: Security update for eog Message-ID: <20161117170719.89BF2FFBE@maintenance.suse.de> SUSE Security Update: Security update for eog ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2827-1 Rating: moderate References: #994819 Cross-References: CVE-2016-6855 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for eog fixes the following issues: - out-of-bounds write in eog (bsc#994819, CVE-2016-6855) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1669=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1669=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1669=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): eog-debuginfo-3.10.2-2.3.1 eog-debugsource-3.10.2-2.3.1 eog-devel-3.10.2-2.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): eog-3.10.2-2.3.1 eog-debuginfo-3.10.2-2.3.1 eog-debugsource-3.10.2-2.3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): eog-lang-3.10.2-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): eog-lang-3.10.2-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): eog-3.10.2-2.3.1 eog-debuginfo-3.10.2-2.3.1 eog-debugsource-3.10.2-2.3.1 References: https://www.suse.com/security/cve/CVE-2016-6855.html https://bugzilla.suse.com/994819 From sle-updates at lists.suse.com Thu Nov 17 10:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 18:07:49 +0100 (CET) Subject: SUSE-SU-2016:2828-1: moderate: Security update for X Window System client libraries Message-ID: <20161117170749.8BEE0FFC0@maintenance.suse.de> SUSE Security Update: Security update for X Window System client libraries ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2828-1 Rating: moderate References: #1002991 #1002995 #1002998 #1003000 #1003002 #1003012 #1003017 #1003023 Cross-References: CVE-2016-5407 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11: - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes: - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi: - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst: - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv: - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC: - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender: - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr: - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1668=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1668=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1668=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-8.1 libX11-devel-1.6.2-8.1 libXfixes-debugsource-5.0.1-7.1 libXfixes-devel-5.0.1-7.1 libXi-debugsource-1.7.4-14.1 libXi-devel-1.7.4-14.1 libXrender-debugsource-0.9.8-7.1 libXrender-devel-0.9.8-7.1 libXtst-debugsource-1.2.2-7.1 libXtst-devel-1.2.2-7.1 libXv-debugsource-1.0.10-7.1 libXv-devel-1.0.10-7.1 libXvMC-debugsource-1.0.8-7.1 libXvMC-devel-1.0.8-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libX11-6-1.6.2-8.1 libX11-6-debuginfo-1.6.2-8.1 libX11-debugsource-1.6.2-8.1 libX11-xcb1-1.6.2-8.1 libX11-xcb1-debuginfo-1.6.2-8.1 libXfixes-debugsource-5.0.1-7.1 libXfixes3-5.0.1-7.1 libXfixes3-debuginfo-5.0.1-7.1 libXi-debugsource-1.7.4-14.1 libXi6-1.7.4-14.1 libXi6-debuginfo-1.7.4-14.1 libXrender-debugsource-0.9.8-7.1 libXrender1-0.9.8-7.1 libXrender1-debuginfo-0.9.8-7.1 libXtst-debugsource-1.2.2-7.1 libXtst6-1.2.2-7.1 libXtst6-debuginfo-1.2.2-7.1 libXv-debugsource-1.0.10-7.1 libXv1-1.0.10-7.1 libXv1-debuginfo-1.0.10-7.1 libXvMC-debugsource-1.0.8-7.1 libXvMC1-1.0.8-7.1 libXvMC1-debuginfo-1.0.8-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libX11-data-1.6.2-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libX11-6-1.6.2-8.1 libX11-6-debuginfo-1.6.2-8.1 libX11-debugsource-1.6.2-8.1 libX11-xcb1-1.6.2-8.1 libX11-xcb1-debuginfo-1.6.2-8.1 libXfixes-debugsource-5.0.1-7.1 libXfixes3-5.0.1-7.1 libXfixes3-debuginfo-5.0.1-7.1 libXi-debugsource-1.7.4-14.1 libXi6-1.7.4-14.1 libXi6-debuginfo-1.7.4-14.1 libXrender-debugsource-0.9.8-7.1 libXrender1-0.9.8-7.1 libXrender1-debuginfo-0.9.8-7.1 libXtst-debugsource-1.2.2-7.1 libXtst6-1.2.2-7.1 libXtst6-debuginfo-1.2.2-7.1 libXv-debugsource-1.0.10-7.1 libXv1-1.0.10-7.1 libXv1-debuginfo-1.0.10-7.1 libXvMC-debugsource-1.0.8-7.1 libXvMC1-1.0.8-7.1 libXvMC1-debuginfo-1.0.8-7.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libX11-data-1.6.2-8.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libX11-6-32bit-1.6.2-8.1 libX11-6-debuginfo-32bit-1.6.2-8.1 libX11-xcb1-32bit-1.6.2-8.1 libX11-xcb1-debuginfo-32bit-1.6.2-8.1 libXfixes3-32bit-5.0.1-7.1 libXfixes3-debuginfo-32bit-5.0.1-7.1 libXi6-32bit-1.7.4-14.1 libXi6-debuginfo-32bit-1.7.4-14.1 libXrender1-32bit-0.9.8-7.1 libXrender1-debuginfo-32bit-0.9.8-7.1 libXtst6-32bit-1.2.2-7.1 libXtst6-debuginfo-32bit-1.2.2-7.1 libXv1-32bit-1.0.10-7.1 libXv1-debuginfo-32bit-1.0.10-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libX11-6-1.6.2-8.1 libX11-6-32bit-1.6.2-8.1 libX11-6-debuginfo-1.6.2-8.1 libX11-6-debuginfo-32bit-1.6.2-8.1 libX11-debugsource-1.6.2-8.1 libX11-xcb1-1.6.2-8.1 libX11-xcb1-32bit-1.6.2-8.1 libX11-xcb1-debuginfo-1.6.2-8.1 libX11-xcb1-debuginfo-32bit-1.6.2-8.1 libXfixes-debugsource-5.0.1-7.1 libXfixes3-32bit-5.0.1-7.1 libXfixes3-5.0.1-7.1 libXfixes3-debuginfo-32bit-5.0.1-7.1 libXfixes3-debuginfo-5.0.1-7.1 libXi-debugsource-1.7.4-14.1 libXi6-1.7.4-14.1 libXi6-32bit-1.7.4-14.1 libXi6-debuginfo-1.7.4-14.1 libXi6-debuginfo-32bit-1.7.4-14.1 libXrender-debugsource-0.9.8-7.1 libXrender1-0.9.8-7.1 libXrender1-32bit-0.9.8-7.1 libXrender1-debuginfo-0.9.8-7.1 libXrender1-debuginfo-32bit-0.9.8-7.1 libXtst-debugsource-1.2.2-7.1 libXtst6-1.2.2-7.1 libXtst6-32bit-1.2.2-7.1 libXtst6-debuginfo-1.2.2-7.1 libXtst6-debuginfo-32bit-1.2.2-7.1 libXv-debugsource-1.0.10-7.1 libXv1-1.0.10-7.1 libXv1-32bit-1.0.10-7.1 libXv1-debuginfo-1.0.10-7.1 libXv1-debuginfo-32bit-1.0.10-7.1 libXvMC-debugsource-1.0.8-7.1 libXvMC1-1.0.8-7.1 libXvMC1-debuginfo-1.0.8-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libX11-data-1.6.2-8.1 References: https://www.suse.com/security/cve/CVE-2016-5407.html https://www.suse.com/security/cve/CVE-2016-7942.html https://www.suse.com/security/cve/CVE-2016-7944.html https://www.suse.com/security/cve/CVE-2016-7945.html https://www.suse.com/security/cve/CVE-2016-7946.html https://www.suse.com/security/cve/CVE-2016-7947.html https://www.suse.com/security/cve/CVE-2016-7948.html https://www.suse.com/security/cve/CVE-2016-7949.html https://www.suse.com/security/cve/CVE-2016-7950.html https://www.suse.com/security/cve/CVE-2016-7951.html https://www.suse.com/security/cve/CVE-2016-7952.html https://www.suse.com/security/cve/CVE-2016-7953.html https://bugzilla.suse.com/1002991 https://bugzilla.suse.com/1002995 https://bugzilla.suse.com/1002998 https://bugzilla.suse.com/1003000 https://bugzilla.suse.com/1003002 https://bugzilla.suse.com/1003012 https://bugzilla.suse.com/1003017 https://bugzilla.suse.com/1003023 From sle-updates at lists.suse.com Thu Nov 17 10:09:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 18:09:31 +0100 (CET) Subject: SUSE-RU-2016:2829-1: Recommended update for python-google-api-python-client Message-ID: <20161117170931.3D8B4FFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-google-api-python-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2829-1 Rating: low References: #1002895 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-google-api-python-client 1.5.4, which brings many fixes and enhancements: - Properly handle errors when the API returns a mapping or sequence. - Upgrade to unified uritemplate 3.0.0. - Allow oauth2client 4.0.0, with the caveat that file-based discovery caching is disabled. - Allow using oauth2client newer than 1.5.0 and older than 4.0.0. - Fix project_id argument description. - Retry chunk uploaded on rate limit exceeded errors. - Obtain access token if necessary in BatchHttpRequest.execute(). - Warn when running tests using HttpMock without having a cache. - Check both current and new API discovery URL. - Retry http requests on connection errors and timeouts. - Retry http requests on rate limit responses. - Import guards for ssl (for Google App Engine). - Use named loggers instead of the root logger. - New search console example. - Fix file stream recognition in Python 3. - Fix non-resumable binary uploads in Python 3. - Default to 'octet-stream' if mimetype detection fails. - Handle SSL errors with retries. - Fix incompatibility with oauth2client v2.0.0. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1670=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-google-api-python-client-1.5.4-5.1 python-uritemplate-3.0.0-3.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Thu Nov 17 13:06:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2016 21:06:38 +0100 (CET) Subject: SUSE-RU-2016:2846-1: Recommended update for sssd Message-ID: <20161117200638.5C509FFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2846-1 Rating: low References: #1004220 #993582 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd provides the following fixes: - Prevent crashes of statically linked binaries using getpwuid when sssd is used and nscd is turned off or has caching disabled. (bsc#993582) - Install logrotate configuration. (bsc#1004220) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1671=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1671=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1671=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1671=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-20.1 libsss_idmap-devel-1.13.4-20.1 libsss_nss_idmap-devel-1.13.4-20.1 libsss_nss_idmap0-1.13.4-20.1 libsss_nss_idmap0-debuginfo-1.13.4-20.1 sssd-debuginfo-1.13.4-20.1 sssd-debugsource-1.13.4-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libipa_hbac0-1.13.4-20.1 libipa_hbac0-debuginfo-1.13.4-20.1 libsss_idmap0-1.13.4-20.1 libsss_idmap0-debuginfo-1.13.4-20.1 libsss_sudo-1.13.4-20.1 libsss_sudo-debuginfo-1.13.4-20.1 python-sssd-config-1.13.4-20.1 python-sssd-config-debuginfo-1.13.4-20.1 sssd-1.13.4-20.1 sssd-ad-1.13.4-20.1 sssd-ad-debuginfo-1.13.4-20.1 sssd-debuginfo-1.13.4-20.1 sssd-debugsource-1.13.4-20.1 sssd-ipa-1.13.4-20.1 sssd-ipa-debuginfo-1.13.4-20.1 sssd-krb5-1.13.4-20.1 sssd-krb5-common-1.13.4-20.1 sssd-krb5-common-debuginfo-1.13.4-20.1 sssd-krb5-debuginfo-1.13.4-20.1 sssd-ldap-1.13.4-20.1 sssd-ldap-debuginfo-1.13.4-20.1 sssd-proxy-1.13.4-20.1 sssd-proxy-debuginfo-1.13.4-20.1 sssd-tools-1.13.4-20.1 sssd-tools-debuginfo-1.13.4-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libipa_hbac0-1.13.4-20.1 libipa_hbac0-debuginfo-1.13.4-20.1 libsss_idmap0-1.13.4-20.1 libsss_idmap0-debuginfo-1.13.4-20.1 libsss_sudo-1.13.4-20.1 libsss_sudo-debuginfo-1.13.4-20.1 python-sssd-config-1.13.4-20.1 python-sssd-config-debuginfo-1.13.4-20.1 sssd-1.13.4-20.1 sssd-ad-1.13.4-20.1 sssd-ad-debuginfo-1.13.4-20.1 sssd-debuginfo-1.13.4-20.1 sssd-debugsource-1.13.4-20.1 sssd-ipa-1.13.4-20.1 sssd-ipa-debuginfo-1.13.4-20.1 sssd-krb5-1.13.4-20.1 sssd-krb5-common-1.13.4-20.1 sssd-krb5-common-debuginfo-1.13.4-20.1 sssd-krb5-debuginfo-1.13.4-20.1 sssd-ldap-1.13.4-20.1 sssd-ldap-debuginfo-1.13.4-20.1 sssd-proxy-1.13.4-20.1 sssd-proxy-debuginfo-1.13.4-20.1 sssd-tools-1.13.4-20.1 sssd-tools-debuginfo-1.13.4-20.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): sssd-32bit-1.13.4-20.1 sssd-debuginfo-32bit-1.13.4-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libipa_hbac0-1.13.4-20.1 libipa_hbac0-debuginfo-1.13.4-20.1 libsss_idmap0-1.13.4-20.1 libsss_idmap0-debuginfo-1.13.4-20.1 libsss_sudo-1.13.4-20.1 libsss_sudo-debuginfo-1.13.4-20.1 python-sssd-config-1.13.4-20.1 python-sssd-config-debuginfo-1.13.4-20.1 sssd-1.13.4-20.1 sssd-32bit-1.13.4-20.1 sssd-ad-1.13.4-20.1 sssd-ad-debuginfo-1.13.4-20.1 sssd-debuginfo-1.13.4-20.1 sssd-debuginfo-32bit-1.13.4-20.1 sssd-debugsource-1.13.4-20.1 sssd-ipa-1.13.4-20.1 sssd-ipa-debuginfo-1.13.4-20.1 sssd-krb5-1.13.4-20.1 sssd-krb5-common-1.13.4-20.1 sssd-krb5-common-debuginfo-1.13.4-20.1 sssd-krb5-debuginfo-1.13.4-20.1 sssd-ldap-1.13.4-20.1 sssd-ldap-debuginfo-1.13.4-20.1 sssd-proxy-1.13.4-20.1 sssd-proxy-debuginfo-1.13.4-20.1 sssd-tools-1.13.4-20.1 sssd-tools-debuginfo-1.13.4-20.1 References: https://bugzilla.suse.com/1004220 https://bugzilla.suse.com/993582 From sle-updates at lists.suse.com Thu Nov 17 16:06:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2016 00:06:46 +0100 (CET) Subject: SUSE-RU-2016:2847-1: moderate: Recommended update for cloud-init Message-ID: <20161117230646.72706FFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2847-1 Rating: moderate References: #1003977 #1005616 #1007529 #998103 #998836 #998843 #999942 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides cloud-init version 0.7.8, which brings several fixes and enhancements: - Fall back to the previous method of writing network information and fix the default path for network scripts. (bsc#1007529) - Allow dmidecode usage on aarch64 systems. (bsc#1005616) - Wait for the network to be up an running in order to get ssh key injected. - Handle exception when attempting to detect if the network device is up when it is not. (bsc#1003977) - Fix decoding error. (bsc#998843) - Add missing closing bracket. (bsc#998836) - Hostname of VM instance does not change after reboot. (bsc#998103) - The service file cloud-init.service referenced networking.service which on SUSE is network.service. (bsc#999942) For a comprehensive list of all changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1672=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1672=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1672=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-cffi-1.1.0-2.2.2 python-cffi-debuginfo-1.1.0-2.2.2 python-cffi-debugsource-1.1.0-2.2.2 python-cryptography-1.0-3.2.5 python-cryptography-debuginfo-1.0-3.2.5 python-cryptography-debugsource-1.0-3.2.5 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-0.7.8-29.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-PyJWT-1.4.2-2.2 python-blinker-1.4-2.2 python-oauthlib-0.7.2-2.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): python-cffi-1.1.0-2.2.2 python-cffi-debuginfo-1.1.0-2.2.2 python-cffi-debugsource-1.1.0-2.2.2 python-cryptography-1.0-3.2.5 python-cryptography-debuginfo-1.0-3.2.5 python-cryptography-debugsource-1.0-3.2.5 References: https://bugzilla.suse.com/1003977 https://bugzilla.suse.com/1005616 https://bugzilla.suse.com/1007529 https://bugzilla.suse.com/998103 https://bugzilla.suse.com/998836 https://bugzilla.suse.com/998843 https://bugzilla.suse.com/999942 From sle-updates at lists.suse.com Fri Nov 18 05:07:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2016 13:07:08 +0100 (CET) Subject: SUSE-OU-2016:2857-1: Add headmore to SUSE PackageHub Message-ID: <20161118120708.9D5F6FFBE@maintenance.suse.de> SUSE Optional Update: Add headmore to SUSE PackageHub ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2857-1 Rating: low References: Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update makes headmore available in the SUSE Package Hub. headmore is a VNC client for character terminals. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 1006=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): headmore-1.1.1-2.1 headmore-debuginfo-1.1.1-2.1 headmore-debugsource-1.1.1-2.1 References: From sle-updates at lists.suse.com Fri Nov 18 08:06:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2016 16:06:53 +0100 (CET) Subject: SUSE-RU-2016:2858-1: Recommended update for boost Message-ID: <20161118150653.0F2FEFFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2858-1 Rating: low References: #925309 #970706 #996917 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for boost adapts paths for our GCC versions: - Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x onward while our version of GCC only has /usr/include/c++/x.y for 4.x GCC and /usr/include/c++/x/ for 5.x onward. (bsc#996917) - Fix regression in asio library. (bsc#925309) - Add libboost_context to the -devel dependencies when it is built. (bsc#970706) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1675=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1675=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1675=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1675=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1675=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libboost_filesystem1_54_0-1.54.0-22.1 libboost_filesystem1_54_0-debuginfo-1.54.0-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): boost-devel-1.54.0-22.1 libboost_chrono1_54_0-1.54.0-22.1 libboost_filesystem1_54_0-1.54.0-22.1 libboost_graph1_54_0-1.54.0-22.1 libboost_graph_parallel1_54_0-1.54.0-22.1 libboost_locale1_54_0-1.54.0-22.1 libboost_log1_54_0-1.54.0-22.1 libboost_math1_54_0-1.54.0-22.1 libboost_mpi1_54_0-1.54.0-22.1 libboost_python1_54_0-1.54.0-22.1 libboost_random1_54_0-1.54.0-22.1 libboost_serialization1_54_0-1.54.0-22.1 libboost_test1_54_0-1.54.0-22.1 libboost_timer1_54_0-1.54.0-22.1 libboost_wave1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): libboost_chrono1_54_0-debuginfo-1.54.0-22.1 libboost_filesystem1_54_0-debuginfo-1.54.0-22.1 libboost_graph1_54_0-debuginfo-1.54.0-22.1 libboost_graph_parallel1_54_0-debuginfo-1.54.0-22.1 libboost_locale1_54_0-debuginfo-1.54.0-22.1 libboost_log1_54_0-debuginfo-1.54.0-22.1 libboost_math1_54_0-debuginfo-1.54.0-22.1 libboost_mpi1_54_0-debuginfo-1.54.0-22.1 libboost_python1_54_0-debuginfo-1.54.0-22.1 libboost_random1_54_0-debuginfo-1.54.0-22.1 libboost_serialization1_54_0-debuginfo-1.54.0-22.1 libboost_test1_54_0-debuginfo-1.54.0-22.1 libboost_timer1_54_0-debuginfo-1.54.0-22.1 libboost_wave1_54_0-debuginfo-1.54.0-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le x86_64): libboost_context1_54_0-1.54.0-22.1 libboost_context1_54_0-debuginfo-1.54.0-22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libboost_atomic1_54_0-1.54.0-22.1 libboost_date_time1_54_0-1.54.0-22.1 libboost_iostreams1_54_0-1.54.0-22.1 libboost_program_options1_54_0-1.54.0-22.1 libboost_random1_54_0-1.54.0-22.1 libboost_regex1_54_0-1.54.0-22.1 libboost_signals1_54_0-1.54.0-22.1 libboost_system1_54_0-1.54.0-22.1 libboost_thread1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): boost-license1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libboost_atomic1_54_0-1.54.0-22.1 libboost_date_time1_54_0-1.54.0-22.1 libboost_iostreams1_54_0-1.54.0-22.1 libboost_program_options1_54_0-1.54.0-22.1 libboost_regex1_54_0-1.54.0-22.1 libboost_signals1_54_0-1.54.0-22.1 libboost_system1_54_0-1.54.0-22.1 libboost_thread1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): libboost_random1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): libboost_atomic1_54_0-debuginfo-1.54.0-22.1 libboost_date_time1_54_0-debuginfo-1.54.0-22.1 libboost_iostreams1_54_0-debuginfo-1.54.0-22.1 libboost_program_options1_54_0-debuginfo-1.54.0-22.1 libboost_regex1_54_0-debuginfo-1.54.0-22.1 libboost_signals1_54_0-debuginfo-1.54.0-22.1 libboost_system1_54_0-debuginfo-1.54.0-22.1 libboost_thread1_54_0-debuginfo-1.54.0-22.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libboost_random1_54_0-debuginfo-1.54.0-22.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): boost-license1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): boost-license1_54_0-1.54.0-22.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libboost_atomic1_54_0-1.54.0-22.1 libboost_atomic1_54_0-debuginfo-1.54.0-22.1 libboost_date_time1_54_0-1.54.0-22.1 libboost_date_time1_54_0-debuginfo-1.54.0-22.1 libboost_filesystem1_54_0-1.54.0-22.1 libboost_filesystem1_54_0-debuginfo-1.54.0-22.1 libboost_iostreams1_54_0-1.54.0-22.1 libboost_iostreams1_54_0-debuginfo-1.54.0-22.1 libboost_program_options1_54_0-1.54.0-22.1 libboost_program_options1_54_0-debuginfo-1.54.0-22.1 libboost_random1_54_0-1.54.0-22.1 libboost_random1_54_0-debuginfo-1.54.0-22.1 libboost_regex1_54_0-1.54.0-22.1 libboost_regex1_54_0-debuginfo-1.54.0-22.1 libboost_signals1_54_0-1.54.0-22.1 libboost_signals1_54_0-debuginfo-1.54.0-22.1 libboost_system1_54_0-1.54.0-22.1 libboost_system1_54_0-debuginfo-1.54.0-22.1 libboost_thread1_54_0-1.54.0-22.1 libboost_thread1_54_0-debuginfo-1.54.0-22.1 References: https://bugzilla.suse.com/925309 https://bugzilla.suse.com/970706 https://bugzilla.suse.com/996917 From sle-updates at lists.suse.com Fri Nov 18 08:07:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2016 16:07:44 +0100 (CET) Subject: SUSE-SU-2016:2859-1: moderate: Security update for python3 Message-ID: <20161118150744.99BF4FFC0@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2859-1 Rating: moderate References: #951166 #983582 #984751 #985177 #985348 #989523 #991069 Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed: - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes: - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1676=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1676=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1676=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1676=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.5-19.1 python3-base-debugsource-3.4.5-19.1 python3-devel-3.4.5-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.5-19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpython3_4m1_0-3.4.5-19.1 libpython3_4m1_0-debuginfo-3.4.5-19.1 python3-3.4.5-19.1 python3-base-3.4.5-19.1 python3-base-debuginfo-3.4.5-19.1 python3-base-debugsource-3.4.5-19.1 python3-curses-3.4.5-19.1 python3-curses-debuginfo-3.4.5-19.1 python3-debuginfo-3.4.5-19.1 python3-debugsource-3.4.5-19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpython3_4m1_0-3.4.5-19.1 libpython3_4m1_0-debuginfo-3.4.5-19.1 python3-3.4.5-19.1 python3-base-3.4.5-19.1 python3-base-debuginfo-3.4.5-19.1 python3-base-debugsource-3.4.5-19.1 python3-curses-3.4.5-19.1 python3-curses-debuginfo-3.4.5-19.1 python3-debuginfo-3.4.5-19.1 python3-debugsource-3.4.5-19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpython3_4m1_0-3.4.5-19.1 libpython3_4m1_0-debuginfo-3.4.5-19.1 python3-3.4.5-19.1 python3-base-3.4.5-19.1 python3-base-debuginfo-3.4.5-19.1 python3-base-debugsource-3.4.5-19.1 python3-curses-3.4.5-19.1 python3-curses-debuginfo-3.4.5-19.1 python3-debuginfo-3.4.5-19.1 python3-debugsource-3.4.5-19.1 References: https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://bugzilla.suse.com/951166 https://bugzilla.suse.com/983582 https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 https://bugzilla.suse.com/991069 From sle-updates at lists.suse.com Mon Nov 21 13:06:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2016 21:06:52 +0100 (CET) Subject: SUSE-RU-2016:2867-1: moderate: Recommended update for smt Message-ID: <20161121200652.90729FF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2867-1 Rating: moderate References: #1004055 #970608 #987559 #992246 #996240 #996517 #996519 #998128 #999051 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Show correct Repository ID in smt-repos verbose output. (bsc#1004055) - Translate hardware data from NCC to SCC format. (bsc#998128) - Adapt EULA Url for products not hosted on SCC. (bsc#970608) - Fix and check product ids during setup custom repositories. (bsc#996517) - Fix removing custom repository. (bsc#996517) - Support adding products to existing custom repository. (bsc#996517, bsc#996519) - Improve no_proxy handling in SMT. (bsc#996240) - Log repositories missing for migration. (bsc#999051) - Renamed remote_ip to client_ip for apache 2.4. (bsc#992246) - Added missing reference for bsc#987559 to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1678=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1678=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): res-signingkeys-3.0.20-33.1 smt-3.0.20-33.1 smt-debuginfo-3.0.20-33.1 smt-debugsource-3.0.20-33.1 smt-support-3.0.20-33.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): res-signingkeys-3.0.20-33.1 smt-3.0.20-33.1 smt-debuginfo-3.0.20-33.1 smt-debugsource-3.0.20-33.1 smt-support-3.0.20-33.1 References: https://bugzilla.suse.com/1004055 https://bugzilla.suse.com/970608 https://bugzilla.suse.com/987559 https://bugzilla.suse.com/992246 https://bugzilla.suse.com/996240 https://bugzilla.suse.com/996517 https://bugzilla.suse.com/996519 https://bugzilla.suse.com/998128 https://bugzilla.suse.com/999051 From sle-updates at lists.suse.com Tue Nov 22 07:07:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2016 15:07:10 +0100 (CET) Subject: SUSE-OU-2016:2868-1: moderate: ncompress, a file compression utility Message-ID: <20161122140710.AC4CFFF36@maintenance.suse.de> SUSE Optional Update: ncompress, a file compression utility ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2868-1 Rating: moderate References: #1007750 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides ncompress, a file compression utility. The ncompress package contains the compress and uncompress file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). These utilities can't handle gzipped (.gz file extensions) files, but gzip can handle compressed files. Install ncompress if you need compression/decompression utilities which are compatible with the original UNIX compress utility. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 1000=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): ncompress-4.2.4.4-2.1 ncompress-debuginfo-4.2.4.4-2.1 ncompress-debugsource-4.2.4.4-2.1 References: https://bugzilla.suse.com/1007750 From sle-updates at lists.suse.com Tue Nov 22 07:07:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2016 15:07:38 +0100 (CET) Subject: SUSE-SU-2016:2869-1: important: Security update for pacemaker Message-ID: <20161122140738.D11DEFFC0@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2869-1 Rating: important References: #1000743 #1002767 #1003565 #1007433 #967388 #986644 #987348 Cross-References: CVE-2016-7035 CVE-2016-7797 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767). - CVE-2016-7035: Fixed improper IPC guarding in pacemaker (bsc#1007433). Bug fixes: - bsc#1003565: crmd: Record pending operations in the CIB before they are performed - bsc#1000743: pengine: Do not fence a maintenance node if it shuts down cleanly - bsc#987348: ping: Avoid temporary files for fping check - bsc#986644: libcrmcommon: report errors consistently when waiting for data on connection - bsc#986644: remote: Correctly calculate the remaining timeouts when receiving messages Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1679=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1679=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.15-21.1 pacemaker-cts-1.1.15-21.1 pacemaker-cts-debuginfo-1.1.15-21.1 pacemaker-debuginfo-1.1.15-21.1 pacemaker-debugsource-1.1.15-21.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): libpacemaker3-1.1.15-21.1 libpacemaker3-debuginfo-1.1.15-21.1 pacemaker-1.1.15-21.1 pacemaker-cli-1.1.15-21.1 pacemaker-cli-debuginfo-1.1.15-21.1 pacemaker-cts-1.1.15-21.1 pacemaker-cts-debuginfo-1.1.15-21.1 pacemaker-debuginfo-1.1.15-21.1 pacemaker-debugsource-1.1.15-21.1 pacemaker-remote-1.1.15-21.1 pacemaker-remote-debuginfo-1.1.15-21.1 References: https://www.suse.com/security/cve/CVE-2016-7035.html https://www.suse.com/security/cve/CVE-2016-7797.html https://bugzilla.suse.com/1000743 https://bugzilla.suse.com/1002767 https://bugzilla.suse.com/1003565 https://bugzilla.suse.com/1007433 https://bugzilla.suse.com/967388 https://bugzilla.suse.com/986644 https://bugzilla.suse.com/987348 From sle-updates at lists.suse.com Tue Nov 22 08:07:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2016 16:07:00 +0100 (CET) Subject: SUSE-SU-2016:2871-1: moderate: Security update for libtcnative-1-0 Message-ID: <20161122150700.247EAFFC0@maintenance.suse.de> SUSE Security Update: Security update for libtcnative-1-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2871-1 Rating: moderate References: #1004455 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libtcnative-1-0 fixes the following issues: - Upgrade to libtcnative-1.1.34 (bugfix release) (bsc#1004455) See https://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html * Unconditionally disable export Ciphers. * Improve ephemeral key handling for DH and ECDH. Parameter strength is by default derived from the certificate key strength. * APIs SSL.generateRSATempKey() and SSL.loadDSATempKey() are no longer supported. * Various bugfixes. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1680=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1680=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1680=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1680=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1680=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtcnative-1-0-debuginfo-1.1.34-12.1 libtcnative-1-0-debugsource-1.1.34-12.1 libtcnative-1-0-devel-1.1.34-12.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtcnative-1-0-debuginfo-1.1.34-12.1 libtcnative-1-0-debugsource-1.1.34-12.1 libtcnative-1-0-devel-1.1.34-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtcnative-1-0-1.1.34-12.1 libtcnative-1-0-debuginfo-1.1.34-12.1 libtcnative-1-0-debugsource-1.1.34-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libtcnative-1-0-1.1.34-12.1 libtcnative-1-0-debuginfo-1.1.34-12.1 libtcnative-1-0-debugsource-1.1.34-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtcnative-1-0-1.1.34-12.1 libtcnative-1-0-debuginfo-1.1.34-12.1 libtcnative-1-0-debugsource-1.1.34-12.1 References: https://bugzilla.suse.com/1004455 From sle-updates at lists.suse.com Tue Nov 22 08:07:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2016 16:07:28 +0100 (CET) Subject: SUSE-SU-2016:2872-1: moderate: Security update for bash Message-ID: <20161122150728.A8D0EFFC0@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2872-1 Rating: moderate References: #1000396 #1001299 #1001759 #898812 #898884 Cross-References: CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396) - CVE-2014-6277: More troubles with functions (bsc#898812, bsc#1001759) - CVE-2014-6278: Code execution after original 6271 fix (bsc#898884) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1681=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1681=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1681=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1681=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): bash-lang-4.2-82.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bash-debuginfo-4.2-82.1 bash-debugsource-4.2-82.1 bash-devel-4.2-82.1 readline-devel-6.2-82.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bash-4.2-82.1 bash-debuginfo-4.2-82.1 bash-debugsource-4.2-82.1 libreadline6-6.2-82.1 libreadline6-debuginfo-6.2-82.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libreadline6-32bit-6.2-82.1 libreadline6-debuginfo-32bit-6.2-82.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bash-doc-4.2-82.1 readline-doc-6.2-82.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): bash-doc-4.2-82.1 bash-lang-4.2-82.1 readline-doc-6.2-82.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bash-4.2-82.1 bash-debuginfo-4.2-82.1 bash-debugsource-4.2-82.1 libreadline6-32bit-6.2-82.1 libreadline6-6.2-82.1 libreadline6-debuginfo-32bit-6.2-82.1 libreadline6-debuginfo-6.2-82.1 References: https://www.suse.com/security/cve/CVE-2014-6277.html https://www.suse.com/security/cve/CVE-2014-6278.html https://www.suse.com/security/cve/CVE-2016-0634.html https://www.suse.com/security/cve/CVE-2016-7543.html https://bugzilla.suse.com/1000396 https://bugzilla.suse.com/1001299 https://bugzilla.suse.com/1001759 https://bugzilla.suse.com/898812 https://bugzilla.suse.com/898884 From sle-updates at lists.suse.com Tue Nov 22 11:09:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2016 19:09:07 +0100 (CET) Subject: SUSE-SU-2016:2879-1: moderate: Security update for qemu Message-ID: <20161122180907.D32D4FFC0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2879-1 Rating: moderate References: #1000345 #1000346 #1001151 #1002116 #1002549 #1002550 #1002557 #1003612 #1003613 #1003878 #1003893 #1003894 #1004702 #1004706 #1004707 #1005353 #1005374 #1006536 #1006538 #1007263 #1007391 #1007493 #1007494 #1007495 #1007769 #1008148 #998516 Cross-References: CVE-2016-7161 CVE-2016-7170 CVE-2016-7422 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 6 fixes is now available. Description: This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed: - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allowed attackers to execute arbitrary code on the QEMU host via a large ethlite packet (bsc#1001151). - CVE-2016-7170: OOB stack memory access when processing svga command (bsc#998516). - CVE-2016-7466: xhci memory leakage during device unplug (bsc#1000345). - CVE-2016-7422: NULL pointer dereference in virtqueu_map_desc (bsc#1000346). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1002550). - CVE-2016-7995: Memory leak in ehci_process_itd (bsc#1003612). - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1003878). - CVE-2016-8578: The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation (bsc#1003894). - CVE-2016-9105: Memory leakage in v9fs_link (bsc#1007494). - CVE-2016-8577: Memory leak in the v9fs_read function in hw/9pfs/9p.c allowed local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation (bsc#1003893). - CVE-2016-9106: Memory leakage in v9fs_write (bsc#1007495). - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1004707). - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002557). - CVE-2016-9101: eepro100 memory leakage whern unplugging a device (bsc#1007391). - CVE-2016-8668: The rocker_io_writel function in hw/net/rocker/rocker.c allowed local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size (bsc#1004706). - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1006538). - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1006536). - CVE-2016-7994: Memory leak in virtio_gpu_resource_create_2d (bsc#1003613). - CVE-2016-9104: Integer overflow leading to OOB access in 9pfs (bsc#1007493). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1004702). - CVE-2016-7907: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002549). These non-security issues were fixed: - Change kvm-supported.txt to be per-architecture documentation, stored in the package documentation directory of each per-arch package (bsc#1005353). - Update support doc to include current ARM64 (AArch64) support stance (bsc#1005374). - Fix migration failure when snapshot also has been done (bsc#1008148). - Change package post script udevadm trigger calls to be device specific (bsc#1002116). - Add qmp-commands.txt documentation file back in. It was inadvertently dropped. - Add an x86 cpu option (l3-cache) to specify that an L3 cache is present and another option (cpuid-0xb) to enable the cpuid 0xb leaf (bsc#1007769). For Leap 42.2 this update also enabled the smartcard support (bsc#1007263). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1682=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1682=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1682=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-31.2 qemu-arm-2.6.2-31.2 qemu-arm-debuginfo-2.6.2-31.2 qemu-block-curl-2.6.2-31.2 qemu-block-curl-debuginfo-2.6.2-31.2 qemu-block-rbd-2.6.2-31.2 qemu-block-rbd-debuginfo-2.6.2-31.2 qemu-block-ssh-2.6.2-31.2 qemu-block-ssh-debuginfo-2.6.2-31.2 qemu-debugsource-2.6.2-31.2 qemu-guest-agent-2.6.2-31.2 qemu-guest-agent-debuginfo-2.6.2-31.2 qemu-lang-2.6.2-31.2 qemu-tools-2.6.2-31.2 qemu-tools-debuginfo-2.6.2-31.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-31.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): qemu-2.6.2-31.2 qemu-block-curl-2.6.2-31.2 qemu-block-curl-debuginfo-2.6.2-31.2 qemu-block-ssh-2.6.2-31.2 qemu-block-ssh-debuginfo-2.6.2-31.2 qemu-debugsource-2.6.2-31.2 qemu-guest-agent-2.6.2-31.2 qemu-guest-agent-debuginfo-2.6.2-31.2 qemu-lang-2.6.2-31.2 qemu-tools-2.6.2-31.2 qemu-tools-debuginfo-2.6.2-31.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-31.2 qemu-block-rbd-debuginfo-2.6.2-31.2 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-31.2 qemu-ppc-debuginfo-2.6.2-31.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-31.2 qemu-arm-debuginfo-2.6.2-31.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-kvm-2.6.2-31.2 qemu-x86-2.6.2-31.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-31.2 qemu-seabios-1.9.1-31.2 qemu-sgabios-8-31.2 qemu-vgabios-1.9.1-31.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-31.2 qemu-block-curl-2.6.2-31.2 qemu-block-curl-debuginfo-2.6.2-31.2 qemu-debugsource-2.6.2-31.2 qemu-kvm-2.6.2-31.2 qemu-tools-2.6.2-31.2 qemu-tools-debuginfo-2.6.2-31.2 qemu-x86-2.6.2-31.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-31.2 qemu-seabios-1.9.1-31.2 qemu-sgabios-8-31.2 qemu-vgabios-1.9.1-31.2 References: https://www.suse.com/security/cve/CVE-2016-7161.html https://www.suse.com/security/cve/CVE-2016-7170.html https://www.suse.com/security/cve/CVE-2016-7422.html https://www.suse.com/security/cve/CVE-2016-7466.html https://www.suse.com/security/cve/CVE-2016-7907.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-7994.html https://www.suse.com/security/cve/CVE-2016-7995.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8577.html https://www.suse.com/security/cve/CVE-2016-8578.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8668.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9104.html https://www.suse.com/security/cve/CVE-2016-9105.html https://www.suse.com/security/cve/CVE-2016-9106.html https://bugzilla.suse.com/1000345 https://bugzilla.suse.com/1000346 https://bugzilla.suse.com/1001151 https://bugzilla.suse.com/1002116 https://bugzilla.suse.com/1002549 https://bugzilla.suse.com/1002550 https://bugzilla.suse.com/1002557 https://bugzilla.suse.com/1003612 https://bugzilla.suse.com/1003613 https://bugzilla.suse.com/1003878 https://bugzilla.suse.com/1003893 https://bugzilla.suse.com/1003894 https://bugzilla.suse.com/1004702 https://bugzilla.suse.com/1004706 https://bugzilla.suse.com/1004707 https://bugzilla.suse.com/1005353 https://bugzilla.suse.com/1005374 https://bugzilla.suse.com/1006536 https://bugzilla.suse.com/1006538 https://bugzilla.suse.com/1007263 https://bugzilla.suse.com/1007391 https://bugzilla.suse.com/1007493 https://bugzilla.suse.com/1007494 https://bugzilla.suse.com/1007495 https://bugzilla.suse.com/1007769 https://bugzilla.suse.com/1008148 https://bugzilla.suse.com/998516 From sle-updates at lists.suse.com Wed Nov 23 06:07:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2016 14:07:23 +0100 (CET) Subject: SUSE-SU-2016:2887-1: important: Security update for java-1_8_0-openjdk Message-ID: <20161123130723.BAD6DFF36@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2887-1 Rating: important References: #1005522 #1005523 #1005524 #1005525 #1005526 #1005527 #1005528 #988651 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues: * Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries * Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app's Java pid. + S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads + S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object + S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected. + S8041781: Need new regression tests for PBE keys + S8041787: Need new regressions tests for buffer handling for PBE algorithms + S8043836: Need new tests for AES cipher + S8044199: Tests for RSA keys and key specifications + S8044772: TempDirTest.java still times out with -Xcomp + S8046339: sun.rmi.transport.DGCAckHandler leaks memory + S8047031: Add SocketPermission tests for legacy socket types + S8048052: Permission tests for setFactory + S8048138: Tests for JAAS callbacks + S8048147: Privilege tests with JAAS Subject.doAs + S8048356: SecureRandom default provider tests + S8048357: PKCS basic tests + S8048360: Test signed jar files + S8048362: Tests for doPrivileged with accomplice + S8048596: Tests for AEAD ciphers + S8048599: Tests for key wrap and unwrap operations + S8048603: Additional tests for MAC algorithms + S8048604: Tests for strong crypto ciphers + S8048607: Test key generation of DES and DESEDE + S8048610: Implement regression test for bug fix of 4686632 in JCE + S8048617: Tests for PKCS12 read operations + S8048618: Tests for PKCS12 write operations. + S8048619: Implement tests for converting PKCS12 keystores + S8048624: Tests for SealedObject + S8048819: Implement reliability test for DH algorithm + S8048820: Implement tests for SecretKeyFactory + S8048830: Implement tests for new functionality provided in JEP 166 + S8049237: Need new tests for X509V3 certificates + S8049321: Support SHA256WithDSA in JSSE + S8049429: Tests for java client server communications with various TLS/SSL combinations. + S8049432: New tests for TLS property jdk.tls.client.protocols + S8049814: Additional SASL client-server tests + S8050281: New permission tests for JEP 140 + S8050370: Need new regressions tests for messageDigest with DigestIOStream + S8050371: More MessageDigest tests + S8050374: More Signature tests + S8050427: LoginContext tests to cover JDK-4703361 + S8050460: JAAS login/logout tests with LoginContext + S8050461: Tests for syntax checking of JAAS configuration file + S8054278: Refactor jps utility tests + S8055530: assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined + S8055844: [TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used + S8059677: Thread.getName() instantiates Strings + S8061464: A typo in CipherTestUtils test + S8062536: [TESTBUG] Conflicting GC combinations in jdk tests + S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently + S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures + S8066871: java.lang.VerifyError: Bad local variable type - local final String + S8068427: Hashtable deserialization reconstitutes table with wrong capacity + S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 + S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac + S8071125: Improve exception messages in URLPermission + S8072081: Supplementary characters are rejected in comments + S8072463: Remove requirement that AKID and SKID have to match when building certificate chain + S8072725: Provide more granular levels for GC verification + S8073400: Some Monospaced logical fonts have a different width + S8073872: Schemagen fails with StackOverflowError if element references containing class + S8074931: Additional tests for CertPath API + S8075286: Additional tests for signature algorithm OIDs and transformation string + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display + S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr + S8079138: Additional negative tests for XML signature processing + S8081512: Remove sun.invoke.anon classes, or move / co-locate them with tests + S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument + S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy + S8130150: Implement BigInteger.montgomeryMultiply intrinsic + S8130242: DataFlavorComparator transitivity exception + S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain + S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata + S8133023: ParallelGCThreads is not calculated correctly + S8134111: Unmarshaller unmarshalls XML element which doesn't have the expected namespace + S8135259: InetAddress.getAllByName only reports "unknown error" instead of actual cause + S8136506: Include sun.arch.data.model as a property that can be queried by jtreg + S8137068: Tests added in JDK-8048604 fail to compile + S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. + S8139581: AWT components are not drawn after removal and addition to a container + S8141243: Unexpected timezone returned after parsing a date + S8141420: Compiler runtime entries don't hold Klass* from being GCed + S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file + S8141551: C2 can not handle returns with inccompatible interface arrays + S8143377: Test PKCS8Test.java fails + S8143647: Javac compiles method reference that allows results in an IllegalAccessError + S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection + S8144593: Suppress not recognized property/feature warning messages from SAXParser + S8144957: Remove PICL warning message + S8145039: JAXB marshaller fails with ClassCastException on classes generated by xjc + S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole + S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images + S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter + S8146035: Windows - With LCD antialiasing, some glyphs are not rendered correctly + S8146192: Add test for JDK-8049321 + S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn + S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches + S8147645: get_ctrl_no_update() code is wrong + S8147807: crash in libkcms.so on linux-sparc + S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications + S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms + S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier) + S8148926: Call site profiling fails on braces-wrapped anonymous function + S8149017: Delayed provider selection broken in RSA client key exchange + S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks + S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary + S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements + S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F + S8149411: PKCS12KeyStore cannot extract AES Secret Keys + S8149417: Use final restricted flag + S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception + S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F + S8149543: range check CastII nodes should not be split through Phi + S8149743: JVM crash after debugger hotswap with lambdas + S8149744: fix testng.jar delivery in Nashorn build.xml + S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE + S8150002: Check for the validity of oop before printing it in verify_remembered_set + S8150470: JCK: api/xsl/conf/copy/copy19 test failure + S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) + S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently. + S8150704: XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees + S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError + S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently + S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java + S8151352: jdk/test/sample fails with "effective library path is outside the test suite" + S8151431: DateFormatSymbols triggers this.clone() in the constructor + S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13 + S8151731: Add new jtreg keywords to jdk 8 + S8151998: VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found + S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported + S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist + S8153531: Improve exception messaging for RSAClientKeyExchange + S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump + S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S8154304: NullpointerException at LdapReferralException.getReferralContext + S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails + S8157078: 8u102 L10n resource file updates + S8157838: Personalized Windows Font Size is not taken into account in Java8u102 * Import of OpenJDK 8 u111 build 14 + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S8049171: Additional tests for jarsigner's warnings + S8063086: Math.pow yields different results upon repeated calls + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8153399: Constrain AppCDS behavior (back port) + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8158994: Service Menu services + S8159684: (tz) Support tzdata2016f + S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde + S8160934: isnan() is not available on older MSVC compilers + S8161141: correct bugId for JDK-8158994 fix push + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S8078628, PR3208: Zero build fails with pre-compiled headers disabled + S8141491, PR3159, G592292: Unaligned memory access in Bits.c + S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only) + S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation * Bug fixes + PR3123: Some object files built without -fPIC on x86 only + PR3126: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3127, G590348: Only apply PaX markings by default on running PaX kernels + PR3199: Invalid nashorn URL + PR3201: Update infinality configure test + PR3218: PR3159 leads to build failure on clean tree * AArch64 port + S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic + S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter + S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered + S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt + S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64. * Shenandoah + PR3224: Shenandoah broken when building without pre-compiled headers - Build against system kerberos - Build against system pcsc and sctp - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1683=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1683=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1683=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1683=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1683=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.111-17.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-debugsource-1.8.0.111-17.1 java-1_8_0-openjdk-demo-1.8.0.111-17.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-devel-1.8.0.111-17.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-headless-1.8.0.111-17.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_8_0-openjdk-1.8.0.111-17.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-debugsource-1.8.0.111-17.1 java-1_8_0-openjdk-demo-1.8.0.111-17.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-devel-1.8.0.111-17.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-headless-1.8.0.111-17.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.111-17.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-debugsource-1.8.0.111-17.1 java-1_8_0-openjdk-demo-1.8.0.111-17.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-devel-1.8.0.111-17.1 java-1_8_0-openjdk-headless-1.8.0.111-17.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.111-17.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-debugsource-1.8.0.111-17.1 java-1_8_0-openjdk-headless-1.8.0.111-17.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.111-17.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-17.1 java-1_8_0-openjdk-debugsource-1.8.0.111-17.1 java-1_8_0-openjdk-headless-1.8.0.111-17.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-17.1 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5582.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1005522 https://bugzilla.suse.com/1005523 https://bugzilla.suse.com/1005524 https://bugzilla.suse.com/1005525 https://bugzilla.suse.com/1005526 https://bugzilla.suse.com/1005527 https://bugzilla.suse.com/1005528 https://bugzilla.suse.com/988651 From sle-updates at lists.suse.com Wed Nov 23 09:07:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2016 17:07:16 +0100 (CET) Subject: SUSE-RU-2016:2890-1: moderate: Recommended update for libreoffice Message-ID: <20161123160716.294B1FF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2890-1 Rating: moderate References: #1010654 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for LibreOffice reintroduces a patch that was erroneously dropped by the previous update, ensuring user's settings are again read from the same place they were before. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1684=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1684=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1684=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1684=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1684=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-35.1 libreoffice-icon-theme-tango-5.2.3.3-35.1 libreoffice-l10n-af-5.2.3.3-35.1 libreoffice-l10n-ar-5.2.3.3-35.1 libreoffice-l10n-bg-5.2.3.3-35.1 libreoffice-l10n-ca-5.2.3.3-35.1 libreoffice-l10n-cs-5.2.3.3-35.1 libreoffice-l10n-da-5.2.3.3-35.1 libreoffice-l10n-de-5.2.3.3-35.1 libreoffice-l10n-en-5.2.3.3-35.1 libreoffice-l10n-es-5.2.3.3-35.1 libreoffice-l10n-fi-5.2.3.3-35.1 libreoffice-l10n-fr-5.2.3.3-35.1 libreoffice-l10n-gu-5.2.3.3-35.1 libreoffice-l10n-hi-5.2.3.3-35.1 libreoffice-l10n-hr-5.2.3.3-35.1 libreoffice-l10n-hu-5.2.3.3-35.1 libreoffice-l10n-it-5.2.3.3-35.1 libreoffice-l10n-ja-5.2.3.3-35.1 libreoffice-l10n-ko-5.2.3.3-35.1 libreoffice-l10n-lt-5.2.3.3-35.1 libreoffice-l10n-nb-5.2.3.3-35.1 libreoffice-l10n-nl-5.2.3.3-35.1 libreoffice-l10n-nn-5.2.3.3-35.1 libreoffice-l10n-pl-5.2.3.3-35.1 libreoffice-l10n-pt_BR-5.2.3.3-35.1 libreoffice-l10n-pt_PT-5.2.3.3-35.1 libreoffice-l10n-ro-5.2.3.3-35.1 libreoffice-l10n-ru-5.2.3.3-35.1 libreoffice-l10n-sk-5.2.3.3-35.1 libreoffice-l10n-sv-5.2.3.3-35.1 libreoffice-l10n-uk-5.2.3.3-35.1 libreoffice-l10n-xh-5.2.3.3-35.1 libreoffice-l10n-zh_CN-5.2.3.3-35.1 libreoffice-l10n-zh_TW-5.2.3.3-35.1 libreoffice-l10n-zu-5.2.3.3-35.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libreoffice-5.2.3.3-35.1 libreoffice-base-5.2.3.3-35.1 libreoffice-base-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-mysql-5.2.3.3-35.1 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-35.1 libreoffice-calc-5.2.3.3-35.1 libreoffice-calc-debuginfo-5.2.3.3-35.1 libreoffice-calc-extensions-5.2.3.3-35.1 libreoffice-debuginfo-5.2.3.3-35.1 libreoffice-debugsource-5.2.3.3-35.1 libreoffice-draw-5.2.3.3-35.1 libreoffice-draw-debuginfo-5.2.3.3-35.1 libreoffice-filters-optional-5.2.3.3-35.1 libreoffice-gnome-5.2.3.3-35.1 libreoffice-gnome-debuginfo-5.2.3.3-35.1 libreoffice-impress-5.2.3.3-35.1 libreoffice-impress-debuginfo-5.2.3.3-35.1 libreoffice-mailmerge-5.2.3.3-35.1 libreoffice-math-5.2.3.3-35.1 libreoffice-math-debuginfo-5.2.3.3-35.1 libreoffice-officebean-5.2.3.3-35.1 libreoffice-officebean-debuginfo-5.2.3.3-35.1 libreoffice-pyuno-5.2.3.3-35.1 libreoffice-pyuno-debuginfo-5.2.3.3-35.1 libreoffice-writer-5.2.3.3-35.1 libreoffice-writer-debuginfo-5.2.3.3-35.1 libreoffice-writer-extensions-5.2.3.3-35.1 libreofficekit-5.2.3.3-35.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libreoffice-5.2.3.3-35.1 libreoffice-base-5.2.3.3-35.1 libreoffice-base-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-mysql-5.2.3.3-35.1 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-35.1 libreoffice-calc-5.2.3.3-35.1 libreoffice-calc-debuginfo-5.2.3.3-35.1 libreoffice-calc-extensions-5.2.3.3-35.1 libreoffice-debuginfo-5.2.3.3-35.1 libreoffice-debugsource-5.2.3.3-35.1 libreoffice-draw-5.2.3.3-35.1 libreoffice-draw-debuginfo-5.2.3.3-35.1 libreoffice-filters-optional-5.2.3.3-35.1 libreoffice-gnome-5.2.3.3-35.1 libreoffice-gnome-debuginfo-5.2.3.3-35.1 libreoffice-impress-5.2.3.3-35.1 libreoffice-impress-debuginfo-5.2.3.3-35.1 libreoffice-mailmerge-5.2.3.3-35.1 libreoffice-math-5.2.3.3-35.1 libreoffice-math-debuginfo-5.2.3.3-35.1 libreoffice-officebean-5.2.3.3-35.1 libreoffice-officebean-debuginfo-5.2.3.3-35.1 libreoffice-pyuno-5.2.3.3-35.1 libreoffice-pyuno-debuginfo-5.2.3.3-35.1 libreoffice-writer-5.2.3.3-35.1 libreoffice-writer-debuginfo-5.2.3.3-35.1 libreoffice-writer-extensions-5.2.3.3-35.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-35.1 libreoffice-icon-theme-tango-5.2.3.3-35.1 libreoffice-l10n-af-5.2.3.3-35.1 libreoffice-l10n-ar-5.2.3.3-35.1 libreoffice-l10n-ca-5.2.3.3-35.1 libreoffice-l10n-cs-5.2.3.3-35.1 libreoffice-l10n-da-5.2.3.3-35.1 libreoffice-l10n-de-5.2.3.3-35.1 libreoffice-l10n-en-5.2.3.3-35.1 libreoffice-l10n-es-5.2.3.3-35.1 libreoffice-l10n-fi-5.2.3.3-35.1 libreoffice-l10n-fr-5.2.3.3-35.1 libreoffice-l10n-gu-5.2.3.3-35.1 libreoffice-l10n-hi-5.2.3.3-35.1 libreoffice-l10n-hu-5.2.3.3-35.1 libreoffice-l10n-it-5.2.3.3-35.1 libreoffice-l10n-ja-5.2.3.3-35.1 libreoffice-l10n-ko-5.2.3.3-35.1 libreoffice-l10n-nb-5.2.3.3-35.1 libreoffice-l10n-nl-5.2.3.3-35.1 libreoffice-l10n-nn-5.2.3.3-35.1 libreoffice-l10n-pl-5.2.3.3-35.1 libreoffice-l10n-pt_BR-5.2.3.3-35.1 libreoffice-l10n-pt_PT-5.2.3.3-35.1 libreoffice-l10n-ru-5.2.3.3-35.1 libreoffice-l10n-sk-5.2.3.3-35.1 libreoffice-l10n-sv-5.2.3.3-35.1 libreoffice-l10n-xh-5.2.3.3-35.1 libreoffice-l10n-zh_CN-5.2.3.3-35.1 libreoffice-l10n-zh_TW-5.2.3.3-35.1 libreoffice-l10n-zu-5.2.3.3-35.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): libreoffice-debuginfo-5.2.3.3-35.1 libreoffice-debugsource-5.2.3.3-35.1 libreoffice-sdk-5.2.3.3-35.1 libreoffice-sdk-debuginfo-5.2.3.3-35.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libreoffice-5.2.3.3-35.1 libreoffice-base-5.2.3.3-35.1 libreoffice-base-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-mysql-5.2.3.3-35.1 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-35.1 libreoffice-calc-5.2.3.3-35.1 libreoffice-calc-debuginfo-5.2.3.3-35.1 libreoffice-calc-extensions-5.2.3.3-35.1 libreoffice-debuginfo-5.2.3.3-35.1 libreoffice-debugsource-5.2.3.3-35.1 libreoffice-draw-5.2.3.3-35.1 libreoffice-draw-debuginfo-5.2.3.3-35.1 libreoffice-filters-optional-5.2.3.3-35.1 libreoffice-gnome-5.2.3.3-35.1 libreoffice-gnome-debuginfo-5.2.3.3-35.1 libreoffice-impress-5.2.3.3-35.1 libreoffice-impress-debuginfo-5.2.3.3-35.1 libreoffice-mailmerge-5.2.3.3-35.1 libreoffice-math-5.2.3.3-35.1 libreoffice-math-debuginfo-5.2.3.3-35.1 libreoffice-officebean-5.2.3.3-35.1 libreoffice-officebean-debuginfo-5.2.3.3-35.1 libreoffice-pyuno-5.2.3.3-35.1 libreoffice-pyuno-debuginfo-5.2.3.3-35.1 libreoffice-writer-5.2.3.3-35.1 libreoffice-writer-debuginfo-5.2.3.3-35.1 libreoffice-writer-extensions-5.2.3.3-35.1 libreofficekit-5.2.3.3-35.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-35.1 libreoffice-icon-theme-tango-5.2.3.3-35.1 libreoffice-l10n-af-5.2.3.3-35.1 libreoffice-l10n-ar-5.2.3.3-35.1 libreoffice-l10n-ca-5.2.3.3-35.1 libreoffice-l10n-cs-5.2.3.3-35.1 libreoffice-l10n-da-5.2.3.3-35.1 libreoffice-l10n-de-5.2.3.3-35.1 libreoffice-l10n-en-5.2.3.3-35.1 libreoffice-l10n-es-5.2.3.3-35.1 libreoffice-l10n-fi-5.2.3.3-35.1 libreoffice-l10n-fr-5.2.3.3-35.1 libreoffice-l10n-gu-5.2.3.3-35.1 libreoffice-l10n-hi-5.2.3.3-35.1 libreoffice-l10n-hu-5.2.3.3-35.1 libreoffice-l10n-it-5.2.3.3-35.1 libreoffice-l10n-ja-5.2.3.3-35.1 libreoffice-l10n-ko-5.2.3.3-35.1 libreoffice-l10n-nb-5.2.3.3-35.1 libreoffice-l10n-nl-5.2.3.3-35.1 libreoffice-l10n-nn-5.2.3.3-35.1 libreoffice-l10n-pl-5.2.3.3-35.1 libreoffice-l10n-pt_BR-5.2.3.3-35.1 libreoffice-l10n-pt_PT-5.2.3.3-35.1 libreoffice-l10n-ro-5.2.3.3-35.1 libreoffice-l10n-ru-5.2.3.3-35.1 libreoffice-l10n-sk-5.2.3.3-35.1 libreoffice-l10n-sv-5.2.3.3-35.1 libreoffice-l10n-xh-5.2.3.3-35.1 libreoffice-l10n-zh_CN-5.2.3.3-35.1 libreoffice-l10n-zh_TW-5.2.3.3-35.1 libreoffice-l10n-zu-5.2.3.3-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.2.3.3-35.1 libreoffice-icon-theme-tango-5.2.3.3-35.1 libreoffice-l10n-af-5.2.3.3-35.1 libreoffice-l10n-ar-5.2.3.3-35.1 libreoffice-l10n-ca-5.2.3.3-35.1 libreoffice-l10n-cs-5.2.3.3-35.1 libreoffice-l10n-da-5.2.3.3-35.1 libreoffice-l10n-de-5.2.3.3-35.1 libreoffice-l10n-en-5.2.3.3-35.1 libreoffice-l10n-es-5.2.3.3-35.1 libreoffice-l10n-fi-5.2.3.3-35.1 libreoffice-l10n-fr-5.2.3.3-35.1 libreoffice-l10n-gu-5.2.3.3-35.1 libreoffice-l10n-hi-5.2.3.3-35.1 libreoffice-l10n-hu-5.2.3.3-35.1 libreoffice-l10n-it-5.2.3.3-35.1 libreoffice-l10n-ja-5.2.3.3-35.1 libreoffice-l10n-ko-5.2.3.3-35.1 libreoffice-l10n-nb-5.2.3.3-35.1 libreoffice-l10n-nl-5.2.3.3-35.1 libreoffice-l10n-nn-5.2.3.3-35.1 libreoffice-l10n-pl-5.2.3.3-35.1 libreoffice-l10n-pt_BR-5.2.3.3-35.1 libreoffice-l10n-pt_PT-5.2.3.3-35.1 libreoffice-l10n-ru-5.2.3.3-35.1 libreoffice-l10n-sk-5.2.3.3-35.1 libreoffice-l10n-sv-5.2.3.3-35.1 libreoffice-l10n-xh-5.2.3.3-35.1 libreoffice-l10n-zh_CN-5.2.3.3-35.1 libreoffice-l10n-zh_TW-5.2.3.3-35.1 libreoffice-l10n-zu-5.2.3.3-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libreoffice-5.2.3.3-35.1 libreoffice-base-5.2.3.3-35.1 libreoffice-base-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-mysql-5.2.3.3-35.1 libreoffice-base-drivers-mysql-debuginfo-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-5.2.3.3-35.1 libreoffice-base-drivers-postgresql-debuginfo-5.2.3.3-35.1 libreoffice-calc-5.2.3.3-35.1 libreoffice-calc-debuginfo-5.2.3.3-35.1 libreoffice-calc-extensions-5.2.3.3-35.1 libreoffice-debuginfo-5.2.3.3-35.1 libreoffice-debugsource-5.2.3.3-35.1 libreoffice-draw-5.2.3.3-35.1 libreoffice-draw-debuginfo-5.2.3.3-35.1 libreoffice-filters-optional-5.2.3.3-35.1 libreoffice-gnome-5.2.3.3-35.1 libreoffice-gnome-debuginfo-5.2.3.3-35.1 libreoffice-impress-5.2.3.3-35.1 libreoffice-impress-debuginfo-5.2.3.3-35.1 libreoffice-mailmerge-5.2.3.3-35.1 libreoffice-math-5.2.3.3-35.1 libreoffice-math-debuginfo-5.2.3.3-35.1 libreoffice-officebean-5.2.3.3-35.1 libreoffice-officebean-debuginfo-5.2.3.3-35.1 libreoffice-pyuno-5.2.3.3-35.1 libreoffice-pyuno-debuginfo-5.2.3.3-35.1 libreoffice-writer-5.2.3.3-35.1 libreoffice-writer-debuginfo-5.2.3.3-35.1 libreoffice-writer-extensions-5.2.3.3-35.1 References: https://bugzilla.suse.com/1010654 From sle-updates at lists.suse.com Wed Nov 23 11:07:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2016 19:07:14 +0100 (CET) Subject: SUSE-SU-2016:2891-1: moderate: Security update for sudo Message-ID: <20161123180714.532F6FFBF@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2891-1 Rating: moderate References: #1007501 #1007766 #1008043 #948973 #966755 Cross-References: CVE-2016-7032 CVE-2016-7076 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionally crash sudo with an "internal error". This issue has been fixed. [bsc#948973] - The SSSD plugin would occasionally apply @netgroups rules from LDAP to all users rather than the @netgroup. This issue is now fixed. [bsc#966755] - When the SSSD plugin was used and a local user ran sudo, an e-mail used to be sent to administrator because SSSD did not support sudo rules for local users. This message did not signify an error, however, it was only noise. [bsc#1008043] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sudo-12852=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sudo-12852=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sudo-1.7.6p2-0.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sudo-debuginfo-1.7.6p2-0.29.1 sudo-debugsource-1.7.6p2-0.29.1 References: https://www.suse.com/security/cve/CVE-2016-7032.html https://www.suse.com/security/cve/CVE-2016-7076.html https://bugzilla.suse.com/1007501 https://bugzilla.suse.com/1007766 https://bugzilla.suse.com/1008043 https://bugzilla.suse.com/948973 https://bugzilla.suse.com/966755 From sle-updates at lists.suse.com Wed Nov 23 11:08:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2016 19:08:20 +0100 (CET) Subject: SUSE-RU-2016:2892-1: moderate: Recommended update for crmsh Message-ID: <20161123180820.48B23FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2892-1 Rating: moderate References: #1001164 #996806 #999683 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crmsh to version 2.2.0+git.1476084519.a000372 fixes the following issues: - high: cibconfig: Ensure temp CIB is readable by crm_diff (bsc#999683) - high: parse: Support target pattern in fencing topology - medium: ui_configure: option to obscure passwords - medium: cibconfig: Remove from tags when removing object - medium: scripts: Better corosync defaults (bsc#1001164) - medium: scripts: Drop logrotate check from cluster health - medium: corosync: Fix missing variable in del-node - low: cmd_status: Highlight plural forms (bsc#996806) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1685=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (noarch): crmsh-2.2.0+git.1476084519.a000372-19.1 crmsh-scripts-2.2.0+git.1476084519.a000372-19.1 References: https://bugzilla.suse.com/1001164 https://bugzilla.suse.com/996806 https://bugzilla.suse.com/999683 From sle-updates at lists.suse.com Wed Nov 23 11:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2016 19:09:10 +0100 (CET) Subject: SUSE-SU-2016:2893-1: moderate: Security update for sudo Message-ID: <20161123180910.367C7FFC1@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2893-1 Rating: moderate References: #1007501 #1007766 Cross-References: CVE-2016-7032 CVE-2016-7076 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1686=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1686=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1686=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1686=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-8.1 sudo-debugsource-1.8.10p3-8.1 sudo-devel-1.8.10p3-8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sudo-1.8.10p3-8.1 sudo-debuginfo-1.8.10p3-8.1 sudo-debugsource-1.8.10p3-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sudo-1.8.10p3-8.1 sudo-debuginfo-1.8.10p3-8.1 sudo-debugsource-1.8.10p3-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sudo-1.8.10p3-8.1 sudo-debuginfo-1.8.10p3-8.1 sudo-debugsource-1.8.10p3-8.1 References: https://www.suse.com/security/cve/CVE-2016-7032.html https://www.suse.com/security/cve/CVE-2016-7076.html https://bugzilla.suse.com/1007501 https://bugzilla.suse.com/1007766 From sle-updates at lists.suse.com Thu Nov 24 04:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 12:08:38 +0100 (CET) Subject: SUSE-SU-2016:2894-1: Security update for GraphicsMagick Message-ID: <20161124110838.65770FFBF@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2894-1 Rating: low References: #1007245 Cross-References: CVE-2016-8862 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for GraphicsMagick fixes the following issues: - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12853=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12853=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12853=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.52.1 libGraphicsMagick2-1.2.5-4.52.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.52.1 libGraphicsMagick2-1.2.5-4.52.1 perl-GraphicsMagick-1.2.5-4.52.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.52.1 GraphicsMagick-debugsource-1.2.5-4.52.1 References: https://www.suse.com/security/cve/CVE-2016-8862.html https://bugzilla.suse.com/1007245 From sle-updates at lists.suse.com Thu Nov 24 04:09:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 12:09:09 +0100 (CET) Subject: SUSE-SU-2016:2895-1: moderate: Security update for tar Message-ID: <20161124110909.0A040FFC1@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2895-1 Rating: moderate References: #1007188 Cross-References: CVE-2016-6321 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tar-12854=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tar-12854=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tar-1.26-1.2.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tar-debuginfo-1.26-1.2.10.1 tar-debugsource-1.26-1.2.10.1 References: https://www.suse.com/security/cve/CVE-2016-6321.html https://bugzilla.suse.com/1007188 From sle-updates at lists.suse.com Thu Nov 24 04:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 12:09:33 +0100 (CET) Subject: SUSE-SU-2016:2896-1: moderate: Security update for tar Message-ID: <20161124110933.B9B28FFC1@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2896-1 Rating: moderate References: #1007188 #913058 Cross-References: CVE-2016-6321 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration issue (bsc#913058) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1690=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1690=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1690=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1690=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1690=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): tar-1.27.1-11.1 tar-debuginfo-1.27.1-11.1 tar-debugsource-1.27.1-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): tar-lang-1.27.1-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): tar-1.27.1-11.1 tar-debuginfo-1.27.1-11.1 tar-debugsource-1.27.1-11.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): tar-lang-1.27.1-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tar-1.27.1-11.1 tar-debuginfo-1.27.1-11.1 tar-debugsource-1.27.1-11.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): tar-lang-1.27.1-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): tar-1.27.1-11.1 tar-debuginfo-1.27.1-11.1 tar-debugsource-1.27.1-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): tar-lang-1.27.1-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tar-1.27.1-11.1 tar-debuginfo-1.27.1-11.1 tar-debugsource-1.27.1-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): tar-lang-1.27.1-11.1 References: https://www.suse.com/security/cve/CVE-2016-6321.html https://bugzilla.suse.com/1007188 https://bugzilla.suse.com/913058 From sle-updates at lists.suse.com Thu Nov 24 07:06:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 15:06:59 +0100 (CET) Subject: SUSE-RU-2016:2897-1: moderate: Recommended update for yast2-auth-client, yast2-users Message-ID: <20161124140659.D4E43FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-auth-client, yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2897-1 Rating: moderate References: #1000749 #1004083 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-auth-client and yast2-users provides the following fixes: - Don't fail to start when network interface has no address assigned. (bsc#1004083) - Change dialog return value to :next so that yast2-users will reload its summary upon completion of this dialog. (bsc#1000749) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1691=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1691=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1691=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-users-3.1.57.1-20.1 yast2-users-debuginfo-3.1.57.1-20.1 yast2-users-debugsource-3.1.57.1-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-auth-client-3.3.13-9.5.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-users-3.1.57.1-20.1 yast2-users-debuginfo-3.1.57.1-20.1 yast2-users-debugsource-3.1.57.1-20.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-auth-client-3.3.13-9.5.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-users-3.1.57.1-20.1 yast2-users-debuginfo-3.1.57.1-20.1 yast2-users-debugsource-3.1.57.1-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-auth-client-3.3.13-9.5.2 References: https://bugzilla.suse.com/1000749 https://bugzilla.suse.com/1004083 From sle-updates at lists.suse.com Thu Nov 24 10:07:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 18:07:32 +0100 (CET) Subject: SUSE-SU-2016:2898-1: moderate: Security update for nodejs4 Message-ID: <20161124170732.D979CFFBF@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2898-1 Rating: moderate References: #1007728 #1009011 Cross-References: CVE-2016-5180 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728). Bug fixes: - bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1694=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.6.1-11.1 nodejs4-debuginfo-4.6.1-11.1 nodejs4-debugsource-4.6.1-11.1 nodejs4-devel-4.6.1-11.1 npm4-4.6.1-11.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.6.1-11.1 References: https://www.suse.com/security/cve/CVE-2016-5180.html https://bugzilla.suse.com/1007728 https://bugzilla.suse.com/1009011 From sle-updates at lists.suse.com Thu Nov 24 10:10:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 18:10:21 +0100 (CET) Subject: SUSE-SU-2016:2902-1: important: Security update for kvm Message-ID: <20161124171021.12280FFC1@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2902-1 Rating: important References: #1001151 #1002550 #1002557 #1003878 #1003893 #1003894 #1004702 #1004707 #1006536 #1006538 #1007391 #1007450 #1007454 #1007493 #1007494 #1007495 #998516 Cross-References: CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for kvm fixes the following issues: - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151) * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE11-SP4 - Remove semi-contradictory and now determined erroneous statement in kvm-supported.txt regarding not running ntp in kvm guest when kvm-clock is used. It is now recommended to use ntp in guest in this case. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-12855=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-50.1 References: https://www.suse.com/security/cve/CVE-2016-7161.html https://www.suse.com/security/cve/CVE-2016-7170.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8577.html https://www.suse.com/security/cve/CVE-2016-8578.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9102.html https://www.suse.com/security/cve/CVE-2016-9103.html https://www.suse.com/security/cve/CVE-2016-9104.html https://www.suse.com/security/cve/CVE-2016-9105.html https://www.suse.com/security/cve/CVE-2016-9106.html https://bugzilla.suse.com/1001151 https://bugzilla.suse.com/1002550 https://bugzilla.suse.com/1002557 https://bugzilla.suse.com/1003878 https://bugzilla.suse.com/1003893 https://bugzilla.suse.com/1003894 https://bugzilla.suse.com/1004702 https://bugzilla.suse.com/1004707 https://bugzilla.suse.com/1006536 https://bugzilla.suse.com/1006538 https://bugzilla.suse.com/1007391 https://bugzilla.suse.com/1007450 https://bugzilla.suse.com/1007454 https://bugzilla.suse.com/1007493 https://bugzilla.suse.com/1007494 https://bugzilla.suse.com/1007495 https://bugzilla.suse.com/998516 From sle-updates at lists.suse.com Thu Nov 24 10:14:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2016 18:14:26 +0100 (CET) Subject: SUSE-SU-2016:2904-1: moderate: Security update for sudo Message-ID: <20161124171426.407B5FFC2@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2904-1 Rating: moderate References: #1007501 #1007766 #899252 #917806 #979531 Cross-References: CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for sudo fixes the following security issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] - Fix unsafe handling of TZ environment variable. [CVE-2014-9680, bsc#917806] Additionally, these non-security fixes are included in the update: - Fix "ignoring time stamp from the future" message after each boot with !tty_tickets. [bsc#899252] - Enable support for SASL-based authentication. [bsc#979531] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1692=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1692=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1692=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-2.6.1 sudo-debugsource-1.8.10p3-2.6.1 sudo-devel-1.8.10p3-2.6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sudo-1.8.10p3-2.6.1 sudo-debuginfo-1.8.10p3-2.6.1 sudo-debugsource-1.8.10p3-2.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sudo-1.8.10p3-2.6.1 sudo-debuginfo-1.8.10p3-2.6.1 sudo-debugsource-1.8.10p3-2.6.1 References: https://www.suse.com/security/cve/CVE-2014-9680.html https://www.suse.com/security/cve/CVE-2016-7032.html https://www.suse.com/security/cve/CVE-2016-7076.html https://bugzilla.suse.com/1007501 https://bugzilla.suse.com/1007766 https://bugzilla.suse.com/899252 https://bugzilla.suse.com/917806 https://bugzilla.suse.com/979531 From sle-updates at lists.suse.com Thu Nov 24 16:07:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 00:07:09 +0100 (CET) Subject: SUSE-RU-2016:2908-1: moderate: Recommended update for open-iscsi Message-ID: <20161124230709.B8E9DFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2908-1 Rating: moderate References: #897297 #989548 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi provides the following fixes: - Prevent open-isns from adding duplicated entries to the database. (bsc#897297) - Also stop manual sessions when shutting down the iSCSI service. (bsc#989548) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1696=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1696=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1696=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): iscsiuio-0.7.8.2-44.1 iscsiuio-debuginfo-0.7.8.2-44.1 open-iscsi-2.0.873-44.1 open-iscsi-debuginfo-2.0.873-44.1 open-iscsi-debugsource-2.0.873-44.1 open-isns-0.95-44.1 open-isns-debuginfo-0.95-44.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): iscsiuio-0.7.8.2-44.1 iscsiuio-debuginfo-0.7.8.2-44.1 open-iscsi-2.0.873-44.1 open-iscsi-debuginfo-2.0.873-44.1 open-iscsi-debugsource-2.0.873-44.1 open-isns-0.95-44.1 open-isns-debuginfo-0.95-44.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): iscsiuio-0.7.8.2-44.1 iscsiuio-debuginfo-0.7.8.2-44.1 open-iscsi-2.0.873-44.1 open-iscsi-debuginfo-2.0.873-44.1 open-iscsi-debugsource-2.0.873-44.1 References: https://bugzilla.suse.com/897297 https://bugzilla.suse.com/989548 From sle-updates at lists.suse.com Thu Nov 24 16:07:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 00:07:52 +0100 (CET) Subject: SUSE-RU-2016:2909-1: moderate: Recommended update for open-iscsi Message-ID: <20161124230752.7253DFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2909-1 Rating: moderate References: #897297 #989548 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi provides the following fixes: - Prevent open-isns from adding duplicated entries to the database. (bsc#897297) - Also stop manual sessions when shutting down the iSCSI service. (bsc#989548) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1697=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1697=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): iscsiuio-0.7.8.2-39.5.3 iscsiuio-debuginfo-0.7.8.2-39.5.3 open-iscsi-2.0.873-39.5.3 open-iscsi-debuginfo-2.0.873-39.5.3 open-iscsi-debugsource-2.0.873-39.5.3 open-isns-0.90-39.5.3 open-isns-debuginfo-0.90-39.5.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): iscsiuio-0.7.8.2-39.5.3 iscsiuio-debuginfo-0.7.8.2-39.5.3 open-iscsi-2.0.873-39.5.3 open-iscsi-debuginfo-2.0.873-39.5.3 open-iscsi-debugsource-2.0.873-39.5.3 References: https://bugzilla.suse.com/897297 https://bugzilla.suse.com/989548 From sle-updates at lists.suse.com Thu Nov 24 16:08:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 00:08:24 +0100 (CET) Subject: SUSE-RU-2016:2910-1: Recommended update for sle-ha-manuals_en Message-ID: <20161124230824.51052FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2910-1 Rating: low References: #1011616 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Administrator Guide for SUSE Linux Enterprise High Availability Extension 12 has been updated, including the following fixes and enhancements: - The parameter no-quorum-policy=ignore has been replaced with no-quorum-policy=stop as the first one is no longer recommended. - Updated STONITH resource configurations that contained a monitoring operation with start-delay. To prevent double fencing in 2-node clusters, use the parameter pcmk_delay_max instead. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-1695=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): sle-ha-guide_en-pdf-12-18.6.1 sle-ha-manuals_en-12-18.6.1 sle-ha-nfs-quick_en-pdf-12-18.6.1 References: https://bugzilla.suse.com/1011616 From sle-updates at lists.suse.com Fri Nov 25 08:07:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 16:07:25 +0100 (CET) Subject: SUSE-SU-2016:2911-1: moderate: Security update for libarchive Message-ID: <20161125150725.3EDCBFFC5@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2911-1 Rating: moderate References: #1005070 #1005072 #1005076 #986566 #989980 #998677 Cross-References: CVE-2015-2304 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1698=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1698=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1698=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1698=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1698=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1698=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1698=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.1.2-25.1 libarchive-devel-3.1.2-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-25.1 libarchive-devel-3.1.2-25.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libarchive-debugsource-3.1.2-25.1 libarchive13-3.1.2-25.1 libarchive13-debuginfo-3.1.2-25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libarchive-debugsource-3.1.2-25.1 libarchive13-3.1.2-25.1 libarchive13-debuginfo-3.1.2-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-25.1 libarchive13-3.1.2-25.1 libarchive13-debuginfo-3.1.2-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libarchive-debugsource-3.1.2-25.1 libarchive13-3.1.2-25.1 libarchive13-debuginfo-3.1.2-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libarchive-debugsource-3.1.2-25.1 libarchive13-3.1.2-25.1 libarchive13-debuginfo-3.1.2-25.1 References: https://www.suse.com/security/cve/CVE-2015-2304.html https://www.suse.com/security/cve/CVE-2016-5418.html https://www.suse.com/security/cve/CVE-2016-5844.html https://www.suse.com/security/cve/CVE-2016-6250.html https://www.suse.com/security/cve/CVE-2016-8687.html https://www.suse.com/security/cve/CVE-2016-8688.html https://www.suse.com/security/cve/CVE-2016-8689.html https://bugzilla.suse.com/1005070 https://bugzilla.suse.com/1005072 https://bugzilla.suse.com/1005076 https://bugzilla.suse.com/986566 https://bugzilla.suse.com/989980 https://bugzilla.suse.com/998677 From sle-updates at lists.suse.com Fri Nov 25 09:07:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 17:07:34 +0100 (CET) Subject: SUSE-SU-2016:2912-1: important: Security update for the Linux Kernel Message-ID: <20161125160734.7EFDAFFC5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2912-1 Rating: important References: #1000189 #1000287 #1000304 #1000776 #1001419 #1001486 #1002165 #1003079 #1003153 #1003400 #1003568 #1003866 #1003925 #1003964 #1004252 #1004462 #1004517 #1004520 #1005666 #1006691 #1007615 #1007886 #744692 #772786 #789311 #857397 #860441 #865545 #866130 #868923 #874131 #876463 #898675 #904489 #909994 #911687 #915183 #921338 #921784 #922064 #922634 #924381 #924384 #930399 #931454 #934067 #937086 #937888 #940545 #941420 #946309 #955446 #956514 #959463 #961257 #962846 #966864 #967640 #970943 #971975 #971989 #974406 #974620 #975596 #975772 #976195 #977687 #978094 #979451 #979928 #982783 #983619 #984194 #984419 #984779 #984992 #985562 #986445 #987192 #987333 #987542 #987565 #987621 #987805 #988440 #988617 #988715 #989152 #989953 #990245 #991247 #991608 #991665 #992244 #992555 #992591 #992593 #992712 #993392 #993841 #993890 #993891 #994296 #994438 #994520 #994748 #995153 #995968 #996664 #997059 #997299 #997708 #997896 #998689 #998795 #998825 #999577 #999584 #999600 #999779 #999907 #999932 Cross-References: CVE-2015-8956 CVE-2016-5696 CVE-2016-6130 CVE-2016-6327 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 111 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bsc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability (bnc#987542). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001486). The following non-security bugs were fixed: - aacraid: Fix RRQ overload (bsc#1003079). - acpi / PM: Ignore wakeup setting if the ACPI companion can't wake up (FATE#315621). - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: don't check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix arg_size computation for when setprocattr is null terminated (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix oops, validate buffer size in apparmor_setprocattr() (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm64: Ensure pmd_present() returns false after pmd_mknotpresent() (Automatic NUMA Balancing (fate#315482)). - arm64: mm: remove broken &= operator from pmd_mknotpresent (Automatic NUMA Balancing (fate#315482)). - avoid dentry crash triggered by NFS (bsc#984194). - be2net: Don't leak iomapped memory on removal (bsc#921784). - be2net: fix BE3-R FW download compatibility check (bsc#921784). - be2net: fix wrong return value in be_check_ufi_compatibility() (bsc#921784). - be2net: remove vlan promisc capability from VF's profile descriptors (bsc#921784). - blkfront: fix an error path memory leak (luckily none so far). - blk-mq: fix undefined behaviour in order_to_size() (fate#315209). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes (fate#316924). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring (fate#316924). - bonding: Prevent IPv6 link local address on enslaved devices (fate#316924). - bonding: prevent out of bound accesses (fate#316924). - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: add missing discards when unpinning extents with -o discard (bsc#904489). - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#904489). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489). - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779) - btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: iterate over unused chunk space in FITRIM (bsc#904489). - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489). - btrfs: properly track when rescan worker is running (bsc#989953). - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489). - btrfs: reorder patches to place local patches back at the end of the series - btrfs: skip superblocks during discard (bsc#904489). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712). - cdc-acm: added sanity checking for probe() (bsc#993891). - ceph: After a write, we must free the 'request', not the 'response'. This error crept in during the backport. bsc#995153 - cephfs: ignore error from invalidate_inode_pages2_range() in direct write (bsc#995153). - cephfs: remove warning when ceph_releasepage() is called on dirty page (bsc#995153). - clockevents: export clockevents_unbind_device instead of clockevents_unbind (bnc#937888). - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (bsc#966864). - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338). - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943) - Document the process to blacklist upstream commit-ids - drivers/hv: share Hyper-V SynIC constants with userspace (bnc#937888). - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#937888). - drivers: hv: vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (bnc#937888). - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#937888). - drivers: hv: vmbus: Cleanup vmbus_set_event() (bnc#937888). - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#937888). - drivers: hv: vmbus: do not manipulate with clocksources on crash (bnc#937888). - drivers: hv: vmbus: Force all channel messages to be delivered on CPU 0 (bnc#937888). - drivers: hv: vmbus: Get rid of the unused irq variable (bnc#937888). - drivers: hv: vmbus: handle various crash scenarios (bnc#937888). - drivers: hv: vmbus: remove code duplication in message handling (bnc#937888). - drivers: hv: vmbus: Support handling messages on multiple CPUs (bnc#937888). - drivers: hv: vmbus: Support kexec on ws2012 r2 and above (bnc#937888). - efi: Small leak on error in runtime map code (fate#315019). - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805) - ext4: Add parameter for tuning handling of ext2 (bsc#976195). - ext4: Fixup handling for custom configs. - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - hyperv: enable call to clockevents_unbind_device in kexec/kdump path - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in the base kernel - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659). - ib/iwpm: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338). - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545 FATE#316891). - input: Revert "can: dev: fix deadlock reported after bus-off". - input: Revert "Input: i8042 - break load dependency between atkbd/psmouse and i8042". - input: Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports". - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772). - ipv6: Fix improper use or RCU (bsc#961257) - ipv6: fix multipath route replace error recovery (bsc#930399). - ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt. - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555, bsc#987805). - iwlwifi: dvm: fix flush support for old firmware (bsc#940545). - kabi: clockevents: export clockevents_unbind again. - kabi: Fix kabi change cause by adding flock_owner to open_context (bsc#998689). - kabi: hide harmless change in struct inet_connection_sock (fate#318553). - kABI: protect backing-dev include in mm/migrate. - kABI: protect enum usb_device_speed. - kABI: protect struct mlx5_modify_qp_mbox_in. - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420). - kernel/printk/printk.c: fix faulty logic in the case of recursive printk (bnc#744692, bnc#789311). - kvm: do not handle APIC access page if in-kernel irqchip is not in use (bsc#959463). - Kvm: vmx: defer load of APIC access page address during reset (bsc#959463). - libceph: enable large, variable-sized OSD requests (bsc#988715). - libceph: make r_request msg_size calculation clearer (bsc#988715). - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715). - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715). - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: sanity check cpu number extracted from xid (bsc#988440). - libfc: send LOGO for PLOGI failure (bsc#962846). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - md: check command validity early in md_ioctl() (bsc#1004520). - md: Drop sending a change uevent when stopping (bsc#1003568). - md: lockless I/O submission for RAID1 (bsc#982783). - md/raid5: fix a recently broken BUG_ON() (bsc#1006691). - memcg: convert threshold to bytes (bnc#931454). - memcg: fix thresholds for 32b architectures (bnc#931454). - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975 VM performance -- git fixes). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - module: Issue warnings when tainting kernel (bsc#974406). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - MSI-X: fix an error path (luckily none so far). - netback: fix flipping mode (bsc#996664). - netback: fix refounting (bsc#978094). - netfront: don't truncate grant references. - netfront: use correct linear area after linearizing an skb (bsc#1007886). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1003400). - nfs: Add a stub for GETDEVICELIST (bnc#898675). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfsd: Use free_conn to free connection (bsc#979451). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: fix BUG() crash in notify_change() with patch to chown_common() (bnc#876463). - nfs: fix pg_test page count calculation (bnc#898675). - nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT (bnc#866130). - oom: print nodemask in the oom report (bnc#1003866). - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131). - perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM (bsc#997896). - pm / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252). - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825). - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609) - radeon: avoid boot hang in Xen Dom0 (luckily none so far). - ratelimit: extend to print suppressed messages on release (bsc#979928). - ratelimit: fix bug in time interval by resetting right begin time (bsc#979928). - rbd: truncate objects on cmpext short reads (bsc#988715). - rpm/config.sh: Set the SP1 release string to 60. (bsc#997059) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rtnetlink: avoid 0 sized arrays (fate#316924). - s390: add SMT support (bnc#994438, LTC#144756). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - sd: Fix memory leak caused by RESET_WP patch (bsc#999779). - squashfs3: properly handle dir_emit() failures (bsc#998795). - sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (bnc#868923). - sunrpc: Fix a regression when reconnecting (bsc#946309). - supported.conf: Add ext2 - supported.conf: Add iscsi modules to -base (bsc#997299) - supported.conf: Add tun to -base (bsc#992593) - supported.conf: Add veth to -base (bsc#992591) - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP (bsc#987621). - target: Fix race between iscsi-target connection shutdown + ABORT_TASK (bsc#987621). - tcp: add proper TS val into RST packets (bsc#937086). - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086). - tcp: fix child sockets to use system default congestion control if not set (fate#318553). - tcp: fix cwnd limited checking to improve congestion control (bsc#988617). - tcp: refresh skb timestamp at retransmit time (bsc#937086). - timers: Use proper base migration in add_timer_on() (bnc#993392). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - Update patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch (bsc#967640, bsc#992244). - Update patches.kabi/kabi.clockevents_unbind.patch (bnc#937888). - uprobes: Fix the memcg accounting (bnc#931454). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vmxnet3: Wake queue from reset work (bsc#999907). - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance git-fixes). - xenbus: don't invoke ->is_ready() for most device states (bsc#987333). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: Linux 3.12.63. - xen/pciback: Fix conf_space read/write overlap check. - xen-pciback: return proper values during BAR sizing. - xen: Refresh patches.xen/xen3-patch-3.9 (bsc#991247). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153). - xfs: fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch (bsc#1003153). - xfs: handle dquot buffer readahead in log recovery correctly (bsc#955446). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - xhci: silence warnings in switch (bnc#991665). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1700=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1700=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1700=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1700=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1700=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1700=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.67-60.64.18.1 kernel-default-debugsource-3.12.67-60.64.18.1 kernel-default-extra-3.12.67-60.64.18.1 kernel-default-extra-debuginfo-3.12.67-60.64.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.67-60.64.18.1 kernel-obs-build-debugsource-3.12.67-60.64.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.67-60.64.18.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.67-60.64.18.1 kernel-default-base-3.12.67-60.64.18.1 kernel-default-base-debuginfo-3.12.67-60.64.18.1 kernel-default-debuginfo-3.12.67-60.64.18.1 kernel-default-debugsource-3.12.67-60.64.18.1 kernel-default-devel-3.12.67-60.64.18.1 kernel-syms-3.12.67-60.64.18.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.67-60.64.18.1 kernel-macros-3.12.67-60.64.18.1 kernel-source-3.12.67-60.64.18.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.67-60.64.18.1 kernel-xen-base-3.12.67-60.64.18.1 kernel-xen-base-debuginfo-3.12.67-60.64.18.1 kernel-xen-debuginfo-3.12.67-60.64.18.1 kernel-xen-debugsource-3.12.67-60.64.18.1 kernel-xen-devel-3.12.67-60.64.18.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.67-60.64.18.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.67-60.64.18.1 kernel-ec2-debuginfo-3.12.67-60.64.18.1 kernel-ec2-debugsource-3.12.67-60.64.18.1 kernel-ec2-devel-3.12.67-60.64.18.1 kernel-ec2-extra-3.12.67-60.64.18.1 kernel-ec2-extra-debuginfo-3.12.67-60.64.18.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-1-6.3 kgraft-patch-3_12_67-60_64_18-xen-1-6.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.67-60.64.18.1 kernel-macros-3.12.67-60.64.18.1 kernel-source-3.12.67-60.64.18.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.67-60.64.18.1 kernel-default-debuginfo-3.12.67-60.64.18.1 kernel-default-debugsource-3.12.67-60.64.18.1 kernel-default-devel-3.12.67-60.64.18.1 kernel-default-extra-3.12.67-60.64.18.1 kernel-default-extra-debuginfo-3.12.67-60.64.18.1 kernel-syms-3.12.67-60.64.18.1 kernel-xen-3.12.67-60.64.18.1 kernel-xen-debuginfo-3.12.67-60.64.18.1 kernel-xen-debugsource-3.12.67-60.64.18.1 kernel-xen-devel-3.12.67-60.64.18.1 References: https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-6130.html https://www.suse.com/security/cve/CVE-2016-6327.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-8658.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1000189 https://bugzilla.suse.com/1000287 https://bugzilla.suse.com/1000304 https://bugzilla.suse.com/1000776 https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1001486 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1003079 https://bugzilla.suse.com/1003153 https://bugzilla.suse.com/1003400 https://bugzilla.suse.com/1003568 https://bugzilla.suse.com/1003866 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1003964 https://bugzilla.suse.com/1004252 https://bugzilla.suse.com/1004462 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1004520 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1006691 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007886 https://bugzilla.suse.com/744692 https://bugzilla.suse.com/772786 https://bugzilla.suse.com/789311 https://bugzilla.suse.com/857397 https://bugzilla.suse.com/860441 https://bugzilla.suse.com/865545 https://bugzilla.suse.com/866130 https://bugzilla.suse.com/868923 https://bugzilla.suse.com/874131 https://bugzilla.suse.com/876463 https://bugzilla.suse.com/898675 https://bugzilla.suse.com/904489 https://bugzilla.suse.com/909994 https://bugzilla.suse.com/911687 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/921338 https://bugzilla.suse.com/921784 https://bugzilla.suse.com/922064 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/924381 https://bugzilla.suse.com/924384 https://bugzilla.suse.com/930399 https://bugzilla.suse.com/931454 https://bugzilla.suse.com/934067 https://bugzilla.suse.com/937086 https://bugzilla.suse.com/937888 https://bugzilla.suse.com/940545 https://bugzilla.suse.com/941420 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/955446 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/959463 https://bugzilla.suse.com/961257 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/966864 https://bugzilla.suse.com/967640 https://bugzilla.suse.com/970943 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/974406 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/975596 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/976195 https://bugzilla.suse.com/977687 https://bugzilla.suse.com/978094 https://bugzilla.suse.com/979451 https://bugzilla.suse.com/979928 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/983619 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/984419 https://bugzilla.suse.com/984779 https://bugzilla.suse.com/984992 https://bugzilla.suse.com/985562 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/987192 https://bugzilla.suse.com/987333 https://bugzilla.suse.com/987542 https://bugzilla.suse.com/987565 https://bugzilla.suse.com/987621 https://bugzilla.suse.com/987805 https://bugzilla.suse.com/988440 https://bugzilla.suse.com/988617 https://bugzilla.suse.com/988715 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989953 https://bugzilla.suse.com/990245 https://bugzilla.suse.com/991247 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/992244 https://bugzilla.suse.com/992555 https://bugzilla.suse.com/992591 https://bugzilla.suse.com/992593 https://bugzilla.suse.com/992712 https://bugzilla.suse.com/993392 https://bugzilla.suse.com/993841 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994438 https://bugzilla.suse.com/994520 https://bugzilla.suse.com/994748 https://bugzilla.suse.com/995153 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/996664 https://bugzilla.suse.com/997059 https://bugzilla.suse.com/997299 https://bugzilla.suse.com/997708 https://bugzilla.suse.com/997896 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/998795 https://bugzilla.suse.com/998825 https://bugzilla.suse.com/999577 https://bugzilla.suse.com/999584 https://bugzilla.suse.com/999600 https://bugzilla.suse.com/999779 https://bugzilla.suse.com/999907 https://bugzilla.suse.com/999932 From sle-updates at lists.suse.com Fri Nov 25 09:34:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 17:34:25 +0100 (CET) Subject: SUSE-OU-2016:2913-1: Optional update for cglib, geronimo-specs-poms, geronimo-jta-1_1-api Message-ID: <20161125163425.DFA74FFC5@maintenance.suse.de> SUSE Optional Update: Optional update for cglib, geronimo-specs-poms, geronimo-jta-1_1-api ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2913-1 Rating: low References: #1010893 Affected Products: SUSE Manager Server 3.0 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update delivers the cglib, geronimo-specs-poms and geronimo-jta-1_1-api packages that are needed for supplying the apache-commons-dbcp (contained in another update). (FATE#321029 bsc#1010893) Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1699=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1699=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1699=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1699=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): cglib-2.2-11.1 geronimo-jta-1_1-api-1.2-25.1 geronimo-specs-poms-1.2-25.1 geronimo-stax-1_0-api-1.2-25.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): cglib-2.2-11.1 cglib-javadoc-2.2-11.1 geronimo-jta-1_1-api-1.2-25.1 geronimo-specs-poms-1.2-25.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): cglib-2.2-11.1 cglib-javadoc-2.2-11.1 geronimo-jta-1_1-api-1.2-25.1 geronimo-specs-poms-1.2-25.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): cglib-2.2-11.1 cglib-javadoc-2.2-11.1 geronimo-jta-1_1-api-1.2-25.1 geronimo-specs-poms-1.2-25.1 References: https://bugzilla.suse.com/1010893 From sle-updates at lists.suse.com Fri Nov 25 11:07:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 19:07:14 +0100 (CET) Subject: SUSE-RU-2016:2914-1: moderate: Recommended update for crmsh Message-ID: <20161125180714.8BF46FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2914-1 Rating: moderate References: #1001164 #996806 #998891 #998959 #999683 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh contains the following fixes: - history: Quote archive tarball name if it contains spaces. (bsc#998959) - history: Prefer /var/log/messages over ha-log.txt. (bsc#998891) - cibconfig: Ensure temp CIB is readable by crm_diff. (bsc#999683) - scripts: Better corosync defaults. (bsc#1001164) - cmd_status: Highlight plural forms. (bsc#996806) - corosync: Fix missing variable in del-node. - cibconfig: Remove from tags when removing object. - doc: Fix inverted boolean in resource set documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1702=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): crmsh-2.2.1-23.2 crmsh-scripts-2.2.1-23.2 References: https://bugzilla.suse.com/1001164 https://bugzilla.suse.com/996806 https://bugzilla.suse.com/998891 https://bugzilla.suse.com/998959 https://bugzilla.suse.com/999683 From sle-updates at lists.suse.com Fri Nov 25 11:08:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 19:08:25 +0100 (CET) Subject: SUSE-SU-2016:2915-1: Security update for dovecot22 Message-ID: <20161125180825.3C5F21003E@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2915-1 Rating: low References: #1003952 #984639 Cross-References: CVE-2016-4983 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dovecot22 fixes the following issues: - insecure SSL/TLS key and certificate file creation (CVE-2016-4983) (bnc #984639) - Fix LDAP based authentication for some setups (boo #1003952) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1703=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1703=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1703=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1703=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1703=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.13-4.1 dovecot22-debugsource-2.2.13-4.1 dovecot22-devel-2.2.13-4.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dovecot22-debuginfo-2.2.13-4.1 dovecot22-debugsource-2.2.13-4.1 dovecot22-devel-2.2.13-4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dovecot22-2.2.13-4.1 dovecot22-backend-mysql-2.2.13-4.1 dovecot22-backend-mysql-debuginfo-2.2.13-4.1 dovecot22-backend-pgsql-2.2.13-4.1 dovecot22-backend-pgsql-debuginfo-2.2.13-4.1 dovecot22-backend-sqlite-2.2.13-4.1 dovecot22-backend-sqlite-debuginfo-2.2.13-4.1 dovecot22-debuginfo-2.2.13-4.1 dovecot22-debugsource-2.2.13-4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dovecot22-2.2.13-4.1 dovecot22-backend-mysql-2.2.13-4.1 dovecot22-backend-mysql-debuginfo-2.2.13-4.1 dovecot22-backend-pgsql-2.2.13-4.1 dovecot22-backend-pgsql-debuginfo-2.2.13-4.1 dovecot22-backend-sqlite-2.2.13-4.1 dovecot22-backend-sqlite-debuginfo-2.2.13-4.1 dovecot22-debuginfo-2.2.13-4.1 dovecot22-debugsource-2.2.13-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dovecot22-2.2.13-4.1 dovecot22-backend-mysql-2.2.13-4.1 dovecot22-backend-mysql-debuginfo-2.2.13-4.1 dovecot22-backend-pgsql-2.2.13-4.1 dovecot22-backend-pgsql-debuginfo-2.2.13-4.1 dovecot22-backend-sqlite-2.2.13-4.1 dovecot22-backend-sqlite-debuginfo-2.2.13-4.1 dovecot22-debuginfo-2.2.13-4.1 dovecot22-debugsource-2.2.13-4.1 References: https://www.suse.com/security/cve/CVE-2016-4983.html https://bugzilla.suse.com/1003952 https://bugzilla.suse.com/984639 From sle-updates at lists.suse.com Fri Nov 25 11:09:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 19:09:02 +0100 (CET) Subject: SUSE-RU-2016:2916-1: Recommended update for sg3_utils Message-ID: <20161125180902.3E91F1003E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2916-1 Rating: low References: #958369 #981452 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sg3_utils fixes the following issues: - In some circumstances, the rescan-scsi-bus.sh script failed to identify new LUNs that have been added to the server. (bsc#958369) - The rescan-scsi-bus.sh script used to print all existing LUNs and scan all new LUNs instead of only those specified with the --luns command line option. (bsc#981452) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sg3_utils-12857=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sg3_utils-12857=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sg3_utils-12857=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): sg3_utils-devel-1.40-0.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sg3_utils-1.40-0.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sg3_utils-debuginfo-1.40-0.29.1 sg3_utils-debugsource-1.40-0.29.1 References: https://bugzilla.suse.com/958369 https://bugzilla.suse.com/981452 From sle-updates at lists.suse.com Fri Nov 25 11:09:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 19:09:43 +0100 (CET) Subject: SUSE-RU-2016:2917-1: moderate: Recommended update for ha-cluster-bootstrap Message-ID: <20161125180943.5DCCE1003E@maintenance.suse.de> SUSE Recommended Update: Recommended update for ha-cluster-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2917-1 Rating: moderate References: #1001164 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ha-cluster-bootstrap to version 0.4+git.1475739556.1088521 fixes the following issues: - Better corosync defaults (bsc#1001164) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1705=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (noarch): ha-cluster-bootstrap-0.4+git.1475739556.1088521-9.1 References: https://bugzilla.suse.com/1001164 From sle-updates at lists.suse.com Fri Nov 25 11:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 19:10:10 +0100 (CET) Subject: SUSE-RU-2016:2918-1: Recommended update for sle-ha-manuals_en Message-ID: <20161125181010.0BFE41003E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2918-1 Rating: low References: #980737 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Administrator Guide for SUSE Linux Enterprise High Availability Extension 12-SP1 has been updated, including the following fixes and enhancements: - In Chapter 7, Configuring and Managing Cluster Resources with Hawk2, rephrased note about Hawk and Hawk2. - Corrected a command in Section 17.3.3, "Initializing and Formatting DRBD Resource". - In Chapter 10, Fencing and STONITH, corrected and amended the configuration example for kdump and enhanced the description of what kdump does. - Added timeouts for monitoring operation in resource configuration for OCFS2, GFS2 and cLVM (default values as set by the ha-cluster-bootstrap scripts). - In Section 15.8, "For More Information", updated home page entry for OCFS2. - The parameter no-quorum-policy=ignore has been replaced with no-quorum-policy=stop as the first one is no longer recommended. - Updated STONITH resource configurations that contained a monitoring operation with start-delay. To prevent double fencing in 2-node clusters, use the parameter pcmk_delay_max instead. - In Section 17.3.3, "Initializing and Formatting DRBD Resource", corrected a command for file system creation. - In Section D.3, "Configuring sudo", corrected the placement of a comma in a command and the naming of a category in /etc/sudoers. - In Procedure D.5, "Generating a Cluster Report Using a Custom SSH Port", removed unnecessary steps. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1701=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): sle-ha-guide_en-pdf-12.1-10.3.1 sle-ha-manuals_en-12.1-10.3.1 sle-ha-nfs-quick_en-pdf-12.1-10.3.1 References: https://bugzilla.suse.com/980737 From sle-updates at lists.suse.com Fri Nov 25 14:06:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2016 22:06:53 +0100 (CET) Subject: SUSE-RU-2016:2919-1: moderate: Recommended update for syslog-ng Message-ID: <20161125210653.9AC90FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for syslog-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2919-1 Rating: moderate References: #987207 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for syslog-ng fixes a build time issue that prevented detection of SystemD libraries, consequently disabling support for the new systemd-journal() source. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1707=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1707=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): syslog-ng-3.6.4-11.1 syslog-ng-debuginfo-3.6.4-11.1 syslog-ng-debugsource-3.6.4-11.1 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): syslog-ng-3.6.4-11.1 syslog-ng-debuginfo-3.6.4-11.1 syslog-ng-debugsource-3.6.4-11.1 References: https://bugzilla.suse.com/987207 From sle-updates at lists.suse.com Fri Nov 25 16:06:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2016 00:06:42 +0100 (CET) Subject: SUSE-RU-2016:2921-1: important: Recommended update for fcoe-utils Message-ID: <20161125230642.DD63EFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for fcoe-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2921-1 Rating: important References: #1006027 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fcoe-utils fixes a potential segmentation fault when running "fcoeadm -t" on systems where other fiber-channel storage devices are present. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1708=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1708=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): fcoe-utils-1.0.31-12.1 fcoe-utils-debuginfo-1.0.31-12.1 fcoe-utils-debugsource-1.0.31-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): fcoe-utils-1.0.31-12.1 fcoe-utils-debuginfo-1.0.31-12.1 fcoe-utils-debugsource-1.0.31-12.1 References: https://bugzilla.suse.com/1006027 From sle-updates at lists.suse.com Mon Nov 28 09:07:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 17:07:06 +0100 (CET) Subject: SUSE-RU-2016:2925-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20161128160706.D37CFFFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2925-1 Rating: moderate References: #1000184 #1001738 #1001784 #1001923 #1002678 #1002776 #1003449 #1004521 #1004717 #1004725 #1004743 #1004745 #1005102 #1005677 #1006188 #1006718 #1006786 #1006982 #1007459 #957653 #971342 #971622 #976184 #979630 #981635 #982347 #983347 #990439 #994848 #998348 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 30 recommended fixes can now be installed. Description: This update fixes the following issues: salt-netapi-client: - See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.9.0 spacecmd: - Make exception class more generic and code fixup (bsc#1003449) - Handle exceptions raised by listChannels (bsc#1003449) - Alert if a non-unique package ID is detected spacewalk-branding: - Enable SPMigration UI for minions - Add a link to system pending events in patch schedule notification for a single system (bsc#971342) - Make default contact method show up as "Default" - 'errata' > 'patch' string fix in Patches overview page (bsc#981635) spacewalk-certs-tools: - No final system update when salt management is used (bsc#1006188) - Use https connection for fetching corporate CA if using-ssl is configured (bsc#1005677) spacewalk-config: - Mention maxmemory option in rhn.conf (bsc#957653) spacewalk-java: - CVE Audit: tolerate null products (bsc#1004717) - If proxy is not found via FQDN, look it up via simple name (bsc#1006982) - Change rhnServerPath hibernate mapping to fix ISE for server behind proxy (bsc#1004725) - Fix autoyast upgrade mode (bsc#1006786) chain (bsc#1000184) - Open repository sync log in a new window (bsc#1007459) - Always use queue=true when calling state.apply (bsc#1004743) - Add a link to system pending events in patch schedule notification for a single system (bsc#971342) - Sort proxy clients list by name (bsc#998348) - Make exception class more generic and code fixup (bsc#1003449) - Raise UnsupportedOnSaltException performing listChannels (bsc#1003449) - New exception type to indicate unsupported operation (bsc#1003449) - Refactor to remove action canceling duplicate code (bsc#1004745) - Arch_type of a SUSEProduct can be null (bsc#1001738 bsc#1001784 bsc#1001923 bsc#1002678) - Ensure no stray configuration channels are listed for ranking (bsc#979630) - PinnedSubscriptionHandler: documentation comment typo (bsc#994848) - Refactor unschedule minion actions to fix NPE (bsc#1004745) - Enable SPMigration UI for minions - Send an email to admin when salt event bus is down - Separate API endpoint for SSH system registration - Require salt-netapi-client 0.9.0 - Initial handling of job return events for dist upgrades - Fix HW Refresh duplicate insert (bsc#971622, bsc#983347) - Don't allow URLs that only differ on the authorization token (bsc#976184, bsc#982347) spacewalk-setup: - Enforce putting certifi module in salt thin (bsc#990439) spacewalk-web: - Increase minor version to 3.0.2 - Adds a total systems counter in Salt Remote Cmd UI - Separate API endpoint for SSH system registration susemanager: - Check for silent remote execution during migration and abort if there is output (bsc#1006718) - Run migration helper script from /tmp via bash; /usr filesystem might be mounted readonly (bsc#1004521) susemanager-docs_en: - Added Missing Single-HTML Getting Started Guide (bsc#1005102) susemanager-schema: - Create path for schema upgrade to 3.0 - Add table for storing product extensions susemanager-sls: - Sync custom modules,grains,beacons always before pkg and hw profileupdate (bsc#1004725) - Write distupgrade state for SP migration via salt - New location of the salt-ssh key/cert pair. The previous location wasn't writable by the salt user susemanager-sync-data: - Support SUSE Manager Server on aarch64 (bsc#1002776) - Add SLE-HA 12 SP2 for ppc64le virtual-host-gatherer: - Log input and output in debug mode - Improve error logging in VMware module How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1711=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): salt-netapi-client-0.9.0-6.1 spacecmd-2.5.5.3-6.1 spacewalk-base-2.5.7.11-12.1 spacewalk-base-minimal-2.5.7.11-12.1 spacewalk-base-minimal-config-2.5.7.11-12.1 spacewalk-certs-tools-2.5.1.6-11.1 spacewalk-config-2.5.2.5-6.1 spacewalk-html-2.5.7.11-12.1 spacewalk-java-2.5.59.10-12.1 spacewalk-java-config-2.5.59.10-12.1 spacewalk-java-lib-2.5.59.10-12.1 spacewalk-java-oracle-2.5.59.10-12.1 spacewalk-java-postgresql-2.5.59.10-12.1 spacewalk-setup-2.5.3.10-9.1 spacewalk-taskomatic-2.5.59.10-12.1 susemanager-advanced-topics_en-pdf-3-18.1 susemanager-best-practices_en-pdf-3-18.1 susemanager-docs_en-3-18.1 susemanager-getting-started_en-pdf-3-18.1 susemanager-jsp_en-3-18.1 susemanager-reference_en-pdf-3-18.1 susemanager-schema-3.0.16-12.1 susemanager-sls-0.1.17-14.1 susemanager-sync-data-3.0.12-12.1 virtual-host-gatherer-1.0.12-3.1 virtual-host-gatherer-VMware-1.0.12-3.1 - SUSE Manager Server 3.0 (x86_64): spacewalk-branding-2.5.2.12-12.1 susemanager-3.0.18-12.1 susemanager-tools-3.0.18-12.1 References: https://bugzilla.suse.com/1000184 https://bugzilla.suse.com/1001738 https://bugzilla.suse.com/1001784 https://bugzilla.suse.com/1001923 https://bugzilla.suse.com/1002678 https://bugzilla.suse.com/1002776 https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1004521 https://bugzilla.suse.com/1004717 https://bugzilla.suse.com/1004725 https://bugzilla.suse.com/1004743 https://bugzilla.suse.com/1004745 https://bugzilla.suse.com/1005102 https://bugzilla.suse.com/1005677 https://bugzilla.suse.com/1006188 https://bugzilla.suse.com/1006718 https://bugzilla.suse.com/1006786 https://bugzilla.suse.com/1006982 https://bugzilla.suse.com/1007459 https://bugzilla.suse.com/957653 https://bugzilla.suse.com/971342 https://bugzilla.suse.com/971622 https://bugzilla.suse.com/976184 https://bugzilla.suse.com/979630 https://bugzilla.suse.com/981635 https://bugzilla.suse.com/982347 https://bugzilla.suse.com/983347 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/994848 https://bugzilla.suse.com/998348 From sle-updates at lists.suse.com Mon Nov 28 09:12:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 17:12:29 +0100 (CET) Subject: SUSE-RU-2016:2926-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20161128161229.9B8F5FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2926-1 Rating: moderate References: #1004725 #1005677 #1006188 #1008221 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-certs-tools: - No final system update when salt management is used. (bsc#1006188) - Use https connection for fetching corporate CA if using-ssl is configured. (bsc#1005677) spacewalk-proxy: - Fix authentication of traditional clients via proxy. (bsc#1008221) spacewalk-web: - Adds a total systems counter in Salt Remote Cmd UI. - Separate API endpoint for SSH system registration. susemanager-sls: - Sync custom modules,grains,beacons always before pkg and hw profileupdate. (bsc#1004725) - Write distupgrade state for SP migration via salt. - New location of the salt-ssh key/cert pair. The previous location wasn't writable by the salt user. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1711=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (noarch): spacewalk-base-minimal-2.5.7.11-12.1 spacewalk-base-minimal-config-2.5.7.11-12.1 spacewalk-certs-tools-2.5.1.6-11.1 spacewalk-proxy-broker-2.5.1.4-6.1 spacewalk-proxy-common-2.5.1.4-6.1 spacewalk-proxy-management-2.5.1.4-6.1 spacewalk-proxy-package-manager-2.5.1.4-6.1 spacewalk-proxy-redirect-2.5.1.4-6.1 spacewalk-proxy-salt-2.5.1.4-6.1 susemanager-sls-0.1.17-14.1 References: https://bugzilla.suse.com/1004725 https://bugzilla.suse.com/1005677 https://bugzilla.suse.com/1006188 https://bugzilla.suse.com/1008221 From sle-updates at lists.suse.com Mon Nov 28 10:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 18:07:35 +0100 (CET) Subject: SUSE-RU-2016:2928-1: moderate: Recommended update for salt Message-ID: <20161128170735.50607FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2928-1 Rating: moderate References: #1004047 #1004260 #1004723 #986019 #999852 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for salt provides the following fixes: - Fix exist codes of sysv init script (bsc#999852) - Including resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade. - Fix Salt API crash via salt-ssh on empty roster (bsc#1004723) - Adding 'dist-upgrade' support to zypper module (fate#320559) - Acl.delfacl: fix position of -X option to setfacl (bsc#1004260) - Fix generated shebang in scripts on SLES-ES 7 (bsc#1004047) - Added reference for bsc#986019. This update includes the following new features: - Support Service Pack migration for Salt minions (fate#320559) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1712=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1712=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1712=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): salt-2015.8.7-25.1 salt-api-2015.8.7-25.1 salt-doc-2015.8.7-25.1 salt-master-2015.8.7-25.1 salt-minion-2015.8.7-25.1 salt-proxy-2015.8.7-25.1 salt-ssh-2015.8.7-25.1 salt-syndic-2015.8.7-25.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.7-25.1 salt-zsh-completion-2015.8.7-25.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.7-25.1 salt-zsh-completion-2015.8.7-25.1 - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.7-25.1 salt-api-2015.8.7-25.1 salt-doc-2015.8.7-25.1 salt-master-2015.8.7-25.1 salt-minion-2015.8.7-25.1 salt-proxy-2015.8.7-25.1 salt-ssh-2015.8.7-25.1 salt-syndic-2015.8.7-25.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2015.8.7-25.1 salt-master-2015.8.7-25.1 salt-minion-2015.8.7-25.1 References: https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Mon Nov 28 10:08:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 18:08:57 +0100 (CET) Subject: SUSE-RU-2016:2930-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20161128170857.3BD6DFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2930-1 Rating: moderate References: #1003449 #1004047 #1004260 #1004723 #986019 #999852 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update includes the following new features: - Support Service Pack migration for Salt minions. (fate#320559) This update fixes the following issues: salt: - Fix exit codes of sysv init script. (bsc#999852) - Include resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade. - Fix Salt API crash via salt-ssh on empty roster. (bsc#1004723) - Add 'dist-upgrade' support to zypper module. (fate#320559) - Fix position of -X option to setfacl. (bsc#1004260) - Fix generated shebang in scripts on SLES-ES 7. (bsc#1004047) spacecmd: - Make exception class more generic and code fixes. (bsc#1003449) - Handle exceptions raised by listChannels. (bsc#1003449) - Alert if a non-unique package ID is detected. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1716=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2015.8.7-20.1 salt-doc-2015.8.7-20.1 salt-minion-2015.8.7-20.1 - SUSE Manager Tools 12 (noarch): spacecmd-2.5.5.3-28.1 References: https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Mon Nov 28 10:10:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 18:10:08 +0100 (CET) Subject: SUSE-RU-2016:2931-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20161128171008.03680FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2931-1 Rating: moderate References: #1003449 #1004047 #1004260 #1004723 #986019 #999852 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update includes the following new features: - Support Service Pack migration for Salt minions. (fate#320559) This update fixes the following issues: salt: - Fix exit codes of sysv init script. (bsc#999852) - Include resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade. - Fix Salt API crash via salt-ssh on empty roster. (bsc#1004723) - Add 'dist-upgrade' support to zypper module. (fate#320559) - Fix position of -X option to setfacl. (bsc#1004260) - Fix generated shebang in scripts on SLES-ES 7. (bsc#1004047) spacecmd: - Make exception class more generic and code fixes. (bsc#1003449) - Handle exceptions raised by listChannels. (bsc#1003449) - Alert if a non-unique package ID is detected. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201611-12861=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201611-12861=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.7-20.1 salt-doc-2015.8.7-20.1 salt-minion-2015.8.7-20.1 spacecmd-2.5.5.3-8.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.7-20.1 salt-doc-2015.8.7-20.1 salt-minion-2015.8.7-20.1 spacecmd-2.5.5.3-8.1 References: https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Mon Nov 28 12:07:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 20:07:12 +0100 (CET) Subject: SUSE-SU-2016:2932-1: important: Security update for mariadb Message-ID: <20161128190712.9F2A1FFBF@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2932-1 Rating: important References: #1001367 #1003800 #1005555 #1005558 #1005562 #1005564 #1005566 #1005569 #1005581 #1005582 #1006539 #1008318 Cross-References: CVE-2016-3492 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440 CVE-2016-8283 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 9 vulnerabilities and has three fixes is now available. Description: This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes: - mysql_install_db can't find data files (bsc#1006539) - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Notable changes: * XtraDB updated to 5.6.33-79.0 * TokuDB updated to 5.6.33-79.0 * Innodb updated to 5.6.33 * Performance Schema updated to 5.6.33 - Release notes and upstream changelog: * https://kb.askmonty.org/en/mariadb-10028-release-notes * https://kb.askmonty.org/en/mariadb-10028-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1718=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1718=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.28-20.16.2 libmysqlclient18-10.0.28-20.16.2 libmysqlclient18-32bit-10.0.28-20.16.2 libmysqlclient18-debuginfo-10.0.28-20.16.2 libmysqlclient18-debuginfo-32bit-10.0.28-20.16.2 libmysqlclient_r18-10.0.28-20.16.2 libmysqld-devel-10.0.28-20.16.2 libmysqld18-10.0.28-20.16.2 libmysqld18-debuginfo-10.0.28-20.16.2 mariadb-10.0.28-20.16.2 mariadb-client-10.0.28-20.16.2 mariadb-client-debuginfo-10.0.28-20.16.2 mariadb-debuginfo-10.0.28-20.16.2 mariadb-debugsource-10.0.28-20.16.2 mariadb-errormessages-10.0.28-20.16.2 mariadb-tools-10.0.28-20.16.2 mariadb-tools-debuginfo-10.0.28-20.16.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.28-20.16.2 libmysqlclient18-10.0.28-20.16.2 libmysqlclient18-debuginfo-10.0.28-20.16.2 libmysqlclient_r18-10.0.28-20.16.2 libmysqld-devel-10.0.28-20.16.2 libmysqld18-10.0.28-20.16.2 libmysqld18-debuginfo-10.0.28-20.16.2 mariadb-10.0.28-20.16.2 mariadb-client-10.0.28-20.16.2 mariadb-client-debuginfo-10.0.28-20.16.2 mariadb-debuginfo-10.0.28-20.16.2 mariadb-debugsource-10.0.28-20.16.2 mariadb-errormessages-10.0.28-20.16.2 mariadb-tools-10.0.28-20.16.2 mariadb-tools-debuginfo-10.0.28-20.16.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.28-20.16.2 libmysqlclient18-debuginfo-32bit-10.0.28-20.16.2 References: https://www.suse.com/security/cve/CVE-2016-3492.html https://www.suse.com/security/cve/CVE-2016-5584.html https://www.suse.com/security/cve/CVE-2016-5616.html https://www.suse.com/security/cve/CVE-2016-5624.html https://www.suse.com/security/cve/CVE-2016-5626.html https://www.suse.com/security/cve/CVE-2016-5629.html https://www.suse.com/security/cve/CVE-2016-6663.html https://www.suse.com/security/cve/CVE-2016-7440.html https://www.suse.com/security/cve/CVE-2016-8283.html https://bugzilla.suse.com/1001367 https://bugzilla.suse.com/1003800 https://bugzilla.suse.com/1005555 https://bugzilla.suse.com/1005558 https://bugzilla.suse.com/1005562 https://bugzilla.suse.com/1005564 https://bugzilla.suse.com/1005566 https://bugzilla.suse.com/1005569 https://bugzilla.suse.com/1005581 https://bugzilla.suse.com/1005582 https://bugzilla.suse.com/1006539 https://bugzilla.suse.com/1008318 From sle-updates at lists.suse.com Mon Nov 28 12:09:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2016 20:09:17 +0100 (CET) Subject: SUSE-SU-2016:2933-1: important: Recommended update for mariadb Message-ID: <20161128190917.08619FFBF@maintenance.suse.de> SUSE Security Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2933-1 Rating: important References: #1001367 #1003800 #1004477 #1005555 #1005558 #1005562 #1005564 #1005566 #1005569 #1005581 #1005582 #1006539 #1008318 #990890 Cross-References: CVE-2016-3492 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440 CVE-2016-8283 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 5 fixes is now available. Description: This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes: - mysql_install_db can't find data files (bsc#1006539) - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Remove useless mysql at default.service (bsc#1004477) - Replace all occurrences of the string "@sysconfdir@" with "/etc" as it wasn't expanded properly (bsc#990890) - Notable changes: * XtraDB updated to 5.6.33-79.0 * TokuDB updated to 5.6.33-79.0 * Innodb updated to 5.6.33 * Performance Schema updated to 5.6.33 - Release notes and upstream changelog: * https://kb.askmonty.org/en/mariadb-10028-release-notes * https://kb.askmonty.org/en/mariadb-10028-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1717=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1717=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1717=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1717=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1717=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1717=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1717=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1717=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1717=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.28-17.2 libmysqlclient_r18-32bit-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.28-17.2 libmysqlclient_r18-32bit-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.28-17.2 libmysqlclient_r18-10.0.28-17.2 libmysqld-devel-10.0.28-17.2 libmysqld18-10.0.28-17.2 libmysqld18-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.28-17.2 libmysqlclient_r18-10.0.28-17.2 libmysqld-devel-10.0.28-17.2 libmysqld18-10.0.28-17.2 libmysqld18-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.28-17.2 libmysqlclient18-debuginfo-10.0.28-17.2 mariadb-10.0.28-17.2 mariadb-client-10.0.28-17.2 mariadb-client-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 mariadb-errormessages-10.0.28-17.2 mariadb-tools-10.0.28-17.2 mariadb-tools-debuginfo-10.0.28-17.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmysqlclient18-10.0.28-17.2 libmysqlclient18-debuginfo-10.0.28-17.2 mariadb-10.0.28-17.2 mariadb-client-10.0.28-17.2 mariadb-client-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 mariadb-errormessages-10.0.28-17.2 mariadb-tools-10.0.28-17.2 mariadb-tools-debuginfo-10.0.28-17.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libmysqlclient18-32bit-10.0.28-17.2 libmysqlclient18-debuginfo-32bit-10.0.28-17.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.28-17.2 libmysqlclient18-debuginfo-10.0.28-17.2 mariadb-10.0.28-17.2 mariadb-client-10.0.28-17.2 mariadb-client-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 mariadb-errormessages-10.0.28-17.2 mariadb-tools-10.0.28-17.2 mariadb-tools-debuginfo-10.0.28-17.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.28-17.2 libmysqlclient18-debuginfo-32bit-10.0.28-17.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.28-17.2 libmysqlclient18-32bit-10.0.28-17.2 libmysqlclient18-debuginfo-10.0.28-17.2 libmysqlclient18-debuginfo-32bit-10.0.28-17.2 libmysqlclient_r18-10.0.28-17.2 libmysqlclient_r18-32bit-10.0.28-17.2 mariadb-10.0.28-17.2 mariadb-client-10.0.28-17.2 mariadb-client-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 mariadb-errormessages-10.0.28-17.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.28-17.2 libmysqlclient18-32bit-10.0.28-17.2 libmysqlclient18-debuginfo-10.0.28-17.2 libmysqlclient18-debuginfo-32bit-10.0.28-17.2 libmysqlclient_r18-10.0.28-17.2 libmysqlclient_r18-32bit-10.0.28-17.2 mariadb-10.0.28-17.2 mariadb-client-10.0.28-17.2 mariadb-client-debuginfo-10.0.28-17.2 mariadb-debuginfo-10.0.28-17.2 mariadb-debugsource-10.0.28-17.2 mariadb-errormessages-10.0.28-17.2 References: https://www.suse.com/security/cve/CVE-2016-3492.html https://www.suse.com/security/cve/CVE-2016-5584.html https://www.suse.com/security/cve/CVE-2016-5616.html https://www.suse.com/security/cve/CVE-2016-5624.html https://www.suse.com/security/cve/CVE-2016-5626.html https://www.suse.com/security/cve/CVE-2016-5629.html https://www.suse.com/security/cve/CVE-2016-6663.html https://www.suse.com/security/cve/CVE-2016-7440.html https://www.suse.com/security/cve/CVE-2016-8283.html https://bugzilla.suse.com/1001367 https://bugzilla.suse.com/1003800 https://bugzilla.suse.com/1004477 https://bugzilla.suse.com/1005555 https://bugzilla.suse.com/1005558 https://bugzilla.suse.com/1005562 https://bugzilla.suse.com/1005564 https://bugzilla.suse.com/1005566 https://bugzilla.suse.com/1005569 https://bugzilla.suse.com/1005581 https://bugzilla.suse.com/1005582 https://bugzilla.suse.com/1006539 https://bugzilla.suse.com/1008318 https://bugzilla.suse.com/990890 From sle-updates at lists.suse.com Tue Nov 29 06:07:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 14:07:07 +0100 (CET) Subject: SUSE-SU-2016:2936-1: important: Security update for qemu Message-ID: <20161129130707.EB2DEFFBF@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2936-1 Rating: important References: #1001151 #1002116 #1002550 #1002557 #1003878 #1003893 #1003894 #1004702 #1004707 #1006536 #1006538 #1007391 #1007450 #1007454 #1007493 #1007494 #1007495 #998516 #999661 Cross-References: CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 18 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12 - Change package post script udevadm trigger calls to be device specific (bsc#1002116) - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151) * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1719=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1719=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): qemu-2.0.2-48.25.1 qemu-block-curl-2.0.2-48.25.1 qemu-block-curl-debuginfo-2.0.2-48.25.1 qemu-block-rbd-2.0.2-48.25.1 qemu-block-rbd-debuginfo-2.0.2-48.25.1 qemu-debugsource-2.0.2-48.25.1 qemu-guest-agent-2.0.2-48.25.1 qemu-guest-agent-debuginfo-2.0.2-48.25.1 qemu-kvm-2.0.2-48.25.1 qemu-lang-2.0.2-48.25.1 qemu-tools-2.0.2-48.25.1 qemu-tools-debuginfo-2.0.2-48.25.1 qemu-x86-2.0.2-48.25.1 qemu-x86-debuginfo-2.0.2-48.25.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): qemu-ipxe-1.0.0-48.25.1 qemu-seabios-1.7.4-48.25.1 qemu-sgabios-8-48.25.1 qemu-vgabios-1.7.4-48.25.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.25.1 qemu-block-curl-2.0.2-48.25.1 qemu-block-curl-debuginfo-2.0.2-48.25.1 qemu-debugsource-2.0.2-48.25.1 qemu-guest-agent-2.0.2-48.25.1 qemu-guest-agent-debuginfo-2.0.2-48.25.1 qemu-lang-2.0.2-48.25.1 qemu-tools-2.0.2-48.25.1 qemu-tools-debuginfo-2.0.2-48.25.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.25.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.25.1 qemu-ppc-debuginfo-2.0.2-48.25.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.25.1 qemu-block-rbd-debuginfo-2.0.2-48.25.1 qemu-x86-2.0.2-48.25.1 qemu-x86-debuginfo-2.0.2-48.25.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.25.1 qemu-seabios-1.7.4-48.25.1 qemu-sgabios-8-48.25.1 qemu-vgabios-1.7.4-48.25.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.25.1 qemu-s390-debuginfo-2.0.2-48.25.1 References: https://www.suse.com/security/cve/CVE-2016-7161.html https://www.suse.com/security/cve/CVE-2016-7170.html https://www.suse.com/security/cve/CVE-2016-7421.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8577.html https://www.suse.com/security/cve/CVE-2016-8578.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9102.html https://www.suse.com/security/cve/CVE-2016-9103.html https://www.suse.com/security/cve/CVE-2016-9104.html https://www.suse.com/security/cve/CVE-2016-9105.html https://www.suse.com/security/cve/CVE-2016-9106.html https://bugzilla.suse.com/1001151 https://bugzilla.suse.com/1002116 https://bugzilla.suse.com/1002550 https://bugzilla.suse.com/1002557 https://bugzilla.suse.com/1003878 https://bugzilla.suse.com/1003893 https://bugzilla.suse.com/1003894 https://bugzilla.suse.com/1004702 https://bugzilla.suse.com/1004707 https://bugzilla.suse.com/1006536 https://bugzilla.suse.com/1006538 https://bugzilla.suse.com/1007391 https://bugzilla.suse.com/1007450 https://bugzilla.suse.com/1007454 https://bugzilla.suse.com/1007493 https://bugzilla.suse.com/1007494 https://bugzilla.suse.com/1007495 https://bugzilla.suse.com/998516 https://bugzilla.suse.com/999661 From sle-updates at lists.suse.com Tue Nov 29 09:07:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 17:07:20 +0100 (CET) Subject: SUSE-SU-2016:2938-1: important: Security update for vim Message-ID: <20161129160720.18F84FFC1@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2938-1 Rating: important References: #1010685 Cross-References: CVE-2016-1248 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability (bsc#1010685) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vim-12862=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vim-12862=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gvim-7.2-8.17.1 vim-7.2-8.17.1 vim-base-7.2-8.17.1 vim-data-7.2-8.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): vim-debuginfo-7.2-8.17.1 vim-debugsource-7.2-8.17.1 References: https://www.suse.com/security/cve/CVE-2016-1248.html https://bugzilla.suse.com/1010685 From sle-updates at lists.suse.com Tue Nov 29 09:08:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 17:08:04 +0100 (CET) Subject: SUSE-RU-2016:2940-1: important: Recommended update for cryptctl Message-ID: <20161129160804.3F735FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for cryptctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2940-1 Rating: important References: #1006219 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cryptctl fixes the following issues: - Prevent user from attempting to encrypt a disk with mounted partitions, or an existing encrypted+opened disk. - Ensure CA path input is an absolute path. - Fix two mistakes in handling of timeout input. - Fix minor formatting issue in manual page. - Suppress consecutive failure messages in the journal of ReportAlive and AutoOnlineUnlockFS routines. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2016-1724=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): cryptctl-1.2.6-3.1 cryptctl-debuginfo-1.2.6-3.1 cryptctl-debugsource-1.2.6-3.1 References: https://bugzilla.suse.com/1006219 From sle-updates at lists.suse.com Tue Nov 29 09:08:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 17:08:30 +0100 (CET) Subject: SUSE-SU-2016:2941-1: moderate: Security update for php7 Message-ID: <20161129160830.69BC5FFC1@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2941-1 Rating: moderate References: #1008029 #988486 Cross-References: CVE-2016-5385 CVE-2016-9137 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1722=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1722=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-25.1 php7-debugsource-7.0.7-25.1 php7-devel-7.0.7-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php7-debuginfo-7.0.7-25.1 php7-debugsource-7.0.7-25.1 php7-devel-7.0.7-25.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-25.1 apache2-mod_php7-debuginfo-7.0.7-25.1 php7-7.0.7-25.1 php7-bcmath-7.0.7-25.1 php7-bcmath-debuginfo-7.0.7-25.1 php7-bz2-7.0.7-25.1 php7-bz2-debuginfo-7.0.7-25.1 php7-calendar-7.0.7-25.1 php7-calendar-debuginfo-7.0.7-25.1 php7-ctype-7.0.7-25.1 php7-ctype-debuginfo-7.0.7-25.1 php7-curl-7.0.7-25.1 php7-curl-debuginfo-7.0.7-25.1 php7-dba-7.0.7-25.1 php7-dba-debuginfo-7.0.7-25.1 php7-debuginfo-7.0.7-25.1 php7-debugsource-7.0.7-25.1 php7-dom-7.0.7-25.1 php7-dom-debuginfo-7.0.7-25.1 php7-enchant-7.0.7-25.1 php7-enchant-debuginfo-7.0.7-25.1 php7-exif-7.0.7-25.1 php7-exif-debuginfo-7.0.7-25.1 php7-fastcgi-7.0.7-25.1 php7-fastcgi-debuginfo-7.0.7-25.1 php7-fileinfo-7.0.7-25.1 php7-fileinfo-debuginfo-7.0.7-25.1 php7-fpm-7.0.7-25.1 php7-fpm-debuginfo-7.0.7-25.1 php7-ftp-7.0.7-25.1 php7-ftp-debuginfo-7.0.7-25.1 php7-gd-7.0.7-25.1 php7-gd-debuginfo-7.0.7-25.1 php7-gettext-7.0.7-25.1 php7-gettext-debuginfo-7.0.7-25.1 php7-gmp-7.0.7-25.1 php7-gmp-debuginfo-7.0.7-25.1 php7-iconv-7.0.7-25.1 php7-iconv-debuginfo-7.0.7-25.1 php7-imap-7.0.7-25.1 php7-imap-debuginfo-7.0.7-25.1 php7-intl-7.0.7-25.1 php7-intl-debuginfo-7.0.7-25.1 php7-json-7.0.7-25.1 php7-json-debuginfo-7.0.7-25.1 php7-ldap-7.0.7-25.1 php7-ldap-debuginfo-7.0.7-25.1 php7-mbstring-7.0.7-25.1 php7-mbstring-debuginfo-7.0.7-25.1 php7-mcrypt-7.0.7-25.1 php7-mcrypt-debuginfo-7.0.7-25.1 php7-mysql-7.0.7-25.1 php7-mysql-debuginfo-7.0.7-25.1 php7-odbc-7.0.7-25.1 php7-odbc-debuginfo-7.0.7-25.1 php7-opcache-7.0.7-25.1 php7-opcache-debuginfo-7.0.7-25.1 php7-openssl-7.0.7-25.1 php7-openssl-debuginfo-7.0.7-25.1 php7-pcntl-7.0.7-25.1 php7-pcntl-debuginfo-7.0.7-25.1 php7-pdo-7.0.7-25.1 php7-pdo-debuginfo-7.0.7-25.1 php7-pgsql-7.0.7-25.1 php7-pgsql-debuginfo-7.0.7-25.1 php7-phar-7.0.7-25.1 php7-phar-debuginfo-7.0.7-25.1 php7-posix-7.0.7-25.1 php7-posix-debuginfo-7.0.7-25.1 php7-pspell-7.0.7-25.1 php7-pspell-debuginfo-7.0.7-25.1 php7-shmop-7.0.7-25.1 php7-shmop-debuginfo-7.0.7-25.1 php7-snmp-7.0.7-25.1 php7-snmp-debuginfo-7.0.7-25.1 php7-soap-7.0.7-25.1 php7-soap-debuginfo-7.0.7-25.1 php7-sockets-7.0.7-25.1 php7-sockets-debuginfo-7.0.7-25.1 php7-sqlite-7.0.7-25.1 php7-sqlite-debuginfo-7.0.7-25.1 php7-sysvmsg-7.0.7-25.1 php7-sysvmsg-debuginfo-7.0.7-25.1 php7-sysvsem-7.0.7-25.1 php7-sysvsem-debuginfo-7.0.7-25.1 php7-sysvshm-7.0.7-25.1 php7-sysvshm-debuginfo-7.0.7-25.1 php7-tokenizer-7.0.7-25.1 php7-tokenizer-debuginfo-7.0.7-25.1 php7-wddx-7.0.7-25.1 php7-wddx-debuginfo-7.0.7-25.1 php7-xmlreader-7.0.7-25.1 php7-xmlreader-debuginfo-7.0.7-25.1 php7-xmlrpc-7.0.7-25.1 php7-xmlrpc-debuginfo-7.0.7-25.1 php7-xmlwriter-7.0.7-25.1 php7-xmlwriter-debuginfo-7.0.7-25.1 php7-xsl-7.0.7-25.1 php7-xsl-debuginfo-7.0.7-25.1 php7-zip-7.0.7-25.1 php7-zip-debuginfo-7.0.7-25.1 php7-zlib-7.0.7-25.1 php7-zlib-debuginfo-7.0.7-25.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-25.1 php7-pear-Archive_Tar-7.0.7-25.1 References: https://www.suse.com/security/cve/CVE-2016-5385.html https://www.suse.com/security/cve/CVE-2016-9137.html https://bugzilla.suse.com/1008029 https://bugzilla.suse.com/988486 From sle-updates at lists.suse.com Tue Nov 29 09:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 17:09:10 +0100 (CET) Subject: SUSE-SU-2016:2942-1: important: Security update for vim Message-ID: <20161129160910.39A5CFFC1@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2942-1 Rating: important References: #1010685 #988903 Cross-References: CVE-2016-1248 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability (bsc#1010685) This update for vim fixes the following issues: - Fix build with Python 3.5. (bsc#988903) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1721=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1721=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1721=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1721=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1721=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gvim-7.4.326-7.1 gvim-debuginfo-7.4.326-7.1 vim-7.4.326-7.1 vim-debuginfo-7.4.326-7.1 vim-debugsource-7.4.326-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): vim-data-7.4.326-7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gvim-7.4.326-7.1 gvim-debuginfo-7.4.326-7.1 vim-7.4.326-7.1 vim-debuginfo-7.4.326-7.1 vim-debugsource-7.4.326-7.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): vim-data-7.4.326-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gvim-7.4.326-7.1 gvim-debuginfo-7.4.326-7.1 vim-7.4.326-7.1 vim-debuginfo-7.4.326-7.1 vim-debugsource-7.4.326-7.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): vim-data-7.4.326-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): vim-data-7.4.326-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gvim-7.4.326-7.1 gvim-debuginfo-7.4.326-7.1 vim-7.4.326-7.1 vim-debuginfo-7.4.326-7.1 vim-debugsource-7.4.326-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): vim-data-7.4.326-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gvim-7.4.326-7.1 gvim-debuginfo-7.4.326-7.1 vim-7.4.326-7.1 vim-debuginfo-7.4.326-7.1 vim-debugsource-7.4.326-7.1 References: https://www.suse.com/security/cve/CVE-2016-1248.html https://bugzilla.suse.com/1010685 https://bugzilla.suse.com/988903 From sle-updates at lists.suse.com Tue Nov 29 09:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 17:09:48 +0100 (CET) Subject: SUSE-RU-2016:2943-1: Recommended update for yast2-network Message-ID: <20161129160948.17B94FFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2943-1 Rating: low References: #954412 #985905 #991968 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Fix sorting of bonding slaves. (bsc#991968) - Do not limit number of bonding slaves to 10. (bsc#985905) - Add more missing entries to the RNC file. (bsc#954412) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1723=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1723=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1723=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-network-devel-doc-3.1.140.8-24.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-network-3.1.140.8-24.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-network-3.1.140.8-24.1 References: https://bugzilla.suse.com/954412 https://bugzilla.suse.com/985905 https://bugzilla.suse.com/991968 From sle-updates at lists.suse.com Tue Nov 29 11:06:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2016 19:06:51 +0100 (CET) Subject: SUSE-OU-2016:2945-1: Initial release of apache2-mod_wsgi Message-ID: <20161129180651.BDAD6FFBF@maintenance.suse.de> SUSE Optional Update: Initial release of apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2945-1 Rating: low References: #1010949 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The mod_wsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1725=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1725=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.4.13-2.1 apache2-mod_wsgi-debuginfo-4.4.13-2.1 apache2-mod_wsgi-debugsource-4.4.13-2.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.4.13-2.1 apache2-mod_wsgi-debuginfo-4.4.13-2.1 apache2-mod_wsgi-debugsource-4.4.13-2.1 References: https://bugzilla.suse.com/1010949 From sle-updates at lists.suse.com Wed Nov 30 06:07:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2016 14:07:21 +0100 (CET) Subject: SUSE-SU-2016:2952-1: moderate: Security update for ImageMagick Message-ID: <20161130130721.CE876FFBF@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2952-1 Rating: moderate References: #1001066 #1007245 Cross-References: CVE-2016-6823 CVE-2016-8862 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245] - update incomplete patch of CVE-2016-6823 [bsc#1001066] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1726=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1726=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1726=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1726=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1726=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1726=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1726=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1726=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1726=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-47.1 ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagick++-6_Q16-3-6.8.8.1-47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-47.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-47.1 ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagick++-6_Q16-3-6.8.8.1-47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-47.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-47.1 ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 ImageMagick-devel-6.8.8.1-47.1 libMagick++-6_Q16-3-6.8.8.1-47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-47.1 libMagick++-devel-6.8.8.1-47.1 perl-PerlMagick-6.8.8.1-47.1 perl-PerlMagick-debuginfo-6.8.8.1-47.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-47.1 ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 ImageMagick-devel-6.8.8.1-47.1 libMagick++-6_Q16-3-6.8.8.1-47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-47.1 libMagick++-devel-6.8.8.1-47.1 perl-PerlMagick-6.8.8.1-47.1 perl-PerlMagick-debuginfo-6.8.8.1-47.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagickCore-6_Q16-1-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-47.1 libMagickWand-6_Q16-1-6.8.8.1-47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-47.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagickCore-6_Q16-1-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-47.1 libMagickWand-6_Q16-1-6.8.8.1-47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-47.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagickCore-6_Q16-1-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-47.1 libMagickWand-6_Q16-1-6.8.8.1-47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-47.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-47.1 ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagick++-6_Q16-3-6.8.8.1-47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 libMagickCore-6_Q16-1-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-47.1 libMagickWand-6_Q16-1-6.8.8.1-47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-47.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-47.1 ImageMagick-debuginfo-6.8.8.1-47.1 ImageMagick-debugsource-6.8.8.1-47.1 libMagick++-6_Q16-3-6.8.8.1-47.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-47.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 libMagickCore-6_Q16-1-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-47.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-47.1 libMagickWand-6_Q16-1-6.8.8.1-47.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-47.1 References: https://www.suse.com/security/cve/CVE-2016-6823.html https://www.suse.com/security/cve/CVE-2016-8862.html https://bugzilla.suse.com/1001066 https://bugzilla.suse.com/1007245 From sle-updates at lists.suse.com Wed Nov 30 06:08:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2016 14:08:02 +0100 (CET) Subject: SUSE-SU-2016:2953-1: moderate: Security update for java-1_7_0-openjdk Message-ID: <20161130130802.E3248FFC1@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2953-1 Rating: moderate References: #1005522 #1005523 #1005524 #1005525 #1005526 #1005527 #1005528 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.8 - OpenJDK 7u121 * Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S7090158: Networking Libraries don't build with javac -Werror + S7125055: ContentHandler.getContent API changed in error + S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows + S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test + S8000626: Implement dead key detection for KeyEvent on Linux + S8003890: corelibs test scripts should pass TESTVMOPTS + S8005629: javac warnings compiling java.awt.EventDispatchThread and sun.awt.X11.XIconWindow + S8010297: Missing isLoggable() checks in logging code + S8010782: clean up source files containing carriage return characters + S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux + S8015265: revise the fix for 8007037 + S8016747: Replace deprecated PlatformLogger isLoggable(int) with isLoggable(Level) + S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo + S8024756: method grouping tabs are not selectable + S8026741: jdk8 l10n resource file translation update 5 + S8048147: Privilege tests with JAAS Subject.doAs + S8048357: PKCS basic tests + S8049171: Additional tests for jarsigner's warnings + S8059177: jdk8u40 l10n resource file translation update 1 + S8075584: test for 8067364 depends on hardwired text advance + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387 + S8080628: No mnemonics on Open and Save buttons in JFileChooser + S8083601: jdk8u60 l10n resource file translation update 2 + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8143134: L10n resource file translation update + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8159684: (tz) Support tzdata2016f + S8160934: isnan() is not available on older MSVC compilers + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices fails SOMETIMES for Cups + S6907252, PR3162: ZipFileInputStream Not Thread-Safe + S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on 7u45 Embedded linux-ppc* + S8028479, PR3162: runNameEquals still cannot precisely detect if a usable native krb5 is available + S8034057, PR3162: Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win) + S8038491, PR3162: Improve synchronization in ZipFile.read() + S8038502, PR3162: Deflater.needsInput() should use synchronization + S8059411, PR3162: RowSetWarning does not correctly chain warnings + S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable + S8066188, PR3162: BaseRowSet returns the wrong default value for escape processing + S8072466, PR3162: Deadlock when initializing MulticastSocket and DatagramSocket + S8075118, PR3162: JVM stuck in infinite loop during verification + S8076579, PR3162: Popping a stack frame after exception breakpoint sets last method param to exception + S8078495, PR3162: End time checking for native TGT is wrong + S8078668, PR3162: jar usage string mentions unsupported option '-n' + S8080115, PR3162: (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads + S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone parsing problem + S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing the LDAP context + S8130136, PR3162: Swing window sometimes fails to repaint partially when it becomes exposed + S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal + S8132551, PR3162: Initialize local variables before returning them in p11_convert.c + S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after changes for JDK-8080115 + S8133666, PR3162: OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux + S8135002, PR3162: Fix or remove broken links in objectMonitor.cpp comments + S8137121, PR3162: (fc) Infinite loop FileChannel.truncate + S8137230, PR3162: TEST_BUG: java/nio/channels/FileChannel/LoopingTruncate.java timed out + S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout + S8140249, PR3162: JVM Crashing During startUp If Flight Recording is enabled + S8141491, PR3160, G592292: Unaligned memory access in Bits.c + S8144483, PR3162: One long Safepoint pause directly after each GC log rotation + S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory * Bug fixes + S8078628, PR3151: Zero build fails with pre-compiled headers disabled + PR3128: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3131: PaX marking fails on filesystems which don't support extended attributes + PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a typo in add-tzdata dependency + PR3141: Pass $(CC) and $(CXX) to OpenJDK build + PR3166: invalid zip timestamp handling leads to error building bootstrap-javac + PR3202: Update infinality configure test + PR3212: Disable ARM32 JIT by default * CACAO + PR3136: CACAO is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * JamVM + PR3134: JamVM is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * AArch64 port + S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter + S8168888: Port 8160591: Improve internal array handling to AArch64. + PR3211: AArch64 build fails with pre-compiled headers disabled - Changed patch: * java-1_7_0-openjdk-gcc6.patch + Rediff to changed context - Disable arm32 JIT, since its build broken (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1727=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1727=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1727=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1727=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1727=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_7_0-openjdk-1.7.0.121-36.2 java-1_7_0-openjdk-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-debugsource-1.7.0.121-36.2 java-1_7_0-openjdk-demo-1.7.0.121-36.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-devel-1.7.0.121-36.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-headless-1.7.0.121-36.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.121-36.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_7_0-openjdk-1.7.0.121-36.2 java-1_7_0-openjdk-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-debugsource-1.7.0.121-36.2 java-1_7_0-openjdk-demo-1.7.0.121-36.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-devel-1.7.0.121-36.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-headless-1.7.0.121-36.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.121-36.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.121-36.2 java-1_7_0-openjdk-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-debugsource-1.7.0.121-36.2 java-1_7_0-openjdk-demo-1.7.0.121-36.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-devel-1.7.0.121-36.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-headless-1.7.0.121-36.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.121-36.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_7_0-openjdk-1.7.0.121-36.2 java-1_7_0-openjdk-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-debugsource-1.7.0.121-36.2 java-1_7_0-openjdk-headless-1.7.0.121-36.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.121-36.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.121-36.2 java-1_7_0-openjdk-debuginfo-1.7.0.121-36.2 java-1_7_0-openjdk-debugsource-1.7.0.121-36.2 java-1_7_0-openjdk-headless-1.7.0.121-36.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.121-36.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5582.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1005522 https://bugzilla.suse.com/1005523 https://bugzilla.suse.com/1005524 https://bugzilla.suse.com/1005525 https://bugzilla.suse.com/1005526 https://bugzilla.suse.com/1005527 https://bugzilla.suse.com/1005528 From sle-updates at lists.suse.com Wed Nov 30 09:06:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2016 17:06:54 +0100 (CET) Subject: SUSE-SU-2016:2954-1: moderate: Security update for util-linux Message-ID: <20161130160654.4F5A7FFBF@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2954-1 Rating: moderate References: #947494 #966891 #982331 #987176 #988361 #990531 #994399 Cross-References: CVE-2016-5011 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths (bsc#982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-is_mounted.patch). - Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning (bsc#990531) - Replace cifs mount detection patch with upstream one that covers all cases (bsc#987176). - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file (bsc#947494) - Safe loop re-use in libmount, mount and losetup (bsc#947494) - UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12 SP1 and SP2 specific meaning --logical-blocksize instead of upstream --nooverlap (bsc#966891). - Make release-dependent conflict with old sysvinit-tools SLE specific, as it is required only for SLE 11 upgrade, and breaks openSUSE staging builds (bsc#994399). - Extended partition loop in MBR partition table leads to DoS (bsc#988361, CVE-2016-5011) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1729=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1729=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1729=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1729=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1729=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libuuid-devel-2.28-42.1 util-linux-debuginfo-2.28-42.1 util-linux-debugsource-2.28-42.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.28-42.1 libmount-devel-2.28-42.1 libsmartcols-devel-2.28-42.1 libuuid-devel-2.28-42.1 util-linux-debuginfo-2.28-42.1 util-linux-debugsource-2.28-42.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libblkid1-2.28-42.1 libblkid1-debuginfo-2.28-42.1 libfdisk1-2.28-42.1 libfdisk1-debuginfo-2.28-42.1 libmount1-2.28-42.1 libmount1-debuginfo-2.28-42.1 libsmartcols1-2.28-42.1 libsmartcols1-debuginfo-2.28-42.1 libuuid1-2.28-42.1 libuuid1-debuginfo-2.28-42.1 python-libmount-2.28-42.4 python-libmount-debuginfo-2.28-42.4 python-libmount-debugsource-2.28-42.4 util-linux-2.28-42.1 util-linux-debuginfo-2.28-42.1 util-linux-debugsource-2.28-42.1 util-linux-systemd-2.28-42.3 util-linux-systemd-debuginfo-2.28-42.3 util-linux-systemd-debugsource-2.28-42.3 uuidd-2.28-42.3 uuidd-debuginfo-2.28-42.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): util-linux-lang-2.28-42.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libblkid1-2.28-42.1 libblkid1-debuginfo-2.28-42.1 libfdisk1-2.28-42.1 libfdisk1-debuginfo-2.28-42.1 libmount1-2.28-42.1 libmount1-debuginfo-2.28-42.1 libsmartcols1-2.28-42.1 libsmartcols1-debuginfo-2.28-42.1 libuuid1-2.28-42.1 libuuid1-debuginfo-2.28-42.1 python-libmount-2.28-42.4 python-libmount-debuginfo-2.28-42.4 python-libmount-debugsource-2.28-42.4 util-linux-2.28-42.1 util-linux-debuginfo-2.28-42.1 util-linux-debugsource-2.28-42.1 util-linux-systemd-2.28-42.3 util-linux-systemd-debuginfo-2.28-42.3 util-linux-systemd-debugsource-2.28-42.3 uuidd-2.28-42.3 uuidd-debuginfo-2.28-42.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): util-linux-lang-2.28-42.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libblkid1-32bit-2.28-42.1 libblkid1-debuginfo-32bit-2.28-42.1 libmount1-32bit-2.28-42.1 libmount1-debuginfo-32bit-2.28-42.1 libuuid1-32bit-2.28-42.1 libuuid1-debuginfo-32bit-2.28-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): util-linux-lang-2.28-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libblkid1-2.28-42.1 libblkid1-32bit-2.28-42.1 libblkid1-debuginfo-2.28-42.1 libblkid1-debuginfo-32bit-2.28-42.1 libfdisk1-2.28-42.1 libfdisk1-debuginfo-2.28-42.1 libmount1-2.28-42.1 libmount1-32bit-2.28-42.1 libmount1-debuginfo-2.28-42.1 libmount1-debuginfo-32bit-2.28-42.1 libsmartcols1-2.28-42.1 libsmartcols1-debuginfo-2.28-42.1 libuuid-devel-2.28-42.1 libuuid1-2.28-42.1 libuuid1-32bit-2.28-42.1 libuuid1-debuginfo-2.28-42.1 libuuid1-debuginfo-32bit-2.28-42.1 python-libmount-2.28-42.4 python-libmount-debuginfo-2.28-42.4 python-libmount-debugsource-2.28-42.4 util-linux-2.28-42.1 util-linux-debuginfo-2.28-42.1 util-linux-debugsource-2.28-42.1 util-linux-systemd-2.28-42.3 util-linux-systemd-debuginfo-2.28-42.3 util-linux-systemd-debugsource-2.28-42.3 uuidd-2.28-42.3 uuidd-debuginfo-2.28-42.3 References: https://www.suse.com/security/cve/CVE-2016-5011.html https://bugzilla.suse.com/947494 https://bugzilla.suse.com/966891 https://bugzilla.suse.com/982331 https://bugzilla.suse.com/987176 https://bugzilla.suse.com/988361 https://bugzilla.suse.com/990531 https://bugzilla.suse.com/994399 From sle-updates at lists.suse.com Wed Nov 30 10:08:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2016 18:08:02 +0100 (CET) Subject: SUSE-RU-2016:2955-1: Recommended update for timezone Message-ID: <20161130170802.6DFF1FFBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2955-1 Rating: low References: #1011797 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016j) for your system, including the following changes: - Saratov, Russia switches from +03 to +04 on 2016-12-04 at 02:00. This change introduces a new zone Europe/Saratov split from Europe/Volgograd. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2016-November/000044.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-timezone-12864=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-timezone-12864=1 - SUSE Manager 2.1: zypper in -t patch sleman21-timezone-12864=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-12864=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-12864=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-12864=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-timezone-12864=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-12864=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-12864=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-12864=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-timezone-12864=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): timezone-java-2016j-0.45.1 - SUSE OpenStack Cloud 5 (x86_64): timezone-2016j-0.45.1 - SUSE Manager Proxy 2.1 (x86_64): timezone-2016j-0.45.1 - SUSE Manager Proxy 2.1 (noarch): timezone-java-2016j-0.45.1 - SUSE Manager 2.1 (s390x x86_64): timezone-2016j-0.45.1 - SUSE Manager 2.1 (noarch): timezone-java-2016j-0.45.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2016j-0.45.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2016j-0.45.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2016j-0.45.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2016j-0.45.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2016j-0.45.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): timezone-2016j-0.45.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): timezone-java-2016j-0.45.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2016j-0.45.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2016j-0.45.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2016j-0.45.1 timezone-debugsource-2016j-0.45.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2016j-0.45.1 timezone-debugsource-2016j-0.45.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): timezone-debuginfo-2016j-0.45.1 timezone-debugsource-2016j-0.45.1 References: https://bugzilla.suse.com/1011797 From sle-updates at lists.suse.com Wed Nov 30 11:07:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2016 19:07:22 +0100 (CET) Subject: SUSE-OU-2016:2956-1: Optional update apache-commons-pool2, apache-commons-dbcp Message-ID: <20161130180722.D0033FFBF@maintenance.suse.de> SUSE Optional Update: Optional update apache-commons-pool2, apache-commons-dbcp ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2956-1 Rating: low References: #1010893 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow a future tomcat update to switch tomcat to use the DBCP 2.0 interface (FATE#321029 bsc#1010893). Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1731=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1731=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1731=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apache-commons-dbcp-2.1.1-2.1 apache-commons-dbcp-javadoc-2.1.1-2.1 apache-commons-pool2-2.4.2-1.2 apache-commons-pool2-javadoc-2.4.2-1.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): apache-commons-dbcp-2.1.1-2.1 apache-commons-dbcp-javadoc-2.1.1-2.1 apache-commons-pool2-2.4.2-1.2 apache-commons-pool2-javadoc-2.4.2-1.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): apache-commons-dbcp-2.1.1-2.1 apache-commons-dbcp-javadoc-2.1.1-2.1 apache-commons-pool2-2.4.2-1.2 apache-commons-pool2-javadoc-2.4.2-1.2 References: https://bugzilla.suse.com/1010893 From sle-updates at lists.suse.com Wed Nov 30 13:06:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2016 21:06:56 +0100 (CET) Subject: SUSE-OU-2016:2957-1: Initial release of apache2-mod_wsgi Message-ID: <20161130200656.A32FDFFBF@maintenance.suse.de> SUSE Optional Update: Initial release of apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2957-1 Rating: low References: #1007757 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The mod_wsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-mod_wsgi-12865=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-mod_wsgi-12865=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_wsgi-4.4.13-14.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_wsgi-debuginfo-4.4.13-14.2 apache2-mod_wsgi-debugsource-4.4.13-14.2 References: https://bugzilla.suse.com/1007757